Using the protocol includes substantial risks of losing some or all of your funds. The PoolTogether core team and community have made every effort to ensure the security of funds.
This section will help you understand the the types of risk you are taking what has been done to mitigate them and how to mitigate them further.
The PoolTogether Protocol uses several other protocols. Therefore the first type of risk is the risk that these other integrated protocols can fail.
Specifically by using PoolTogether you are also taking on the risks of using the Ethereum network, the collateral you are depositing, and the yield service (currently Compound.Finance).
To mitigate this risk the protocol is only integrated with highly reputable and well secured protocols.
The second type of risk is specific to PoolTogether. The risk is that there could be some sort of bug or exploit in the smart contracts that run the PoolTogether Protocol. This is a risk with any product on Ethereum. Depending on what the bug or exploit is, a nefarious person may be able to take some or all of the funds stored in the PoolTogether Protocol. Here’s what we’ve done to mitigate this risk.
Professional, third party smart contract auditing. PoolTogether has hired companies to professionally review and audit the smart contract code for any bugs or exploits. These auditors have produced reports with their findings. As PoolTogether continues to grow we’re committed to continuing to pay for audits however, it should be understood that at any given time, 100% of the code base has not been professionally audited.
Bug Bounty program. PoolTogether offers payment of up to $25,000 for reports of any bugs in the smart contracts. If someone was to discover a bug, this is a way for them to responsibly disclose it to us and be paid rather than exploit it.
All the smart contract code is open source, meaning it is publicly readable by anyone. At first this may sound strange but it actually makes the protocol more secure as anyone can review it for bugs and submit a bug bounty.
Before we even give our code to auditors we also do extensive internal testing.
This risk doesn’t have anything to do with PoolTogether but we wanted to mention it. Using PoolTogether requires you to use an Ethereum wallet that supports Ethereum apps. If you permanently lose access to this wallet, you will not be able to recover your funds. Different wallets have different recovery mechanisms. It’s important for you to know what those are and be able to recover your wallet. Argent Wallet is one example of a wallet with good recovery methods.