Your use of the PoolTogether protocol involves various risks, including, but not limited to, losses while digital assets are being supplied to the PoolTogether protocol. Before using the PoolTogether protocol, you should review the relevant documentation to make sure you understand how the PoolTogether protocol works
The PoolTogether protocol is a decentralized and open source piece of software operating on the blockchain. No individual, or institution has control over it. The protocol is controlled by the POOL token holders. There are many different websites and applications that provide access to the protocol, however, these websites simply provide an interface and do not control the protocol in any way.
AS DESCRIBED IN THE POOLTOGETHER PROTOCOL LICENSES, THE POOLTOGETHER PROTOCOL IS PROVIDED ”AS IS”, AT YOUR OWN RISK, AND WITHOUT WARRANTIES OF ANY KIND. No developer or entity involved in creating the PoolTogether protocol will be liable for any claims or damages whatsoever associated with your use, inability to use, or your interaction with other users of, the PoolTogether protocol, including any direct, indirect, incidental, special, exemplary, punitive or consequential damages, or loss of profits, cryptocurrencies, tokens, or anything else of value.
This section will help you understand the the types of risk you are taking what has been done to mitigate them and how to mitigate them further.
The PoolTogether Protocol uses several other protocols. Therefore the first type of risk is the risk that these other integrated protocols can fail.
Specifically by using PoolTogether you are also taking on the risks of using the Ethereum network, the collateral you are depositing, and the yield service (currently Compound.Finance).
To mitigate this risk the protocol is only integrated with highly reputable and well secured protocols.
The second type of risk is specific to PoolTogether. The risk is that there could be some sort of bug or exploit in the smart contracts that run the PoolTogether Protocol. This is a risk with any product on Ethereum. Depending on what the bug or exploit is, a nefarious person may be able to take some or all of the funds stored in the PoolTogether Protocol. Here’s what we’ve done to mitigate this risk.
- Professional, third party smart contract auditing. PoolTogether has hired companies to professionally review and audit the smart contract code for any bugs or exploits. These auditors have produced reports with their findings. As PoolTogether continues to grow we’re committed to continuing to pay for audits however, it should be understood that at any given time, 100% of the code base has not been professionally audited.
- Bug Bounty program. PoolTogether offers payment of up to $25,000 for reports of any bugs in the smart contracts. If someone was to discover a bug, this is a way for them to responsibly disclose it to us and be paid rather than exploit it.
- All the smart contract code is open source, meaning it is publicly readable by anyone. At first this may sound strange but it actually makes the protocol more secure as anyone can review it for bugs and submit a bug bounty.
- Before we even give our code to auditors we also do extensive internal testing.
This risk doesn’t have anything to do with PoolTogether but we wanted to mention it. Using PoolTogether requires you to use an Ethereum wallet that supports Ethereum apps. If you permanently lose access to this wallet, you will not be able to recover your funds. Different wallets have different recovery mechanisms. It’s important for you to know what those are and be able to recover your wallet. Argent Wallet is one example of a wallet with good recovery methods.