A Simple Explanation of Risks Using PoolTogether

We’ve recently published technical documentation and audit reports related to the security of the PoolTogether Protocol. To provide more clarity we have written a simple explanation of the risks of using PoolTogether targeted towards average people.

Note that the PoolTogether Protocol is built on the Ethereum network using Compound.Finance and the stable coins DAI and USDC. Each of these tools have their own risks, this article does not focus on those risks but simply the risks of PoolTogether. In other words, this article answers the question, “What additional risks am I taking on by using PoolTogether that I would not have using Dai or USDC in Compound.Finance?”

Smart Contract Exploit Risk

The first type of risk is that there could be some sort of bug or exploit in the smart contracts that run the PoolTogether Protocol. This is a risk with any product on Ethereum. Depending on what the bug or exploit is, a nefarious person may be able to take some or all of the funds stored in the PoolTogether Protocol. Here’s what we’ve done to mitigate this risk.

1. Professional, third party smart contract auditing. PoolTogether has hired two different companies to professionally review and audit the smart contract code for any bugs or exploits (Open Zeppelin & Quantstamp). Neither of these auditors have found bugs that would put users funds at risk. As PoolTogether continues to grow we’re committed to continuing to pay for audits and have audits completed before releasing any major updates.
2. Bug Bounty program. PoolTogether offers payment of up to $25,000 for reports of any bugs in the smart contracts. If someone was to discover a bug, this is a way for them to responsibly disclose it to us and be paid rather than exploit it.
3. All the smart contract code is open source, meaning it is publicly readable by anyone. At first this may sound strange but it actually makes the protocol more secure as anyone can review it for bugs and submit a bug bounty.
4. Before we even give our code to auditors we also do extensive internal testing. Our test suite covers 99.77% of the smart contract code.

Smart Contract Upgrade Risk

The second type of risk relates to the fact that the PoolTogether Protocol contracts currently have the ability to be upgraded. What this means is that parts or all of the code in the smart contracts (mentioned above) can be changed. This is a risk most but not all products built on Ethereum have.

The advantage of being able to upgrade smart contracts is that the contracts can be improved and / or fixed if a bug is found. The disadvantage is that it opens a risk of the smart contract code being changed maliciously. We’ve taken the following steps to mitigate this risk.

1. Utilized “multi-signature” wallet. This means any upgrade requires the approval of multiple separate wallets.
2. Utilized “cold storage” for wallet security. This means using the wallet requires having physical access to a device holding the wallet private keys. These devices are stored in separate geographic areas
3. Utilizing “Gnosis Safe” for the multi-signature wallet. This is the best tested and most well respected multi-signature wallet.

Wallet Loss Risk

This risk doesn’t have anything to do with PoolTogether but we wanted to mention it. Using PoolTogether requires you to use an Ethereum wallet that supports Ethereum apps. If you permanently lose access to this wallet, you will not be able to recover your funds. Different wallets have different recovery mechanisms. It’s important for you to know what those are and be able to recover your wallet. Argent Wallet is one example of a wallet with good recovery methods.

Improving Security

Security is always our top priority and as the PoolTogether protocol continues to grow it will continue to be improved. Specifically, we are working towards full decentralization of the PoolTogether protocol which will allow us to eliminate the upgradeability risk. We also are evaluating smart contract insurance options and tooling to implement a time-lock on contract upgrades.

We are committed to paying for the best security audits in the world and increasing our bug bounties as the protocol grows (bug bounties have already been increased three times).

https://www.pooltogether.com/
Twitter: @PoolTogether_
Github: pooltogether
Discord: https://discord.gg/hxPhPDW