Our smart contracts have been reviewed by Quantstamp & OpenZeppelin. They have observed there was some risk due to the centralization of power in the Pool administrators, but they deemed it low as users can control their funds at anytime.
PoolTogether's goal is to move to a completely decentralized governance model in the future.
OpenZeppelin Pods Audit
OpenZeppelin PoolTogether Audit
Quantstamp Certificate #2
Quantstamp Certificate #1
We offer public security bug bounties to incentivize vulnerability disclosures by anyone. Bounties are described on GitHub.
Bug bounties on Github
PoolTogether strives to be as transparent as possible by publishing the smart contract code publicly and verifying the smart contracts on Etherscan.
Source code on Github
Verified code on Etherscan