The PoolTogether Protocol has undergone three formal professional third party audits. Two have been conducted by Open Zeppelin. And one was conducted by Ditcraft.

Additionally the PoolTogether core team has a long term security relationship with ConsenSys Diligence including monthly code reviews.

Notwithstanding, portions of the PoolTogether Protocol codebase will continue to evolve and it should never be expected that 100% of the deployed code has been formally audited.

We encourage responsible disclosure of any vulnerabilities in the smart contracts and will pay up to $25,000 for those. See the Bounties for more details.