# Audits & Testing

The PoolTogether Protocol has undergone three formal professional third party audits. Two have been [conducted by Open Zeppelin](https://blog.openzeppelin.com/pooltogether-v3-audit/). And one was [conducted by Ditcraft](https://www.ditcraft.io/blog/pooltogether-v3-smart-contract-audit).

Additionally the PoolTogether core team has a long term security relationship with [ConsenSys Diligence](https://diligence.consensys.net/audits/) including monthly code reviews. 

Notwithstanding, portions of the PoolTogether Protocol codebase will continue to evolve and **it should never be expected that 100% of the deployed code has been formally audited.**

We encourage responsible disclosure of any vulnerabilities in the smart contracts and will pay up to $25,000 for those.  See the [Bounties](https://v3.docs.pooltogether.com/v3.0.1/security/bounties) for more details.