Difference between revisions of "PoolTogether (POOL)"

From CryptoWiki

wiki_crypto>Zeb.dyor
 
 
(3 intermediate revisions by 2 users not shown)
Line 2: Line 2:
* Based in:
* Based in:
*Started in 9-2019
*Started in 9-2019
*Mainnet release:
*[[Mainnet]] release:
* A no loss lottery powered by [[Dai (DAI)|DAI]] and [[Compound]] among other strategies.
* A no loss lottery powered by [[Dai (DAI)|DAI]] and [[Compound]] among other strategies.
* [https://www.pooltogether.com/ PoolTogether] is flipping the concept of a lottery, to one where you lose money 99.9% of the time to one where you never lose money, and instead acts as a savings incentive. It works by pooling all of the lottery ticket sales into one big pool and investing all of that pool into interest-earning assets, and after a set period, everyone gets their money back - but one person also gets all of the interest.
* [https://www.pooltogether.com/ PoolTogether] is flipping the concept of a lottery, to one where you lose money 99.9% of the time to one where you never lose money, and instead acts as a savings incentive. It works by pooling all of the lottery ticket sales into one big pool and investing all of that pool into interest-earning assets, and after a set period, everyone gets their money back - but one person also gets all of the interest.
Line 10: Line 10:
''Let’s take a look at some other notions that make PoolTogether “valuable”:''
''Let’s take a look at some other notions that make PoolTogether “valuable”:''
# ''We’ve seen numerous parties “sponsor” PoolTogether, meaning their funds collect interest, without being eligible to win the drawing.''
# ''We’ve seen numerous parties “sponsor” PoolTogether, meaning their funds collect interest, without being eligible to win the drawing.''
# ''PoolTogether leverages a Uniswap front-end integration, a notion we’ve been very passionate about recommending for Ethereum products across the board.''
# ''PoolTogether leverages a [[Uniswap]] front-end integration, a notion we’ve been very passionate about recommending for Ethereum products across the board.''
# ''The PoolTogether team recently announced their intentions for new features, all of which should gradually increase adoption of the product at large. (described in our conclusion)''
# ''The PoolTogether team recently announced their intentions for new features, all of which should gradually increase adoption of the product at large. (described in our conclusion)''
''In summary, PoolTogether allows users to *possibly* earn larger rewards than they would be able to on their own in an intuitive, exciting fashion. To give a clear example, it would take 11.2 years to earn the same amount of interest on 1000 DAI collecting the Dai Savings Rate for the same reward of this week’s prize (~$672)."''
''In summary, PoolTogether allows users to *possibly* [[earn]] larger rewards than they would be able to on their own in an intuitive, exciting fashion. To give a clear example, it would take 11.2 years to earn the same amount of interest on 1000 DAI collecting the Dai Savings Rate for the same reward of this week’s prize (~$672)."''
==History==
==History==
== Audits & Exploits==
== Audits & Exploits==


*[[Bug bounty]] program can be found [https://github.com/pooltogether/pooltogether-contracts/issues/1 here]. Max payout is $25,000 ([https://consensys.github.io/blockchainSecurityDB/ 29-6-2020]).
*[[Bug bounty]] program can be found [https://github.com/pooltogether/pooltogether-contracts/issues/1 here]. Max payout is $25,000 ([https://consensys.github.io/blockchainSecurityDB/ 29-6-2020]). Still the same ([https://www.defisafety.com/pqrs/371 3-2-2022]); ''"In addition, Pooltogether v4's code was subject to a $100,000 Code Arena contest. Although this is no longer active, we will still award points for this, as the code was rigorously parsed through by white hats and security enthusiasts."''
*[[Open Zeppelin]] Audit [https://medium.com/pooltogether/pooltogether-v2-0-audit-disclosures-d968a1875ec Disclosures] (1-2020)
*[[Open Zeppelin]] Audit [https://medium.com/pooltogether/pooltogether-v2-0-audit-disclosures-d968a1875ec Disclosures] (1-2020)
*<nowiki> </nowiki>Open Zeppelin Audit [https://blog.openzeppelin.com/pooltogether-audit/ Summary].
*<nowiki> </nowiki>Open Zeppelin Audit [https://blog.openzeppelin.com/pooltogether-audit/ Summary].
*Scored a [https://docs.defisafety.com/finished-reviews/pool-together-0.7-process-quality-review 91%] on [[DeFi Safety]] (14-9-2021):
*Scored [https://t.me/c/1453353094/15644 91%] again (8-11-2023):
''"PoolTogether V5 has made a splash with an impressive 91% overall score!''


''"PoolTogether has undergone three external audits. Open Zeppelin has audited the protocol twice, and ditCraft has once - though no proof could be found for this third audit.''"
# ''Smart Contracts & Team: The smart contract addresses are a breeze to find, and the team isn't hiding in the shadows—they're out and proud.'' 
 
# ''Oracles: They've got some documentation, but it's like a puzzle with a few missing pieces.''
*Previously also [https://defisafety.com/2021/04/17/pool-together/ scored] a 91% (8-3-2021); ''"​PoolToghther has been audited by OpenZeppelin twice, with the last time being october 21st. PoolTogether has also been audited by [[DitCraft]]. PoolTogether was released January 7th." ''With the [https://t.me/c/1453353094/2874 comment]: ''"been a while since we had a 90+!  Excellent protocol all round, no loss indeed."''
# ''Documentation: They've got a whitepaper that ticks all the boxes, plus their software architecture isn't a maze—it's a well-documented journey.''
# ''Testing: They've put their code through the wringer, with tests that cover the gamut, ensuring everything's shipshape.''
# ''Security: Audits? Check. But the bug bounty's on the lighter side, so there's room to beef up the defenses.''
# ''Admin Controls: They're transparent about their upgrade paths and admin powers, making sure users aren't left in the dark."''
*Score got updated to [https://www.defisafety.com/pqrs/371 95%] (2-3-2022), ''"This protocol's V4 was audited once [https://pooltogether.com/audits/ before release]. In addition, the PoolTogether v4 release implements many [[elements]] of the v3 Prize Pool's core software architecture which has been audited multiple times."'' with the [https://t.me/c/1453353094/7612 comment]:
''"Thanks to their dedicated team, we were able to bring them into our Top 10 scoring protocols of all time! Their rank is representative of their efforts in communicating with us; many protocols could learn from them. PoolTogether is exceedingly well-rounded in all areas of our review. Most importantly, their dedication to security is almost unparalleled with numerous (and continuous) high-quality audits from reputable organizations such as ConSensys Diligence and OpenZeppelin. Additionally, [[non-custodial]] software is always appreciated and is indicative of a trustworthy team. Even so, our only recommendation for the PoolTogether team is to unify and streamline their [[Admin Key|Admin Control]] documentation in a way that makes it more visible for users."''
*Scored a [https://docs.defisafety.com/finished-reviews/pool-together-0.7-process-quality-review 91%] on [[DeFi Safety]] (14-9-2021). Previously also [https://defisafety.com/2021/04/17/pool-together/ scored] a 91% (8-3-2021); ''"​PoolToghther has been audited by OpenZeppelin twice, with the last time being october 21st. PoolTogether has also been audited by [[DitCraft]]. PoolTogether was released January 7th." ''With the [https://t.me/c/1453353094/2874 comment]: ''"been a while since we had a 90+!  Excellent protocol all round, no loss indeed."''


==Governance==
==Governance==
Line 29: Line 36:
=== Admin Keys ===
=== Admin Keys ===


* [https://weekinethereum.substack.com/p/week-in-ethereum-news-april-20-2024 From] [[Week In Ethereum]] (20-4-2024):
''"PoolTogether v5 live on [[Optimism (OP)|Optimism]], ETH prizes automatically sent, no parameter governance & no admin controls"''
*[https://www.defisafety.com/pqrs/371 From] [[DeFi Safety|DeFi Safety (2-3-2022):]]
''"[[Contracts]] are not upgradeable as specified by the v3 documentation. The v4 documentation corroborates this by highlighting the non-[[custodial]] nature of the deployment. In addition, the team plans to further [[decentralize]] the protocol through automation that will further remove the admins' implication from daily operations. This is detailed [https://dev.pooltogether.com/protocol/architecture/launch-architecture/#defender-bug-or-attack here], and we will update the review accordingly once the automation is in full effect. All contracts are not upgradeable. In addition, a [[Multi-Signature|MultiSig]] [[wallet]] operates the protocol's [[OpenZeppelin]] Defender implementation that is used to automatize [[transactions]]. All contracts are not upgradeable. The only aspect of the protocol that the admins can change are the Prize Distribution details. However, this is only done if there are any discrepancies or mismatches in the aforementioned details.''
''This protocol has some [[timelock]] documentation which can be found at this [https://v4.docs.pooltogether.com/protocol/contracts/v4-timelocks/ location]. Additional timelock documentation detailing its duration and affected contracts can be found [https://dev.pooltogether.com/protocol/architecture/launch-architecture/#defender-bug-or-attack here]. The timelock has a length of 24h, as specified [https://dev.pooltogether.com/protocol/architecture/launch-architecture/#defender-bug-or-attack here]."''
*[https://docs.defisafety.com/finished-reviews/pool-together-0.7-process-quality-review From] [[DeFi Safety]] (14-9-2021):
*[https://docs.defisafety.com/finished-reviews/pool-together-0.7-process-quality-review From] [[DeFi Safety]] (14-9-2021):


''"All Contracts are clearly [https://docs.pooltogether.com/governance/controls labelled] as non upgreadeable, AKA immutable. Pause controls are mentioned in the audits performed by OpenZeppelin, but no evidence or detail on capabilities of tests."''
''"All Contracts are clearly [https://docs.pooltogether.com/governance/controls labelled] as non upgreadeable, AKA [[immutable]]. Pause controls are mentioned in the audits performed by OpenZeppelin, but no evidence or detail on capabilities of tests."''


*V3 [https://weekinethereum.substack.com/p/week-in-ethereum-news-october-25?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjoxMzU1NjI4MCwiXyI6ImM5eFJuIiwiaWF0IjoxNjAzNzAxNjMwLCJleHAiOjE2MDM3MDUyMzAsImlzcyI6InB1Yi0xMDcxIiwic3ViIjoicG9zdC1yZWFjdGlvbiJ9.yORMmUm89hsA2crVHRMkHenz3_abPAFC8smngK8doRU removed] admin control (26-10-2020). Bellow information is about the previous situation.
*V3 [https://weekinethereum.substack.com/p/week-in-ethereum-news-october-25?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjoxMzU1NjI4MCwiXyI6ImM5eFJuIiwiaWF0IjoxNjAzNzAxNjMwLCJleHAiOjE2MDM3MDUyMzAsImlzcyI6InB1Yi0xMDcxIiwic3ViIjoicG9zdC1yZWFjdGlvbiJ9.yORMmUm89hsA2crVHRMkHenz3_abPAFC8smngK8doRU removed] admin control (26-10-2020). Bellow information is about the previous situation.
*[https://defiwatch.net/admin-key-config-and-opsec/project-reviews/pooltogether From] [[DeFi Watch]] (9-3-2020):
*[https://defiwatch.net/admin-key-config-and-opsec/project-reviews/pooltogether From] [[DeFi Watch]] (9-3-2020):


''"PoolTogether's protocol is upgradeable via a 2-of-N [[Gnosis]] [[multisig]] [[Admin Key|admin]] [[contract]] with no [[timelock]]. The key is capable of modifying critical parts of the smart contract ecosystem and can be used to drain funds if used maliciously."''
''"PoolTogether's protocol is upgradeable via a 2-of-N [[Gnosis]] [[multisig]] [[Admin Key|admin]] [[contract]] with no [[timelock]]. The key is capable of modifying critical parts of the [[smart contract]] ecosystem and can be used to drain funds if used maliciously."''


* The following information comes from a [https://docs.google.com/spreadsheets/d/1b9KwXfPPEgvpy2nxlpnLhtPMd7S5KfIx-hf4Hv77kBk/edit#gid=0 spreadsheet] (4-2-2020) created by [[Chris Blec]].
* The following information comes from a [https://docs.google.com/spreadsheets/d/1b9KwXfPPEgvpy2nxlpnLhtPMd7S5KfIx-hf4Hv77kBk/edit#gid=0 spreadsheet] (4-2-2020) created by [[Chris Blec]].


''"Current Admin Key Config- Time Lock: No''  
''"Current [[Admin Key]] Config- Time Lock: No''  


''Current Admin Key Config- Multisig: 2-of-N ([[Gnosis]])''
''Current Admin Key Config- Multisig: 2-of-N ([[Gnosis]])''
Line 48: Line 62:
''Verified Admin Key OpSec: Unverifiable''
''Verified Admin Key OpSec: Unverifiable''


''Is security of deposited funds dependent on opsec of admin key?: Yes''
''Is security of deposited funds dependent on [[opsec]] of [[admin key]]?: Yes''


''Admin Key Address: [https://etherscan.io/address/0x98ea2d8438f70ce876c2db26fc494cfed10b4cd7 Link]''
''Admin Key Address: [https://etherscan.io/address/0x98ea2d8438f70ce876c2db26fc494cfed10b4cd7 Link]''
Line 62: Line 76:
*[https://newsletter.banklesshq.com/p/summer-pool-party?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjozODQ5NTA2NSwiXyI6IitrN3VtIiwiaWF0IjoxNjI2MDYwNjUwLCJleHAiOjE2MjYwNjQyNTAsImlzcyI6InB1Yi0xNjAxNSIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.uyD_t75n5wt3oupVBH8dShdrfpiV From] [[Bankless DAO (BANK)|Bankless]] (9-7-2021):
*[https://newsletter.banklesshq.com/p/summer-pool-party?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjozODQ5NTA2NSwiXyI6IitrN3VtIiwiaWF0IjoxNjI2MDYwNjUwLCJleHAiOjE2MjYwNjQyNTAsImlzcyI6InB1Yi0xNjAxNSIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.uyD_t75n5wt3oupVBH8dShdrfpiV From] [[Bankless DAO (BANK)|Bankless]] (9-7-2021):


''"While the interest generated on prize pools is paid out to lucky winners, the prize pool reserves also retain a percentage of the winnings earned through operations, and redeposited into the next prize pool. This increases the principal used to generate prizes, essentially adding capital into the prize pool which is ineligible to win any prizes. As this loop repeats, it creates a one-way flow of tokens into the reserves.''
''"While the interest generated on prize pools is paid out to lucky winners, the prize pool reserves also retain a percentage of the winnings earned through operations, and redeposited into the next prize pool. This increases the principal used to generate prizes, essentially adding capital into the prize pool which is ineligible to win any prizes. As this loop repeats, it creates a one-way [[flow]] of [[tokens]] into the reserves.''


''As of June 24, 2021, PoolTogether’s [https://info.pooltogether.com/ treasury] is sitting close to $65 million. The majority of that consists of POOL tokens that were allocated to the treasury at the time of the token launch and are subject to a multi-year vesting schedule."''
''As of June 24, 2021, PoolTogether’s [https://info.pooltogether.com/ treasury] is sitting close to $65 million. The majority of that consists of POOL tokens that were allocated to the treasury at the time of the [[token]] launch and are subject to a multi-year vesting schedule."''


==Token==
==Token==
===Launch===
===Launch===


* Started out without a token, but [[Airdrop|aidropped]] its governance token in [https://medium.com/pooltogether/introducing-pool-23b09f36db48 February 2021].
* Started out without a token, but [[Airdrop|aidropped]] its [[governance]] token in [https://medium.com/pooltogether/introducing-pool-23b09f36db48 February 2021].


===Token Allocation===
===Token Allocation===
Line 80: Line 94:
== Tech ==
== Tech ==


*[[Whitepaper]] can be found [https://docs.pooltogether.com/ here].
*[[Whitepaper]] can be found [https://docs.pooltogether.com/ here]. For V4, check [https://v4.docs.pooltogether.com/protocol/introduction here].
*Code can be viewed [insert here].
*Code can be viewed [https://github.com/pooltogether here]. [https://www.defisafety.com/pqrs/371 From] [[DeFi Safety|DeFi Safety (2-3-2022):]]
''"At 580 commits, PoolTogether's commitment to development history is clearly not left to chance."''


=== Different Implementations ===
=== Different Implementations ===


*Built on: [[Ethereum (ETH)|Ethereum]] and [[Polygon (MATIC)|Polygon]] ([https://twitter.com/PoolTogether_/status/1387486743029555203 29-4-2021]).
*Built on: [[Ethereum (ETH)|Ethereum]] and [[Polygon (MATIC)|Polygon]] ([https://twitter.com/PoolTogether_/status/1387486743029555203 29-4-2021]). [[Avalanche (AVAX)|Avalanche]] ([https://www.defisafety.com/pqrs/371 2-3-2022]).
*Is using [[Infura]], according to their [https://infura.io/ website] (13-4-2020).
*Is using [[Infura]], according to their [https://infura.io/ website] (13-4-2020).


===How it works===
===How it works===
===Fee Mechanism===
===Fees===


* [https://newsletter.banklesshq.com/p/summer-pool-party?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjozODQ5NTA2NSwiXyI6IitrN3VtIiwiaWF0IjoxNjI2MDYwNjUwLCJleHAiOjE2MjYwNjQyNTAsImlzcyI6InB1Yi0xNjAxNSIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.uyD_t75n5wt3oupVBH8dShdrfpiV From] [[Bankless DAO (BANK)|Bankless]] (9-7-2021):
* [https://newsletter.banklesshq.com/p/summer-pool-party?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjozODQ5NTA2NSwiXyI6IitrN3VtIiwiaWF0IjoxNjI2MDYwNjUwLCJleHAiOjE2MjYwNjQyNTAsImlzcyI6InB1Yi0xNjAxNSIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.uyD_t75n5wt3oupVBH8dShdrfpiV From] [[Bankless DAO (BANK)|Bankless]] (9-7-2021):
Line 97: Line 112:
===Upgrades===
===Upgrades===


* [https://weekinethereum.substack.com/p/week-in-ethereum-news-april-20-2024 From] [[Week In Ethereum]] (20-4-2024):
''"PoolTogether v5 live on [[Optimism (OP)|Optimism]], ETH prizes automatically sent, no parameter governance & no admin controls"''
*[https://weekinethereum.substack.com/p/week-in-ethereum-news-october-25?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjoxMzU1NjI4MCwiXyI6ImM5eFJuIiwiaWF0IjoxNjAzNzAxNjMwLCJleHAiOjE2MDM3MDUyMzAsImlzcyI6InB1Yi0xMDcxIiwic3ViIjoicG9zdC1yZWFjdGlvbiJ9.yORMmUm89hsA2crVHRMkHenz3_abPAFC8smngK8doRU From] [[Week In Ethereum]] (26-10-2020):
*[https://weekinethereum.substack.com/p/week-in-ethereum-news-october-25?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjoxMzU1NjI4MCwiXyI6ImM5eFJuIiwiaWF0IjoxNjAzNzAxNjMwLCJleHAiOjE2MDM3MDUyMzAsImlzcyI6InB1Yi0xMDcxIiwic3ViIjoicG9zdC1yZWFjdGlvbiJ9.yORMmUm89hsA2crVHRMkHenz3_abPAFC8smngK8doRU From] [[Week In Ethereum]] (26-10-2020):


Line 103: Line 121:
* [https://newsletter.banklesshq.com/p/summer-pool-party?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjozODQ5NTA2NSwiXyI6IitrN3VtIiwiaWF0IjoxNjI2MDYwNjUwLCJleHAiOjE2MjYwNjQyNTAsImlzcyI6InB1Yi0xNjAxNSIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.uyD_t75n5wt3oupVBH8dShdrfpiV From] [[Bankless DAO (BANK)|Bankless]] (9-7-2021):
* [https://newsletter.banklesshq.com/p/summer-pool-party?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjozODQ5NTA2NSwiXyI6IitrN3VtIiwiaWF0IjoxNjI2MDYwNjUwLCJleHAiOjE2MjYwNjQyNTAsImlzcyI6InB1Yi0xNjAxNSIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.uyD_t75n5wt3oupVBH8dShdrfpiV From] [[Bankless DAO (BANK)|Bankless]] (9-7-2021):


''"Showcasing the power of [[Decentralised Autonomous Organisation (DAO)|DAOs]] and [[Decentralized Finance (DeFi)|DeFi]], the community of POOL token holders have been the driving force behind some of the recent developments of PoolTogether, including the [https://twitter.com/PoolGrants/status/1400011292975538180?s=20 $500k PoolGrants] fund aimed at expanding and improving the ecosystem and and the [https://twitter.com/lay2000lbs/status/1400125217746395137?s=20 creation] of a [[Rari Capital (RFT)|Rari Capital]] and PoolTogether lending market. The new lending market expands the protocol’s reach by allowing users to, if they choose to do so, borrow against their PoolTogether deposits. This is a game-changer for a DeFi protocol that is sitting on nearly ~$200m of assets, the majority of which are [[stablecoins]]. Users are now able to borrow and re-deposit those borrowed funds into PoolTogether prize pools, compounding their chances of winning. Users could also deploy the borrowed funds elsewhere in the DeFi ecosystem to earn yield or swap [[US Dollar Coin (USDC)|USDC]] for risk-on assets. "''
''"Showcasing the power of [[Decentralised Autonomous Organisation (DAO)|DAOs]] and [[Decentralized Finance (DeFi)|DeFi]], the community of POOL token holders have been the driving force behind some of the recent developments of PoolTogether, including the [https://twitter.com/PoolGrants/status/1400011292975538180?s=20 $500k PoolGrants] fund aimed at expanding and improving the ecosystem and and the [https://twitter.com/lay2000lbs/status/1400125217746395137?s=20 creation] of a [[Rari Capital (RFT)|Rari Capital]] and PoolTogether lending market. The new lending market expands the protocol’s reach by allowing users to, if they choose to do so, borrow against their PoolTogether deposits. This is a game-changer for a [[DeFi]] protocol that is sitting on nearly ~$200m of assets, the majority of which are [[stablecoins]]. Users are now able to borrow and re-deposit those borrowed funds into PoolTogether prize pools, compounding their chances of winning. Users could also deploy the borrowed funds elsewhere in the DeFi ecosystem to earn yield or swap [[US Dollar Coin (USDC)|USDC]] for risk-on assets. "''


===Staking===
===Staking===
Line 114: Line 132:


== Oracle Method==
== Oracle Method==
== Privacy Method==
 
== Compliance==
* [https://www.defisafety.com/pqrs/371 From] [[DeFi Safety|DeFi Safety (2-3-2022):]]
 
''"The protocol's [[Chainlink (LINK)|Chainlink]] [[Oracle]] usage is [https://v4.docs.pooltogether.com/protocol/deployments/rng documented], but it is not clear what role it plays. However, PoolTogether does clearly document its [https://v4.docs.pooltogether.com/protocol/contracts/v4-periphery/TwabRewards TWAB] use and necessary specifications. This protocol documents [[Frontrunners|front running]] mitigation techniques at this [https://v4.docs.pooltogether.com/protocol/architecture/launch-architecture location]. PoolTogether's TWAB and 2-week epochs serve as adequate [[Flash Loan|flash loan]] manipulation mitigation procedures."''
 
== Their Other Projects==
== Their Other Projects==
==Roadmap ==
==Roadmap ==
Line 127: Line 148:
''"whales have bulk bought tickets. The top 5 players combined have a 58% chance of being the winner."''
''"whales have bulk bought tickets. The top 5 players combined have a 58% chance of being the winner."''
* [https://news.bitcoin.com/how-decentralized-is-blossoming-defi/ From] [[Bitcoin.com]] (31-1-2020):
* [https://news.bitcoin.com/how-decentralized-is-blossoming-defi/ From] [[Bitcoin.com]] (31-1-2020):
''"Creeping [[centralization]] doesn’t just manifest in [[defi]] protocols whose creators hold the master [[Private Key|keys]]; it can also be seen in projects such as Pool Together, the lossless lottery platform, where whales have taken over. There is nothing illegal about major players gaming the system, nor does their doing so put user funds at risk. However, it serves to illustrate the ease with which the defi market can be manipulated – and how projects founded with good intentions can be hijacked by monopolies with little interest in fostering financial inclusion."''
''"Creeping [[centralization]] doesn’t just manifest in [[defi]] protocols whose creators hold the master [[Private Key|keys]]; it can also be seen in projects such as [[Pool Together]], the lossless lottery platform, where whales have taken over. There is nothing illegal about major players gaming the system, nor does their doing so put user funds at risk. However, it serves to illustrate the ease with which the defi market can be manipulated – and how projects founded with good intentions can be hijacked by monopolies with little interest in fostering financial inclusion."''


* PoolTogether is only distributing ~$140 for its weekly prize pool compared to the $1.1K prior to [[Black Thursday]].
* PoolTogether is only distributing ~$140 for its weekly prize pool compared to the $1.1K prior to [[Black Thursday]].
Line 149: Line 170:
== Roadmap ==
== Roadmap ==
* From [https://tokentuesdays.substack.com/p/pooltogether-is-mooning?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjoyNDE5NjgsIl8iOiI5QkVPRiIsImlhdCI6MTU3OTc1NzE0MiwiZXhwIjoxNTc5NzYwNzQyLCJpc3MiOiJwdWItMTU0MDUiLCJzdWIiOiJwb3N0LXJlYWN0aW9uIn0.eYfIO_NQa04tpcZH4Dmdm05gzZeBEpm_AtjrctpXjaw this post] by [[Token Tuesdays]] (22-1-2020):
* From [https://tokentuesdays.substack.com/p/pooltogether-is-mooning?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjoyNDE5NjgsIl8iOiI5QkVPRiIsImlhdCI6MTU3OTc1NzE0MiwiZXhwIjoxNTc5NzYwNzQyLCJpc3MiOiJwdWItMTU0MDUiLCJzdWIiOiJwb3N0LXJlYWN0aW9uIn0.eYfIO_NQa04tpcZH4Dmdm05gzZeBEpm_AtjrctpXjaw this post] by [[Token Tuesdays]] (22-1-2020):
''"<strong>Additional Stablecoin Support</strong><br>PoolTogether will soon incorporate prize pools for assets other than DAI including [[stablecoins]] like US Dollar Coin ([[USDC]]). USDC currently has 4x the market size of DAI, indicating there is a large opportunity for more capital to flow into PoolTogether pools. Similarly, USDC lending rates have been [https://twitter.com/defipulse/status/1219676907383541765?s=20 steadily rising], meaning more interest can be collected for prizes.''
''"<strong>Additional [[Stablecoin]] Support</strong><br>PoolTogether will soon incorporate prize pools for assets other than DAI including [[stablecoins]] like US Dollar [[COIN|Coin]] ([[USDC]]). USDC currently has 4x the market size of DAI, indicating there is a large opportunity for more capital to flow into PoolTogether pools. Similarly, USDC lending rates have been [https://twitter.com/defipulse/status/1219676907383541765?s=20 steadily rising], meaning more interest can be collected for prizes.''


<em><strong>PoolTogether Pods</strong><br>One of the few downsides to PoolTogether is that without significant capital, your chances at winning are fairly low. Pods would aid in this notion by allowing small groups to pool their tickets together, effectively increasing their chances at winning. In the event that a given Pod ticket were to win, the prize would be split pro-rate among all the Pod participants.</em>
<em><strong>PoolTogether [[Pods]]</strong><br>One of the few downsides to PoolTogether is that without significant capital, your chances at winning are fairly low. Pods would aid in this notion by allowing small groups to pool their tickets together, effectively increasing their chances at winning. In the event that a given Pod ticket were to win, the prize would be split pro-rate among all the Pod participants.</em>


<em><strong>New Wallet Support</strong><br>While PoolTogether supports most of the major [[Ethereum]] [[wallets]] ([[MetaMask]], [[WalletConnect]], [[Portis]], [[Coinbase (Company)|Coinbase]] Wallet and [[Squarelink]]), it’s likely that additional wallet support opens new avenues for more pool participation. Similar to what we’re seeing with Multi-Collateral Dai’s integration with secondary exchanges like [[OKEx]], it’s possible (custodian issues aside) that PoolTogether’s contracts *could* be leveraged by larger funds to further increase pool capacity."</em>
<em><strong>New Wallet Support</strong><br>While PoolTogether supports most of the major [[Ethereum]] [[wallets]] ([[MetaMask]], [[WalletConnect]], [[Portis]], [[Coinbase (Company)|Coinbase]] Wallet and [[Squarelink]]), it’s likely that additional wallet support opens new avenues for more pool participation. Similar to what we’re seeing with Multi-Collateral Dai’s integration with secondary exchanges like [[OKEx]], it’s possible (custodian issues aside) that PoolTogether’s contracts *could* be leveraged by larger funds to further increase pool capacity."</em>
Line 162: Line 183:
=== Team ===
=== Team ===
* [[Leighton Cusack]] — Co-founder and CEO
* [[Leighton Cusack]] — Co-founder and CEO
*The protocol is decentralized, though key contributors are public and confirm their roles.


=== Funding ===
=== Funding ===
Line 184: Line 206:
Making these free wiki pages is fun but takes a lot of effort and time.
Making these free wiki pages is fun but takes a lot of effort and time.


If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.
If you have enjoyed reading, tips are appreciated :) This will help us to [[keep]] expanding this archive of information.


[[ETH]] tip [[address]]: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31
[[ETH]] tip [[address]]: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31

Latest revision as of 02:07, 22 April 2024

Basics

  • Based in:
  • Started in 9-2019
  • Mainnet release:
  • A no loss lottery powered by DAI and Compound among other strategies.
  • PoolTogether is flipping the concept of a lottery, to one where you lose money 99.9% of the time to one where you never lose money, and instead acts as a savings incentive. It works by pooling all of the lottery ticket sales into one big pool and investing all of that pool into interest-earning assets, and after a set period, everyone gets their money back - but one person also gets all of the interest.
  • From this post by Token Tuesdays (22-1-2020):

"PoolTogether is non-custodial, meaning users can redeem their tickets from the pool at any time. The value of stablecoins always remains the same, meaning these raffles are truly “no loss lotteries”. Tickets are recycled week after week, meaning once capital has been deposited, users are eligible to win every week until they exit the pool.

Let’s take a look at some other notions that make PoolTogether “valuable”:

  1. We’ve seen numerous parties “sponsor” PoolTogether, meaning their funds collect interest, without being eligible to win the drawing.
  2. PoolTogether leverages a Uniswap front-end integration, a notion we’ve been very passionate about recommending for Ethereum products across the board.
  3. The PoolTogether team recently announced their intentions for new features, all of which should gradually increase adoption of the product at large. (described in our conclusion)

In summary, PoolTogether allows users to *possibly* earn larger rewards than they would be able to on their own in an intuitive, exciting fashion. To give a clear example, it would take 11.2 years to earn the same amount of interest on 1000 DAI collecting the Dai Savings Rate for the same reward of this week’s prize (~$672)."

History

Audits & Exploits

  • Bug bounty program can be found here. Max payout is $25,000 (29-6-2020). Still the same (3-2-2022); "In addition, Pooltogether v4's code was subject to a $100,000 Code Arena contest. Although this is no longer active, we will still award points for this, as the code was rigorously parsed through by white hats and security enthusiasts."
  • Open Zeppelin Audit Disclosures (1-2020)
  • Open Zeppelin Audit Summary.
  • Scored 91% again (8-11-2023):

"PoolTogether V5 has made a splash with an impressive 91% overall score!

  1. Smart Contracts & Team: The smart contract addresses are a breeze to find, and the team isn't hiding in the shadows—they're out and proud.
  2. Oracles: They've got some documentation, but it's like a puzzle with a few missing pieces.
  3. Documentation: They've got a whitepaper that ticks all the boxes, plus their software architecture isn't a maze—it's a well-documented journey.
  4. Testing: They've put their code through the wringer, with tests that cover the gamut, ensuring everything's shipshape.
  5. Security: Audits? Check. But the bug bounty's on the lighter side, so there's room to beef up the defenses.
  6. Admin Controls: They're transparent about their upgrade paths and admin powers, making sure users aren't left in the dark."
  • Score got updated to 95% (2-3-2022), "This protocol's V4 was audited once before release. In addition, the PoolTogether v4 release implements many elements of the v3 Prize Pool's core software architecture which has been audited multiple times." with the comment:

"Thanks to their dedicated team, we were able to bring them into our Top 10 scoring protocols of all time! Their rank is representative of their efforts in communicating with us; many protocols could learn from them. PoolTogether is exceedingly well-rounded in all areas of our review. Most importantly, their dedication to security is almost unparalleled with numerous (and continuous) high-quality audits from reputable organizations such as ConSensys Diligence and OpenZeppelin. Additionally, non-custodial software is always appreciated and is indicative of a trustworthy team. Even so, our only recommendation for the PoolTogether team is to unify and streamline their Admin Control documentation in a way that makes it more visible for users."

  • Scored a 91% on DeFi Safety (14-9-2021). Previously also scored a 91% (8-3-2021); "​PoolToghther has been audited by OpenZeppelin twice, with the last time being october 21st. PoolTogether has also been audited by DitCraft. PoolTogether was released January 7th." With the comment: "been a while since we had a 90+!  Excellent protocol all round, no loss indeed."

Governance

Admin Keys

"PoolTogether v5 live on Optimism, ETH prizes automatically sent, no parameter governance & no admin controls"

"Contracts are not upgradeable as specified by the v3 documentation. The v4 documentation corroborates this by highlighting the non-custodial nature of the deployment. In addition, the team plans to further decentralize the protocol through automation that will further remove the admins' implication from daily operations. This is detailed here, and we will update the review accordingly once the automation is in full effect. All contracts are not upgradeable. In addition, a MultiSig wallet operates the protocol's OpenZeppelin Defender implementation that is used to automatize transactions. All contracts are not upgradeable. The only aspect of the protocol that the admins can change are the Prize Distribution details. However, this is only done if there are any discrepancies or mismatches in the aforementioned details.

This protocol has some timelock documentation which can be found at this location. Additional timelock documentation detailing its duration and affected contracts can be found here. The timelock has a length of 24h, as specified here."

"All Contracts are clearly labelled as non upgreadeable, AKA immutable. Pause controls are mentioned in the audits performed by OpenZeppelin, but no evidence or detail on capabilities of tests."

  • V3 removed admin control (26-10-2020). Bellow information is about the previous situation.
  • From DeFi Watch (9-3-2020):

"PoolTogether's protocol is upgradeable via a 2-of-N Gnosis multisig admin contract with no timelock. The key is capable of modifying critical parts of the smart contract ecosystem and can be used to drain funds if used maliciously."

"Current Admin Key Config- Time Lock: No

Current Admin Key Config- Multisig: 2-of-N (Gnosis)

Claimed Admin Key OpSec: None

Verified Admin Key OpSec: Unverifiable

Is security of deposited funds dependent on opsec of admin key?: Yes

Admin Key Address: Link

Documentation on Admin Key Powers: Open Zeppelin Audit Disclosure

Additional Info (if any)? Open Zeppelin Audit Summary"

DAO

Treasury

  • PoolTogether makes money by directing 10% of the interest accrued to a team DAO.
  • From Bankless (9-7-2021):

"While the interest generated on prize pools is paid out to lucky winners, the prize pool reserves also retain a percentage of the winnings earned through operations, and redeposited into the next prize pool. This increases the principal used to generate prizes, essentially adding capital into the prize pool which is ineligible to win any prizes. As this loop repeats, it creates a one-way flow of tokens into the reserves.

As of June 24, 2021, PoolTogether’s treasury is sitting close to $65 million. The majority of that consists of POOL tokens that were allocated to the treasury at the time of the token launch and are subject to a multi-year vesting schedule."

Token

Launch

Token Allocation

Utility

  • As a governance token, POOL is used to vote on how to deploy the protocol’s treasury.

Other Details

Coin Distribution

Tech

"At 580 commits, PoolTogether's commitment to development history is clearly not left to chance."

Different Implementations

How it works

Fees

"While the interest generated on prize pools is paid out to lucky winners, the prize pool reserves also retain a percentage of the winnings earned through operations, and redeposited into the next prize pool. This increases the principal used to generate prizes, essentially adding capital into the prize pool which is ineligible to win any prizes. As this loop repeats, it creates a one-way flow of tokens into the reserves."

Upgrades

"PoolTogether v5 live on Optimism, ETH prizes automatically sent, no parameter governance & no admin controls"

"pooltogether v3 is live, removed admin control, randomness via VRF, rewards for deposits and referrals."

"Showcasing the power of DAOs and DeFi, the community of POOL token holders have been the driving force behind some of the recent developments of PoolTogether, including the $500k PoolGrants fund aimed at expanding and improving the ecosystem and and the creation of a Rari Capital and PoolTogether lending market. The new lending market expands the protocol’s reach by allowing users to, if they choose to do so, borrow against their PoolTogether deposits. This is a game-changer for a DeFi protocol that is sitting on nearly ~$200m of assets, the majority of which are stablecoins. Users are now able to borrow and re-deposit those borrowed funds into PoolTogether prize pools, compounding their chances of winning. Users could also deploy the borrowed funds elsewhere in the DeFi ecosystem to earn yield or swap USDC for risk-on assets. "

Staking

Liquidity Mining

Scaling

Interoperability

Other Details

Oracle Method

"The protocol's Chainlink Oracle usage is documented, but it is not clear what role it plays. However, PoolTogether does clearly document its TWAB use and necessary specifications. This protocol documents front running mitigation techniques at this location. PoolTogether's TWAB and 2-week epochs serve as adequate flash loan manipulation mitigation procedures."

Their Other Projects

Roadmap

  • Can be found [Insert link here].

Usage and Whales

"The current prize pool for January 24th, 2020 is by far the largest in PoolTogether’s history. Nearly $500,000 is currently pooled by community members with another $132,000 from sponsored Dai. With that, there are currently 1,253 addresses all hoping to win this week’s pot featuring two major whales. Each of the two major addresses have a 24.88% and 18.69% chance of winning with the next biggest player only having a 3.57% chance. As of writing, contributing 1 DAI will give you a ~0.0002% chance of winning the lottery pool."

"whales have bulk bought tickets. The top 5 players combined have a 58% chance of being the winner."

"Creeping centralization doesn’t just manifest in defi protocols whose creators hold the master keys; it can also be seen in projects such as Pool Together, the lossless lottery platform, where whales have taken over. There is nothing illegal about major players gaming the system, nor does their doing so put user funds at risk. However, it serves to illustrate the ease with which the defi market can be manipulated – and how projects founded with good intentions can be hijacked by monopolies with little interest in fostering financial inclusion."

  • PoolTogether is only distributing ~$140 for its weekly prize pool compared to the $1.1K prior to Black Thursday.
  • From Our Network #7 (6-2-2020):

"Part of the growth in prize value is due to an increase in unique players (measured by unique Ethereum addresses in the pool). This has been increasing an average of 36% week over week. Part of the growth is also driven by an increase in the average deposit size. The later half of January saw more whales entering the pool driving up the average deposit size.

Total pool size broke $1 million Dai for the first time. Of this, ~$778,000 Dai is from player deposits and ~$250,000 Dai is sponsored."

  • From Our Network #12 (12-3-2020):

"A major trend of 2020 is less tickets owned by whales and more tickets owned by smaller addresses. As of March 10th, 17% of all tickets are owned by accounts with less than 100 tickets. In contrast on January 31st only 5.44% of total tickets were owned by accounts with less than 100. During this period, the total pool size continued to increase."

  • From Our Network (30-5-2020):

"The Argent Wallet recently launched a direct integration into the PoolTogether protocol. This provides a good data point in how improving ease of use can expand protocol usage. Net new users increased 240% in the 10 days after the launch of the Argent integration compared to the 14 days prior to the integration launch. This shows significant untapped demand once onboarding is improved."

  • From Our Network #31 (25-7-2020):

"Despite lower yield rates creating smaller prizes, unique wallets has continued to grow and is just shy of 10,000."

  • From Our Network #46 (6-11-2020):

"In the first 14 days, $1.4 million was deposited and $1.15 million is currently deposited. This is notably higher than the V2 protocol which never exceeded $900,000 in total user deposits. Total prizes awarded by the V3 protocol already exceed $13,000 in the first two weeks. In comparison, the V2 awarded $35,000 over the course of 14 months."

  • From Our Network #66 (10-4-2021):

"The protocol currently has $155 million in total deposits. The largest prize pool is USDC with $63 million deposited followed by Dai with $52 million deposited."

Roadmap

"Additional Stablecoin Support
PoolTogether will soon incorporate prize pools for assets other than DAI including stablecoins like US Dollar Coin (USDC). USDC currently has 4x the market size of DAI, indicating there is a large opportunity for more capital to flow into PoolTogether pools. Similarly, USDC lending rates have been steadily rising, meaning more interest can be collected for prizes.

PoolTogether Pods
One of the few downsides to PoolTogether is that without significant capital, your chances at winning are fairly low. Pods would aid in this notion by allowing small groups to pool their tickets together, effectively increasing their chances at winning. In the event that a given Pod ticket were to win, the prize would be split pro-rate among all the Pod participants.

New Wallet Support
While PoolTogether supports most of the major Ethereum wallets (MetaMask, WalletConnect, Portis, Coinbase Wallet and Squarelink), it’s likely that additional wallet support opens new avenues for more pool participation. Similar to what we’re seeing with Multi-Collateral Dai’s integration with secondary exchanges like OKEx, it’s possible (custodian issues aside) that PoolTogether’s contracts *could* be leveraged by larger funds to further increase pool capacity."

Competition

Pros and Cons

Pros

Cons

Team, Funding, partners

Team

  • Leighton Cusack — Co-founder and CEO
  • The protocol is decentralized, though key contributors are public and confirm their roles.

Funding

  • "The pool was originally seeded with $150,000 in sponsored Dai back in late December upon the introduction of MCD."
  • PoolTogether makes money by directing 10% of the interest accrued to a team DAO.

"PoolTogether closed a funding round led by ParaFi Capital with participation from Nascent, Robot Ventures, MetaCartel, The LAO, Houbi DeFi Labs, and additional angels."

Partners

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31

Also check out CoinTr.ee for more content.