Difference between revisions of "PoolTogether (POOL)"
Line 19: | Line 19: | ||
*[[Open Zeppelin]] Audit [https://medium.com/pooltogether/pooltogether-v2-0-audit-disclosures-d968a1875ec Disclosures] (1-2020) | *[[Open Zeppelin]] Audit [https://medium.com/pooltogether/pooltogether-v2-0-audit-disclosures-d968a1875ec Disclosures] (1-2020) | ||
*<nowiki> </nowiki>Open Zeppelin Audit [https://blog.openzeppelin.com/pooltogether-audit/ Summary]. | *<nowiki> </nowiki>Open Zeppelin Audit [https://blog.openzeppelin.com/pooltogether-audit/ Summary]. | ||
*Score got updated to [https://www.defisafety.com/pqrs/371 95%] (2-3-2022), ''"This protocol's V4 was audited once [https://pooltogether.com/audits/ before release]. In addition, the PoolTogether v4 release implements many [[elements]] of the v3 Prize Pool's core software architecture which has been audited multiple times."'' with the [https://t.me/c/1453353094/7612 comment]: | *Scored [https://t.me/c/1453353094/15644 91%] again (8-11-2023): | ||
''"PoolTogether V5 has made a splash with an impressive 91% overall score!'' | |||
# ''Smart Contracts & Team: The smart contract addresses are a breeze to find, and the team isn't hiding in the shadows—they're out and proud.'' | |||
# ''Oracles: They've got some documentation, but it's like a puzzle with a few missing pieces.'' | |||
# ''Documentation: They've got a whitepaper that ticks all the boxes, plus their software architecture isn't a maze—it's a well-documented journey.'' | |||
# ''Testing: They've put their code through the wringer, with tests that cover the gamut, ensuring everything's shipshape.'' | |||
# ''Security: Audits? Check. But the bug bounty's on the lighter side, so there's room to beef up the defenses.'' | |||
# ''Admin Controls: They're transparent about their upgrade paths and admin powers, making sure users aren't left in the dark."'' | |||
*Score got updated to [https://www.defisafety.com/pqrs/371 95%] (2-3-2022), ''"This protocol's V4 was audited once [https://pooltogether.com/audits/ before release]. In addition, the PoolTogether v4 release implements many [[elements]] of the v3 Prize Pool's core software architecture which has been audited multiple times."'' with the [https://t.me/c/1453353094/7612 comment]: | |||
''"Thanks to their dedicated team, we were able to bring them into our Top 10 scoring protocols of all time! Their rank is representative of their efforts in communicating with us; many protocols could learn from them. PoolTogether is exceedingly well-rounded in all areas of our review. Most importantly, their dedication to security is almost unparalleled with numerous (and continuous) high-quality audits from reputable organizations such as ConSensys Diligence and OpenZeppelin. Additionally, [[non-custodial]] software is always appreciated and is indicative of a trustworthy team. Even so, our only recommendation for the PoolTogether team is to unify and streamline their [[Admin Key|Admin Control]] documentation in a way that makes it more visible for users."'' | ''"Thanks to their dedicated team, we were able to bring them into our Top 10 scoring protocols of all time! Their rank is representative of their efforts in communicating with us; many protocols could learn from them. PoolTogether is exceedingly well-rounded in all areas of our review. Most importantly, their dedication to security is almost unparalleled with numerous (and continuous) high-quality audits from reputable organizations such as ConSensys Diligence and OpenZeppelin. Additionally, [[non-custodial]] software is always appreciated and is indicative of a trustworthy team. Even so, our only recommendation for the PoolTogether team is to unify and streamline their [[Admin Key|Admin Control]] documentation in a way that makes it more visible for users."'' | ||
*Scored a [https://docs.defisafety.com/finished-reviews/pool-together-0.7-process-quality-review 91%] on [[DeFi Safety]] (14-9-2021). Previously also [https://defisafety.com/2021/04/17/pool-together/ scored] a 91% (8-3-2021); ''"PoolToghther has been audited by OpenZeppelin twice, with the last time being october 21st. PoolTogether has also been audited by [[DitCraft]]. PoolTogether was released January 7th." ''With the [https://t.me/c/1453353094/2874 comment]: ''"been a while since we had a 90+! Excellent protocol all round, no loss indeed."'' | *Scored a [https://docs.defisafety.com/finished-reviews/pool-together-0.7-process-quality-review 91%] on [[DeFi Safety]] (14-9-2021). Previously also [https://defisafety.com/2021/04/17/pool-together/ scored] a 91% (8-3-2021); ''"PoolToghther has been audited by OpenZeppelin twice, with the last time being october 21st. PoolTogether has also been audited by [[DitCraft]]. PoolTogether was released January 7th." ''With the [https://t.me/c/1453353094/2874 comment]: ''"been a while since we had a 90+! Excellent protocol all round, no loss indeed."'' |
Revision as of 08:48, 13 November 2023
Basics
- Based in:
- Started in 9-2019
- Mainnet release:
- A no loss lottery powered by DAI and Compound among other strategies.
- PoolTogether is flipping the concept of a lottery, to one where you lose money 99.9% of the time to one where you never lose money, and instead acts as a savings incentive. It works by pooling all of the lottery ticket sales into one big pool and investing all of that pool into interest-earning assets, and after a set period, everyone gets their money back - but one person also gets all of the interest.
- From this post by Token Tuesdays (22-1-2020):
"PoolTogether is non-custodial, meaning users can redeem their tickets from the pool at any time. The value of stablecoins always remains the same, meaning these raffles are truly “no loss lotteries”. Tickets are recycled week after week, meaning once capital has been deposited, users are eligible to win every week until they exit the pool.
Let’s take a look at some other notions that make PoolTogether “valuable”:
- We’ve seen numerous parties “sponsor” PoolTogether, meaning their funds collect interest, without being eligible to win the drawing.
- PoolTogether leverages a Uniswap front-end integration, a notion we’ve been very passionate about recommending for Ethereum products across the board.
- The PoolTogether team recently announced their intentions for new features, all of which should gradually increase adoption of the product at large. (described in our conclusion)
In summary, PoolTogether allows users to *possibly* earn larger rewards than they would be able to on their own in an intuitive, exciting fashion. To give a clear example, it would take 11.2 years to earn the same amount of interest on 1000 DAI collecting the Dai Savings Rate for the same reward of this week’s prize (~$672)."
History
Audits & Exploits
- Bug bounty program can be found here. Max payout is $25,000 (29-6-2020). Still the same (3-2-2022); "In addition, Pooltogether v4's code was subject to a $100,000 Code Arena contest. Although this is no longer active, we will still award points for this, as the code was rigorously parsed through by white hats and security enthusiasts."
- Open Zeppelin Audit Disclosures (1-2020)
- Open Zeppelin Audit Summary.
- Scored 91% again (8-11-2023):
"PoolTogether V5 has made a splash with an impressive 91% overall score!
- Smart Contracts & Team: The smart contract addresses are a breeze to find, and the team isn't hiding in the shadows—they're out and proud.
- Oracles: They've got some documentation, but it's like a puzzle with a few missing pieces.
- Documentation: They've got a whitepaper that ticks all the boxes, plus their software architecture isn't a maze—it's a well-documented journey.
- Testing: They've put their code through the wringer, with tests that cover the gamut, ensuring everything's shipshape.
- Security: Audits? Check. But the bug bounty's on the lighter side, so there's room to beef up the defenses.
- Admin Controls: They're transparent about their upgrade paths and admin powers, making sure users aren't left in the dark."
- Score got updated to 95% (2-3-2022), "This protocol's V4 was audited once before release. In addition, the PoolTogether v4 release implements many elements of the v3 Prize Pool's core software architecture which has been audited multiple times." with the comment:
"Thanks to their dedicated team, we were able to bring them into our Top 10 scoring protocols of all time! Their rank is representative of their efforts in communicating with us; many protocols could learn from them. PoolTogether is exceedingly well-rounded in all areas of our review. Most importantly, their dedication to security is almost unparalleled with numerous (and continuous) high-quality audits from reputable organizations such as ConSensys Diligence and OpenZeppelin. Additionally, non-custodial software is always appreciated and is indicative of a trustworthy team. Even so, our only recommendation for the PoolTogether team is to unify and streamline their Admin Control documentation in a way that makes it more visible for users."
- Scored a 91% on DeFi Safety (14-9-2021). Previously also scored a 91% (8-3-2021); "PoolToghther has been audited by OpenZeppelin twice, with the last time being october 21st. PoolTogether has also been audited by DitCraft. PoolTogether was released January 7th." With the comment: "been a while since we had a 90+! Excellent protocol all round, no loss indeed."
Governance
Admin Keys
"Contracts are not upgradeable as specified by the v3 documentation. The v4 documentation corroborates this by highlighting the non-custodial nature of the deployment. In addition, the team plans to further decentralize the protocol through automation that will further remove the admins' implication from daily operations. This is detailed here, and we will update the review accordingly once the automation is in full effect. All contracts are not upgradeable. In addition, a MultiSig wallet operates the protocol's OpenZeppelin Defender implementation that is used to automatize transactions. All contracts are not upgradeable. The only aspect of the protocol that the admins can change are the Prize Distribution details. However, this is only done if there are any discrepancies or mismatches in the aforementioned details.
This protocol has some timelock documentation which can be found at this location. Additional timelock documentation detailing its duration and affected contracts can be found here. The timelock has a length of 24h, as specified here."
- From DeFi Safety (14-9-2021):
"All Contracts are clearly labelled as non upgreadeable, AKA immutable. Pause controls are mentioned in the audits performed by OpenZeppelin, but no evidence or detail on capabilities of tests."
- V3 removed admin control (26-10-2020). Bellow information is about the previous situation.
- From DeFi Watch (9-3-2020):
"PoolTogether's protocol is upgradeable via a 2-of-N Gnosis multisig admin contract with no timelock. The key is capable of modifying critical parts of the smart contract ecosystem and can be used to drain funds if used maliciously."
- The following information comes from a spreadsheet (4-2-2020) created by Chris Blec.
"Current Admin Key Config- Time Lock: No
Current Admin Key Config- Multisig: 2-of-N (Gnosis)
Claimed Admin Key OpSec: None
Verified Admin Key OpSec: Unverifiable
Is security of deposited funds dependent on opsec of admin key?: Yes
Admin Key Address: Link
Documentation on Admin Key Powers: Open Zeppelin Audit Disclosure
Additional Info (if any)? Open Zeppelin Audit Summary"
DAO
Treasury
- PoolTogether makes money by directing 10% of the interest accrued to a team DAO.
- From Bankless (9-7-2021):
"While the interest generated on prize pools is paid out to lucky winners, the prize pool reserves also retain a percentage of the winnings earned through operations, and redeposited into the next prize pool. This increases the principal used to generate prizes, essentially adding capital into the prize pool which is ineligible to win any prizes. As this loop repeats, it creates a one-way flow of tokens into the reserves.
As of June 24, 2021, PoolTogether’s treasury is sitting close to $65 million. The majority of that consists of POOL tokens that were allocated to the treasury at the time of the token launch and are subject to a multi-year vesting schedule."
Token
Launch
- Started out without a token, but aidropped its governance token in February 2021.
Token Allocation
Utility
- As a governance token, POOL is used to vote on how to deploy the protocol’s treasury.
Other Details
Coin Distribution
Tech
- Whitepaper can be found here. For V4, check here.
- Code can be viewed here. From DeFi Safety (2-3-2022):
"At 580 commits, PoolTogether's commitment to development history is clearly not left to chance."
Different Implementations
- Built on: Ethereum and Polygon (29-4-2021). Avalanche (2-3-2022).
- Is using Infura, according to their website (13-4-2020).
How it works
Fees
"While the interest generated on prize pools is paid out to lucky winners, the prize pool reserves also retain a percentage of the winnings earned through operations, and redeposited into the next prize pool. This increases the principal used to generate prizes, essentially adding capital into the prize pool which is ineligible to win any prizes. As this loop repeats, it creates a one-way flow of tokens into the reserves."
Upgrades
- From Week In Ethereum (26-10-2020):
"pooltogether v3 is live, removed admin control, randomness via VRF, rewards for deposits and referrals."
"Showcasing the power of DAOs and DeFi, the community of POOL token holders have been the driving force behind some of the recent developments of PoolTogether, including the $500k PoolGrants fund aimed at expanding and improving the ecosystem and and the creation of a Rari Capital and PoolTogether lending market. The new lending market expands the protocol’s reach by allowing users to, if they choose to do so, borrow against their PoolTogether deposits. This is a game-changer for a DeFi protocol that is sitting on nearly ~$200m of assets, the majority of which are stablecoins. Users are now able to borrow and re-deposit those borrowed funds into PoolTogether prize pools, compounding their chances of winning. Users could also deploy the borrowed funds elsewhere in the DeFi ecosystem to earn yield or swap USDC for risk-on assets. "
Staking
Liquidity Mining
Scaling
Interoperability
Other Details
- "PoolTogether is the first subscriber (12-5-2020) to Chainlink’s VRF. PoolTogether will now switch from its centralized randomness selection method to Chainlink’s VRF for decentralized randomness."
Oracle Method
"The protocol's Chainlink Oracle usage is documented, but it is not clear what role it plays. However, PoolTogether does clearly document its TWAB use and necessary specifications. This protocol documents front running mitigation techniques at this location. PoolTogether's TWAB and 2-week epochs serve as adequate flash loan manipulation mitigation procedures."
Their Other Projects
Roadmap
- Can be found [Insert link here].
Usage and Whales
- From this post by Token Tuesdays (22-1-2020):
"The current prize pool for January 24th, 2020 is by far the largest in PoolTogether’s history. Nearly $500,000 is currently pooled by community members with another $132,000 from sponsored Dai. With that, there are currently 1,253 addresses all hoping to win this week’s pot featuring two major whales. Each of the two major addresses have a 24.88% and 18.69% chance of winning with the next biggest player only having a 3.57% chance. As of writing, contributing 1 DAI will give you a ~0.0002% chance of winning the lottery pool."
"whales have bulk bought tickets. The top 5 players combined have a 58% chance of being the winner."
- From Bitcoin.com (31-1-2020):
"Creeping centralization doesn’t just manifest in defi protocols whose creators hold the master keys; it can also be seen in projects such as Pool Together, the lossless lottery platform, where whales have taken over. There is nothing illegal about major players gaming the system, nor does their doing so put user funds at risk. However, it serves to illustrate the ease with which the defi market can be manipulated – and how projects founded with good intentions can be hijacked by monopolies with little interest in fostering financial inclusion."
- PoolTogether is only distributing ~$140 for its weekly prize pool compared to the $1.1K prior to Black Thursday.
- From Our Network #7 (6-2-2020):
"Part of the growth in prize value is due to an increase in unique players (measured by unique Ethereum addresses in the pool). This has been increasing an average of 36% week over week. Part of the growth is also driven by an increase in the average deposit size. The later half of January saw more whales entering the pool driving up the average deposit size.
Total pool size broke $1 million Dai for the first time. Of this, ~$778,000 Dai is from player deposits and ~$250,000 Dai is sponsored."
- From Our Network #12 (12-3-2020):
"A major trend of 2020 is less tickets owned by whales and more tickets owned by smaller addresses. As of March 10th, 17% of all tickets are owned by accounts with less than 100 tickets. In contrast on January 31st only 5.44% of total tickets were owned by accounts with less than 100. During this period, the total pool size continued to increase."
- From Our Network (30-5-2020):
"The Argent Wallet recently launched a direct integration into the PoolTogether protocol. This provides a good data point in how improving ease of use can expand protocol usage. Net new users increased 240% in the 10 days after the launch of the Argent integration compared to the 14 days prior to the integration launch. This shows significant untapped demand once onboarding is improved."
- From Our Network #31 (25-7-2020):
"Despite lower yield rates creating smaller prizes, unique wallets has continued to grow and is just shy of 10,000."
- From Our Network #46 (6-11-2020):
"In the first 14 days, $1.4 million was deposited and $1.15 million is currently deposited. This is notably higher than the V2 protocol which never exceeded $900,000 in total user deposits. Total prizes awarded by the V3 protocol already exceed $13,000 in the first two weeks. In comparison, the V2 awarded $35,000 over the course of 14 months."
- From Our Network #66 (10-4-2021):
"The protocol currently has $155 million in total deposits. The largest prize pool is USDC with $63 million deposited followed by Dai with $52 million deposited."
Roadmap
- From this post by Token Tuesdays (22-1-2020):
"Additional Stablecoin Support
PoolTogether will soon incorporate prize pools for assets other than DAI including stablecoins like US Dollar Coin (USDC). USDC currently has 4x the market size of DAI, indicating there is a large opportunity for more capital to flow into PoolTogether pools. Similarly, USDC lending rates have been steadily rising, meaning more interest can be collected for prizes.
PoolTogether Pods
One of the few downsides to PoolTogether is that without significant capital, your chances at winning are fairly low. Pods would aid in this notion by allowing small groups to pool their tickets together, effectively increasing their chances at winning. In the event that a given Pod ticket were to win, the prize would be split pro-rate among all the Pod participants.
New Wallet Support
While PoolTogether supports most of the major Ethereum wallets (MetaMask, WalletConnect, Portis, Coinbase Wallet and Squarelink), it’s likely that additional wallet support opens new avenues for more pool participation. Similar to what we’re seeing with Multi-Collateral Dai’s integration with secondary exchanges like OKEx, it’s possible (custodian issues aside) that PoolTogether’s contracts *could* be leveraged by larger funds to further increase pool capacity."
Competition
Pros and Cons
Pros
Cons
Team, Funding, partners
Team
- Leighton Cusack — Co-founder and CEO
- The protocol is decentralized, though key contributors are public and confirm their roles.
Funding
- "The pool was originally seeded with $150,000 in sponsored Dai back in late December upon the introduction of MCD."
- PoolTogether makes money by directing 10% of the interest accrued to a team DAO.
- "The company is announcing (3-2-2020) a $1.05 million investment round under a simple agreement for future equity. IDEO CoLab Ventures led the round; ConsenSys and DTC Capital also invested."
- From Paradigm (12-2020):
"PoolTogether closed a funding round led by ParaFi Capital with participation from Nascent, Robot Ventures, MetaCartel, The LAO, Houbi DeFi Labs, and additional angels."
- Stani Kulechov; investor (30-1-2021).
Partners
- Partnered (29-2-2020) with Our Network.
- Partners with BarnBridge (11-2-2021).
(:
Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!
Making these free wiki pages is fun but takes a lot of effort and time.
If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.
ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31
Also check out CoinTr.ee for more content.