PoolTogether's protocol is upgradeable via a 2-of-N multisig admin contract with no timelock. The key is capable of modifying critical parts of the smart contract ecosystem and can be used to drain funds if used maliciously.

Is the security of user funds dependent on opsec of admin key?

Yes ⚠️

Current Admin Key Config

Timelock: None ⚠️ Multisig: 2-of-N (Gnosis multisig contract)

Claimed Admin Key OpSec


Verified Admin Key OpSec

Unverifiable ⚠️

Admin Key Address


More Info & Documentation

Open Zeppelin Audit Disclosures Open Zeppelin Audit Summary