Security
Pool Party is a self-custodial DeFi platform on Base. Your funds stay in your own wallet until you deposit them into a strategy smart contract, and every deposit, position, and withdrawal is on-chain and publicly verifiable. This page states plainly what that protects you from, what it does not, and how to verify things for yourself.
Self-custodial by design
Pool Party never takes custody of your assets. There is no deposit account, no internal balance, and no employee who can move, freeze, or seize your funds. You connect your own wallet, you sign every transaction, and positions are held by smart contracts you interact with directly. If pool-party.xyz went offline tomorrow, your positions would remain yours on-chain.
What self-custody does not remove
Self-custody removes counterparty custody risk. It does not remove smart contract risk (code can have bugs), market risk (token prices move, impermanent loss is real), or key risk (whoever holds your seed phrase holds your funds). Honest security means naming all three, not promising they are gone.
Audits
Our policy is simple: we only badge an audit we can link. Each published audit report will be listed on this page with the auditor's name, the report date, a link to the full report, and the audited contract addresses with BaseScan links. If a report is not listed here yet, do not assume coverage. Treat that as the current state and size your positions accordingly.
Admin keys and upgrades
Who can upgrade a contract matters as much as the audit. We will document the admin-key and upgrade model for each contract on this page (who holds keys, whether a multisig or timelock applies) alongside its address. Until an address and its model are published here, verify the contract you are interacting with directly on BaseScan.
How to verify for yourself
- Check the contract on BaseScan before depositing: verified source code, holders, and transaction history are public.
- Only use the app at app.pool-party.xyz, reached from pool-party.xyz. Bookmark it. Phishing clones of DeFi apps are common.
- No one from Pool Party will ever ask for your seed phrase or private key, in DMs or anywhere else. Anyone who does is a scammer.
- Read the risk disclaimer before committing funds.
Report a vulnerability
If you believe you have found a security issue, report it privately. Reach the team through GitHub or the moderators in our Discord. Please do not disclose publicly before we have had a chance to respond.