# Security

{% hint style="info" %}
Your trust and peace of mind is critical to us: Polycat has been built ground-up with security in mind.
{% endhint %}

The Polycat team are experienced Solidity developers; you can rest assured that we have the knowledge and expertise to deliver secure and innovative products to the DeFi space!

​[Read more about our background, experience, and ethos](https://polycatfinance.medium.com/polycat-finance-our-first-adventure-on-polygon-86ecc876744a).

## 🕵️‍♀️ Audit <a href="#audit" id="audit"></a>

![You can find audits via the website UI at the top](https://1891945342-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma8wsRw8_KaTLhXkQHA%2F-Mg_eaF8o2kOTYsUGVeQ%2F-Mg_hCxCDZ6JggQ1eMrD%2Fimage.png?alt=media\&token=6c3fecf7-b4fd-4e02-b380-4bd41db10890)

**We have completed five audits so far: one by** [**TechRate**](https://github.com/TechRate/Smart-Contract-Audits/blob/main/Polycatfi%20Full%20Smart%20Contract%20Security%20Audit.pdf)**, two by** [**Obelisk**](https://obeliskauditing.com/) **(**[**I**](https://github.com/Tibereum/obelisk-audits/blob/main/Polycat.pdf) **&** [**II**](https://github.com/Tibereum/obelisk-audits/blob/main/Polycat%20AAVE%26Iron%20Vaults.pdf)**) and two by** [**Paladin**](https://paladinsec.co/) **(**[**I**](https://paladinsec.co/projects/polycat-finance-paw/) **&** [**II**](https://paladinsec.co/projects/polycat-finance-amm/)**)**

**Another two are in progress by** [**CertiK**](https://www.certik.org/projects/polycatfinance) **and** [**Obelisk**](https://obeliskauditing.com/)

## 👮‍♀️ Rugpull? No Chance! <a href="#rugpull-no-chance" id="rugpull-no-chance"></a>

Polycat was designed to be provably secure--please feel free to verify our source code. We have removed the commonly abused migrator code and added timelocks for full transparency and security.

**🚚 Migrator functions have been removed: no rugpulls here!**

* The Migrator is often used by malicious developers/hackers to steal users' funds.
* This is impossible on Polycat, as the migration capability has been completely removed from our code.

{% hint style="info" %}
This protects users against a rugpull, as well as hackers exploiting the smart contract to invoke the migrator function.
{% endhint %}

**⏳ Timelocks**

* Our timelock delay started at 3 hours and was upped to 6 hours. The plan is to eventually increase it to 12 and finally 24 hours.
* Timelocks prevent any unseen and immediate changes to the Polycat smart contracts. Changes are locked for a period of time and can be monitored publicly, alerting users to any changes.
* Without timelocks, malicious parties can modify smart contracts immediately, giving no warning to the users.

{% hint style="info" %}
If a change is queued in the timelock and you disagree with it, you then have a period of time to withdraw your funds and alert others before the changes are pushed through.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.polycat.finance/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.