# Contract upgrades, admin keys, hacks & exploits

* TaaE tokens have fixed scope and duration.&#x20;
* Every phase change, from bootstrap, distribution and redemption is one-way with predictable timing.&#x20;
* The final state of the system is that hodlers receive rewards and slowly drop out to the underlying asset as a one-way move, or hold a frozen asset indefinitely if they choose to.&#x20;
* Every new token event requires a new Trust with its own lifecycle.&#x20;
* If a vulnerability is found in a version of the Trust the theoretical maximum damage of an exploit is capped at the current locked reserve across the pool and token across vulnerableTrust contracts.&#x20;
* By versioning and newly deploying Trust contracts, any fix to a discovered exploit will be available for all new Trust contracts after that point. There are no admin keys as the Trust performs all administrative tasks on the child contracts.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.polygen.io/more-info/technical-documentation/contract-upgrades-admin-keys-hacks-and-exploits.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.