How to deploy PolyBot correctly, keep your funds safe, evaluate performance honestly, and avoid the common mistakes that trip up new users.
Running PolyBot on a personal computer means downtime whenever you close the lid or restart. A cheap VPS keeps the bot running 24/7 — critical for Snipe Mode and Arb-First strategies where missed windows can't be recovered.
Always choose Ubuntu 22.04 LTS as your server OS. It's officially supported, has the longest security update window, and all PolyBot documentation is written with Ubuntu commands. After provisioning:
## Initial VPS setup (run as root or with sudo) # Update packages apt update && apt upgrade -y # Install Docker curl -fsSL https://get.docker.com | sh # Add your user to docker group usermod -aG docker $USER # Install Docker Compose v2 apt install docker-compose-plugin -y # Verify docker --version && docker compose version
Your VPS holds the private key that authorises trades on your Polymarket account. Treat it like a server that holds financial credentials — because it is.
The single most important hardening step: disable password authentication and use SSH keys only. Brute-force attacks on servers with password auth are continuous and relentless.
# On your LOCAL machine — copy public key to VPS ssh-keygen -t ed25519 -C "polybot-vps" ssh-copy-id -i ~/.ssh/id_ed25519.pub user@your-vps-ip # On the VPS — disable password auth sudo nano /etc/ssh/sshd_config # Set: PasswordAuthentication no # Set: PubkeyAuthentication yes sudo systemctl restart sshd
Only expose the two ports you actually need: SSH (22) and the PolyBot dashboard (8080). Block everything else by default.
sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow 22/tcp # SSH sudo ufw allow 8080/tcp # PolyBot dashboard sudo ufw enable sudo ufw status
For maximum security, restrict dashboard access to your personal IP only: sudo ufw allow from YOUR_IP to any port 8080. This prevents anyone else from reaching the dashboard even if they discover your VPS IP.
sudo apt install fail2ban -y sudo systemctl enable fail2ban --now # Default config blocks IPs after 5 failed SSH attempts
Never store your wallet private key in plaintext in a publicly readable location. Keep it in your .env file with strict permissions:
chmod 600 .env # owner read/write only chown $USER:$USER .env
How you size positions has a larger impact on long-term survival than almost any other factor. Too large and a losing streak wipes you out. Too small and you can't compound meaningfully.
When you're starting out, never risk more than 2% of your total bot balance on a single trade. With $200 in your bot wallet, that's $4 per trade. This gives you 50 consecutive losing trades before a 100% loss — enough to observe the strategy's true behaviour over a statistically valid sample.
Once you have 100+ trade history and a reliable win rate estimate, switch to Kelly sizing. PolyBot implements ¼ Kelly by default — the full Kelly fraction divided by 4, which significantly reduces variance while maintaining most of the growth rate. Configure it in config.yml:
# config.yml sizing_mode: kelly kelly_fraction: 0.25 # 1/4 Kelly — recommended max_position_pct: 0.10 # Hard cap: never more than 10% in one trade min_position_usdc: 2.00 # Minimum useful position size after fees
Start with $50–$100. Run Paper Mode for a week to see the strategy in action. Switch to live with $50. Scale up to $100, then $200, then $500 — only once you're comfortable with how the bot behaves in adverse market conditions. There's no rush. Prediction markets will always be there.
A bot running unsupervised can amplify problems if left unchecked. Build a lightweight monitoring routine from day one.
Spend 2 minutes each morning reviewing: current balance vs. yesterday, number of trades placed overnight, any Kill Switch events, and Telegram alert history. The dashboard Home tab shows all of this at a glance.
Set up Telegram alerts to notify you on every trade, every Kill Switch trigger, and every daily loss limit hit. This way you're informed of unusual behaviour without babysitting the dashboard:
# In .env TELEGRAM_TOKEN=your-bot-token TELEGRAM_CHAT_ID=your-chat-id TELEGRAM_ALERT_ON_TRADE=true TELEGRAM_ALERT_ON_KILL_SWITCH=true TELEGRAM_ALERT_ON_LOSS_LIMIT=true TELEGRAM_MIN_TRADE_SIZE_ALERT=5 # Only notify on trades ≥ $5
Use a free uptime monitoring service (UptimeRobot, BetterUptime) to ping your VPS every 5 minutes. If it goes down, you get an immediate email or Telegram alert. Set the monitored URL to http://your-vps-ip:8080/health — PolyBot exposes a health endpoint that returns HTTP 200 when running correctly.
# Test the health endpoint
curl http://your-vps-ip:8080/health
# Expected: {"status":"ok","version":"2.4.0","mode":"live"}
Evaluating a trading bot after 5 trades is like judging a poker player after 5 hands. The sample size is meaningless. Here's how to evaluate performance correctly.
You need a minimum of 50–100 trades before drawing any conclusions about a strategy's edge. With fewer trades, random variance dominates and a "winning" strategy can look terrible, and vice versa. Be patient.
Win rate alone is misleading. A bot winning 70% of trades but losing 5× on each loss is a losing strategy. Focus on:
Drawdowns are an inevitable part of any trading strategy — even consistently profitable ones. The key questions when you're in a drawdown are:
Docker handles most of the 24/7 reliability concern, but there are a few extra steps to ensure the bot survives VPS reboots and network interruptions.
# docker-compose.yml — ensure restart policy is set
services:
polybot:
image: polybotme/polybot:latest
restart: unless-stopped # ← auto-restarts on crash/reboot
env_file: .env
ports:
- "8080:8080"
volumes:
- ./config.yml:/app/config.yml
- ./data:/app/data # persists trade history
sudo systemctl enable docker
With both restart: unless-stopped and Docker enabled on boot, PolyBot will automatically resume after any VPS reboot — no manual intervention needed.
Create a separate wallet exclusively for PolyBot trading. Never use your primary wallet that holds significant savings, NFTs, or other assets. This way, even in the worst case — if your VPS were compromised — the attacker can only access the dedicated trading wallet's Polymarket balance.
Polygon transactions require POL (formerly MATIC) for gas fees. Keep at least 0.5–1 POL in your trading wallet at all times. At current gas prices, 1 POL covers thousands of transactions. Top up when the balance drops below 0.2 POL — the Telegram alerts system can notify you when the gas balance is low (Dashboard → Settings → Notifications → "Alert on low POL balance").
Knowing when to pause is as important as knowing how to run. Pause PolyBot in these situations:
# Pause the bot instantly (cancels open orders) # Click Kill Switch in dashboard, OR via CLI: docker exec polybot polybot kill-switch # Switch to Paper Mode without full restart docker exec polybot polybot set-mode paper
Before going live with real capital, confirm every item below. Print this or copy it into your notes app.
Infrastructure
restart: unless-stopped set in docker-compose.ymlsystemctl enable docker)Configuration
CHAIN_ID=137 confirmed in .env.env file permissions set to 600Validation
/health returns HTTP 200Go-Live
PAPER_MODE=false in .env and restart botOnce all checklist items are complete, your bot is running safely. Check in daily for the first week, then step back and let it work. Remember: evaluate performance only after 50+ trades.