diff --git a/contracts/pools/erc20.sol b/contracts/pools/erc20.sol
index c43c319..6b1c0a1 100644
--- a/contracts/pools/erc20.sol
+++ b/contracts/pools/erc20.sol
@@ -9,7 +9,6 @@ import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
 import { DSMath } from "../libs/safeMath.sol";
 
 interface AccountInterface {
-  function enable(address authority) external;
   function isAuth(address) external view returns(bool);
   function cast(address[] calldata _targets, bytes[] calldata _datas, address _origin) external payable;
 }
@@ -22,8 +21,8 @@ interface IndexInterface {
 interface RegistryInterface {
   function chief(address) external view returns (bool);
   function poolLogic(address) external returns (address);
-  function poolCap(address) external view returns (uint);
   function insureFee(address) external view returns (uint);
+  function withdrawalFee(address) external view returns (uint);
   function isDsa(address, address) external view returns (bool);
 }
 
@@ -38,7 +37,7 @@ contract PoolToken is ReentrancyGuard, DSMath, ERC20Pausable {
     event LogExchangeRate(uint exchangeRate, uint tokenBalance, uint insuranceAmt);
     event LogSettle(uint settleTime);
     event LogDeposit(uint depositAmt, uint poolMintAmt);
-    event LogWithdraw(uint withdrawAmt, uint poolBurnAmt);
+    event LogWithdraw(uint withdrawAmt, uint poolBurnAmt, uint feeAmt);
     event LogAddInsurance(uint amount);
     event LogPausePool(bool);
 
@@ -118,7 +117,6 @@ contract PoolToken is ReentrancyGuard, DSMath, ERC20Pausable {
 
     function deposit(uint tknAmt) external whenNotPaused payable returns(uint) {
       uint _newTokenBal = add(tokenBalance, tknAmt);
-      require(_newTokenBal <= registry.poolCap(address(this)), "deposit-cap-reached");
 
       baseToken.safeTransferFrom(msg.sender, address(this), tknAmt);
       uint _mintAmt = wmul(tknAmt, exchangeRate);
@@ -144,14 +142,22 @@ contract PoolToken is ReentrancyGuard, DSMath, ERC20Pausable {
 
       _burn(msg.sender, _burnAmt);
 
+      uint _withdrawalFee = registry.withdrawalFee(address(this));
+      uint _feeAmt;
+      if (_withdrawalFee > 0) {
+        _feeAmt = wmul(_tknAmt, _withdrawalFee);
+        insuranceAmt = add(insuranceAmt, _feeAmt);
+        _tknAmt = sub(_tknAmt, _feeAmt);
+      }
+
       baseToken.safeTransfer(to, _tknAmt);
 
-      emit LogWithdraw(tknAmt, _burnAmt);
+      emit LogWithdraw(tknAmt, _burnAmt, _feeAmt);
     }
 
     function addInsurance(uint tknAmt) external {
       baseToken.safeTransferFrom(msg.sender, address(this), tknAmt);
-      insuranceAmt += tknAmt;
+      insuranceAmt = add(insuranceAmt, tknAmt);
       emit LogAddInsurance(tknAmt);
     }
 
diff --git a/contracts/pools/eth.sol b/contracts/pools/eth.sol
index 1ce8460..35fbd53 100644
--- a/contracts/pools/eth.sol
+++ b/contracts/pools/eth.sol
@@ -9,7 +9,7 @@ import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
 import { DSMath } from "../libs/safeMath.sol";
 
 interface AccountInterface {
-  function enable(address authority) external;
+  function isAuth(address) external view returns(bool);
   function cast(address[] calldata _targets, bytes[] calldata _datas, address _origin) external payable;
 }
 
@@ -21,8 +21,8 @@ interface IndexInterface {
 interface RegistryInterface {
   function chief(address) external view returns (bool);
   function poolLogic(address) external returns (address);
-  function poolCap(address) external view returns (uint);
   function insureFee(address) external view returns (uint);
+  function withdrawalFee(address) external view returns (uint);
   function isDsa(address, address) external view returns (bool);
 }
 
@@ -37,7 +37,7 @@ contract PoolToken is ReentrancyGuard, ERC20Pausable, DSMath {
   event LogExchangeRate(uint exchangeRate, uint tokenBalance, uint insuranceAmt);
   event LogSettle(uint settleTime);
   event LogDeposit(uint depositAmt, uint poolMintAmt);
-  event LogWithdraw(uint withdrawAmt, uint poolBurnAmt);
+  event LogWithdraw(uint withdrawAmt, uint poolBurnAmt, uint feeAmt);
   event LogAddInsurance(uint amount);
   event LogPausePool(bool);
 
@@ -66,6 +66,7 @@ contract PoolToken is ReentrancyGuard, ERC20Pausable, DSMath {
 
   function deploy(address _dsa, address token, uint amount) external isChief {
     require(registry.isDsa(address(this), _dsa), "not-autheticated-dsa");
+    require(AccountInterface(_dsa).isAuth(address(this)), "token-pool-not-auth"); 
     if (token == address(0)) {
       payable(_dsa).transfer(amount);
     } else {
@@ -101,9 +102,11 @@ contract PoolToken is ReentrancyGuard, ERC20Pausable, DSMath {
 
   function settle(address _dsa, address[] calldata _targets, bytes[] calldata _datas, address _origin) external isChief {
     require(registry.isDsa(address(this), _dsa), "not-autheticated-dsa");
+    AccountInterface dsaWallet = AccountInterface(_dsa);
     if (_targets.length > 0 && _datas.length > 0) {
-      AccountInterface(_dsa).cast(_targets, _datas, _origin);
+      dsaWallet.cast(_targets, _datas, _origin);
     }
+    require(dsaWallet.isAuth(address(this)), "token-pool-not-auth"); 
     setExchangeRate();
 
     emit LogSettle(block.timestamp);
@@ -112,7 +115,6 @@ contract PoolToken is ReentrancyGuard, ERC20Pausable, DSMath {
   function deposit(uint tknAmt) public whenNotPaused payable returns(uint) {
     require(tknAmt == msg.value, "unmatched-amount");
     uint _newTokenBal = add(tokenBalance, msg.value);
-    require(_newTokenBal <= registry.poolCap(address(this)), "deposit-cap-reached");
 
     uint _mintAmt = wmul(msg.value, exchangeRate);
     _mint(msg.sender, _mintAmt);
@@ -137,9 +139,17 @@ contract PoolToken is ReentrancyGuard, ERC20Pausable, DSMath {
 
     _burn(msg.sender, _burnAmt);
 
+    uint _withdrawalFee = registry.withdrawalFee(address(this));
+    uint _feeAmt;
+    if (_withdrawalFee > 0) {
+      _feeAmt = wmul(_tknAmt, _withdrawalFee);
+      insuranceAmt = add(insuranceAmt, _feeAmt);
+      _tknAmt = sub(_tknAmt, _feeAmt);
+    }
+
     payable(to).transfer(_tknAmt);
 
-    emit LogWithdraw(tknAmt, _burnAmt);
+    emit LogWithdraw(tknAmt, _burnAmt, _feeAmt);
   }
 
   function addInsurance(uint tknAmt) external payable {
diff --git a/contracts/registry.sol b/contracts/registry.sol
index 25d90d5..94fb1b3 100644
--- a/contracts/registry.sol
+++ b/contracts/registry.sol
@@ -14,10 +14,10 @@ contract Registry {
   event LogRemoveChief(address indexed chief);
   event LogAddSigner(address indexed signer);
   event LogRemoveSigner(address indexed signer);
-  event LogSwitchPool(address pool, bool poolState);
-  event LogUpdatePoolCap(address pool, uint newCap);
+  event LogUpdatePool(address pool, bool poolState);
   event LogUpdatePoolLogic(address pool, address newLogic);
   event LogUpdateInsureFee(address pool, uint newFee);
+  event LogUpdateWithdrawalFee(address pool, uint newFee);
   event LogAddPool(address indexed token, address indexed pool);
   event LogRemovePool(address indexed token, address indexed pool);
   event LogNewDSA(address indexed pool, address indexed dsa);
@@ -32,8 +32,9 @@ contract Registry {
   mapping (address => address) public poolLogic;
   mapping (address => uint) public poolCap;
   mapping (address => uint) public insureFee;
-  mapping (address => mapping(address => bool)) public isDsa; // Pool => DSA address => true/false
-  mapping (address => address[]) public dsaArr; // Pool => all dsa in array
+  mapping (address => uint) public withdrawalFee;
+  mapping (address => mapping(address => bool)) public isDsa; // pool => dsa => bool
+  mapping (address => address[]) public dsaArr; // pool => all dsa in array
 
   modifier isMaster() {
     require(msg.sender == instaIndex.master(), "not-master");
@@ -117,16 +118,13 @@ contract Registry {
     emit LogRemovePool(token, poolAddr);
   }
 
-  function switchPool(address _pool) external isMaster {
+  /**
+    * @dev enable / disable pool
+    * @param _pool pool address
+  */
+  function updatePool(address _pool) external isMaster {
     isPool[_pool] = !isPool[_pool];
-    emit LogSwitchPool(_pool, isPool[_pool]);
-  }
-
-  function updatePoolCap(address _pool, uint _newCap) external isMaster {
-    require(isPool[_pool], "not-pool");
-    require(poolCap[_pool] != _newCap, "same-pool-cap");
-    poolCap[_pool] = _newCap;
-    emit LogUpdatePoolCap(_pool, _newCap);
+    emit LogUpdatePool(_pool, isPool[_pool]);
   }
 
   function updatePoolLogic(address _pool, address _newLogic) external isMaster {
@@ -145,13 +143,18 @@ contract Registry {
     emit LogUpdateInsureFee(_pool, _newFee);
   }
 
+  function updateWithdrawalFee(address _pool, uint _newFee) external isMaster {
+    require(isPool[_pool], "not-pool");
+    require(_newFee < 1 * 10 ** 16, "withdrawal-fee-limit-reached");
+    require(withdrawalFee[_pool] != _newFee, "same-pool-fee");
+    withdrawalFee[_pool] = _newFee;
+    emit LogUpdateWithdrawalFee(_pool, _newFee);
+  }
+
   function addDsa(address _pool, address _dsa) external isMaster {
     require(isPool[_pool], "not-pool");
-    if (_dsa == address(0)) {
-      _dsa = instaIndex.build(_pool, 1, address(this));
-    }
+    if (_dsa == address(0)) _dsa = instaIndex.build(_pool, 1, address(this));
     isDsa[_pool][_dsa] = true;
-
     dsaArr[_pool].push(_dsa);
     emit LogNewDSA(_pool, _dsa);
   }