MaxFiMaxFi

Security

Transparency about how we protect your funds

SECURITY AUDIT STATUS

Comprehensive Security Review Complete

Last audit: February 2026 (V11)

0
Critical
0
High
0
Medium
2
Low (Accepted)
280+
Tests Passing
10
Audit Iterations
8
Contracts Deployed

🧪 Testing Methodology

Our smart contracts undergo rigorous multi-layered testing to ensure reliability and security.

280+

Unit Tests

Comprehensive test coverage for all contract functions and edge cases

10

Invariant Tests

Property-based tests verifying critical security properties hold under any operation sequence

40K+

Randomized Calls

Invariant tests execute ~40,000 randomized function calls to find edge cases

Invariants Verified

Protocol fees never exceed 1% maximum
Referral fees never exceed protocol fees
Position range widths stay within bounds
Rebalance delays stay within 1h-7d limits
Treasury is set when fees are active
Tick ranges are always valid
Position ownership remains consistent
Position count tracking is accurate
Deposit timestamps are valid
Internal accounting matches expected state

🔍 About Our Security Audits

Our smart contracts have undergone comprehensive AI-assisted security review using industry-standard methodologies including OWASP Smart Contract Top 10, Trail of Bits security patterns, and analysis of historical DeFi exploits.

The audit process included 10 iterations with progressive remediation of all identified issues. All HIGH and MEDIUM severity findings have been addressed and verified.

Transparency Note: These audits were conducted using AI security analysis tools, not a traditional third-party audit firm. While the methodology is rigorous and comprehensive, we plan to commission a brand-name security firm audit as the protocol grows. Always do your own research and only deposit what you can afford to lose.

Security Features Implemented

ReentrancyGuard

All state-changing functions protected against reentrancy attacks

Checks-Effects-Interactions

Storage updates before external calls to prevent exploits

Ownable2Step

Two-step ownership transfer prevents accidental lockout

Pausable

Emergency stop capability for incident response

SafeERC20

Safe token transfer patterns for all ERC20 operations

TWAP Oracle

5-minute price oracle prevents manipulation attacks

Flash Loan Protection

1-minute minimum hold time prevents flash loan exploits

Position Limits

Configurable limits prevent gas griefing (500/user, 100K total)

Read-Only Reentrancy Protection

Withdrawal flags in adapters prevent view function exploits

Audit Reports

Deployed Contracts (Base Mainnet)

Verify our contracts on BaseScan

ContractAddress
SnuggleVault (Proxy)0x43Ca8D32...2743F043
SnuggleVault Implementation0xdF20301c...bab52683
StakingManager0xee0800c2...D82A9e1e
ReferralTracker0x0fBC7CF5...6a0Fae73
ViewHelper0xD9F052d6...dcba9C74
KeepersHelper V20xCa649fEC...F3e5aF1C
AdminSatellite0x802bE184...7800347d
ProxyAdmin0xeE6D49EE...fc29262A

🐛 Report a Security Issue

Found a vulnerability? We take security seriously and appreciate responsible disclosure. Reach out to us through any of these channels:

📧 Email𝕏 Twitter💬 Discord✈️ Telegram

Future Security Plans

  • Commission audit from recognized security firm (Trail of Bits, OpenZeppelin, etc.)
  • Launch formal bug bounty program with rewards
  • Implement time-locked admin functions
  • Add multi-sig requirement for protocol upgrades

Important: Despite our security measures, all DeFi protocols carry inherent risks. Smart contract bugs, economic exploits, and unforeseen vulnerabilities can result in loss of funds. Never deposit more than you can afford to lose. Please read our full risk disclosure before using MaxFi.