Snuggle is an automated yield platform that helps you earn trading fees from your crypto. Deposit Bitcoin, ETH, or stablecoins, and Snuggle's smart rebalancing technology optimizes your position to maximize fee earnings while minimizing losses.

How much can I earn with Snuggle?

Returns vary based on market conditions and your chosen settings. Historical backtests have shown monthly returns of 10%+ in certain market conditions. Use our free backtest simulator to see projected returns based on real historical data. Past performance does not guarantee future results.

Is my crypto safe with Snuggle?

Your crypto is held in Snuggle's smart contract vault, not in our possession—we cannot access or move your funds. Only you can withdraw your position. Our contracts have undergone a comprehensive security review. Like all DeFi protocols, there are inherent risks including smart contract risk, market risk, and impermanent loss.

What makes Snuggle different from other LP managers?

Traditional LP rebalancers swap your tokens at the worst possible moment—right after extreme price moves. Snuggle uses a "no-swap" strategy that repositions your liquidity without trading, saving you 1-2% on every rebalance.

Can I withdraw anytime?

Yes, absolutely. There are no lockups, no exit fees, and no waiting periods. Your crypto is always accessible, and you can withdraw your full position plus all earned fees at any time.

Security

Transparency about how we protect your funds

SECURITY AUDIT STATUS

V30 Comprehensive Security Audit Complete

Latest audit: February 16, 2026 — 22 Solidity files, ~6,500 lines reviewed

Critical

High

Medium

Low (Accepted)

448+

Tests Passing

Audit Iterations

Contracts Deployed

🏗️ Architectural Security

Snuggle's architecture eliminates entire classes of DeFi attacks by design, not just by adding guards.

Zero-Swap Design

No token swaps during rebalances. This eliminates MEV extraction, sandwich attacks, and slippage — the most costly vulnerability class in DeFi ($1.2B+ in 2024 alone).

Per-User NFT Positions

Each user owns their own concentrated liquidity NFT. No shared pool, no exchange rate to manipulate. Eliminates the entire class of ERC-4626 vault attacks (inflation, donation, rounding).

TWAP Hard Revert

The protocol NEVER falls back to manipulable spot prices. Unlike protocols that caused $52M+ in oracle manipulation losses in 2024, Snuggle reverts on TWAP failure.

🧪 Testing Methodology

Our smart contracts undergo rigorous multi-layered testing to ensure reliability and security.

448+

Unit & Fork Tests

Comprehensive test coverage for all contract functions and edge cases

Invariant Tests

Property-based tests verifying critical security properties hold under any operation sequence

40K+

Randomized Calls

Invariant tests execute ~40,000 randomized function calls to find edge cases

Invariants Verified

✓ Performance fees never exceed 50% maximum

✓ Referral fees never exceed protocol fees

✓ Position range widths stay within bounds

✓ Rebalance delays stay within 0-7d limits

✓ Treasury is set when fees are active

✓ Tick ranges are always valid

✓ Position ownership remains consistent

✓ Fee rate changes respect ±500 bps / 6h cooldown

✓ Deposit timestamps are valid

✓ Internal accounting matches expected state

🛡️ Exploit Resistance

Verified against known DeFi attack vectors from 2024-2026 ($2B+ in losses analyzed).

✓

Reentrancy: nonReentrant on all entry points + read-only reentrancy flags

✓

Oracle Manipulation: TWAP with hard revert — never falls back to spot price

✓

Flash Loan Attacks: 1-minute hold time + TWAP oracle (not manipulable in single block)

✓

MEV / Sandwich: Zero-swap architecture — no swaps means nothing to sandwich

✓

First-Depositor Inflation: Per-user NFT positions — no shared vault to inflate

✓

Donation Attacks: No ERC-4626 exchange rate to manipulate

✓

Access Control: Ownable2Step + onlyVault + onlyAuthorized on all admin functions

✓

Proxy Storage Collision: EIP-1967 + OpenZeppelin TransparentUpgradeableProxy + __gap[39]

🔍 About Our Security Audits

Our smart contracts have undergone 30 audit iterations using industry-standard methodologies including OWASP Smart Contract Top 10 (2026), EEA EthTrust Security Levels V3 (88 requirements), SWC Registry (SWC-100 through SWC-136), and analysis of 15+ major DeFi exploits from 2024-2026 totaling $2B+ in losses.

The methodology is informed by Trail of Bits, OpenZeppelin, Cyfrin, and Spearbit audit frameworks. All 22 Solidity files (~6,500 lines) have been reviewed line-by-line across multiple iterations with progressive remediation of all identified issues.

Transparency Note: These audits were conducted using AI security analysis tools, not a traditional third-party audit firm. While the methodology is rigorous and comprehensive, we plan to commission a brand-name security firm audit as the protocol grows. Always do your own research and only deposit what you can afford to lose.

Security Features Implemented

Zero-Swap Design

No token swaps during rebalances — eliminates MEV, sandwich attacks, and slippage

Per-User NFT Positions

Each user owns their own LP NFT — no shared vault, no inflation attacks

TWAP Oracle (Hard Revert)

5-minute TWAP with no spot price fallback — prevents oracle manipulation

ReentrancyGuard

All state-changing functions protected against reentrancy attacks

Ownable2Step

Two-step ownership transfer prevents accidental lockout across all contracts

Fee Rate Limiting

Fees can only change ±5% per 6 hours — 42 hours minimum to reach max

24h Timelocks

Treasury and staking manager changes require 24-hour timelock

Pausable

Emergency stop capability for incident response

SafeERC20

Safe token transfer patterns for all ERC20 operations

Flash Loan Protection

1-minute minimum hold time prevents flash loan exploits

Position Limits

Configurable limits prevent gas griefing (500/user, 100K total)

Read-Only Reentrancy Protection

Withdrawal flags in reward adapters prevent view function exploits

Audit Reports

Deployed Contracts (Base Mainnet)

All 16 contracts verified on BaseScan — compiled with solc 0.8.33, deterministic via_ir builds

Contract	Address	Purpose
SnuggleVault (Proxy)	0xd3923bec...d16b7470	Main vault - user deposits and positions
SnuggleVault Implementation	0x02415b4e...2d0224c0	Upgradeable logic contract
ProxyAdmin	0x269dc2f9...2dcca86f	Upgrade administration
AdminSatellite	0x5a332caa...efe4d271	Pool configuration and admin operations
StakingManager	0x3f928dc8...cca270c1	Gauge staking, fee compounding, and performance fees
FeeTransferHelper	0x613ba880...be28b1f3	Phantom pool for vault-to-user ERC20 transfers
ReferralTracker	0x2536a771...0f68d9ee	On-chain referral earnings tracking
ViewHelper	0x29802800...cc976a1c	Read-only view functions
KeepersHelper V3	0x60431B5b...2f563345	Chainlink Automation with auto-distribute
TreasurySplitter	0x93d0d121...4ea9ec12	Fee splitting between treasuries
UniswapV3Adapter	0xf757c964...08f33010	Uniswap V3 position management
AerodromePositionAdapter	0xe3efa782...48f79589	Aerodrome CL position management
AerodromeRewardAdapter	0xcb16cb2c...c8d77306	Aerodrome gauge staking and rewards
PancakeSwapPositionAdapter	0x0c0ba0b8...851b39e5	PancakeSwap V3 position management
PancakeSwapRewardAdapter	0x63de143e...5918b1cf	PancakeSwap MasterChef staking and rewards
SnuggleRebalanceLib	0xf84b575e...c11dcddc	Rebalance logic library

🐛 Report a Security Issue

Found a vulnerability? We take security seriously and appreciate responsible disclosure. Reach out to us through any of these channels:

📧 Email 𝕏 Twitter 💬 Discord ✈️ Telegram

Future Security Plans

○Commission audit from recognized security firm (Trail of Bits, OpenZeppelin, etc.)
○Launch formal bug bounty program with rewards
○Add multi-sig requirement for protocol upgrades

Important: Despite our security measures, all DeFi protocols carry inherent risks. Smart contract bugs, economic exploits, and unforeseen vulnerabilities can result in loss of funds. Never deposit more than you can afford to lose. Please read our full risk disclosure before using Snuggle.

Security

V30 Comprehensive Security Audit Complete

🏗️ Architectural Security

Zero-Swap Design

Per-User NFT Positions

TWAP Hard Revert

🧪 Testing Methodology

Unit & Fork Tests

Invariant Tests

Randomized Calls

Invariants Verified

🛡️ Exploit Resistance

🔍 About Our Security Audits

Security Features Implemented

Zero-Swap Design

Per-User NFT Positions

TWAP Oracle (Hard Revert)

ReentrancyGuard

Ownable2Step

Fee Rate Limiting

24h Timelocks

Pausable

SafeERC20

Flash Loan Protection

Position Limits

Read-Only Reentrancy Protection

Audit Reports

V30 Comprehensive Security Audit

V28 Security Audit Report

V7 Final Security Audit - Post-Remediation

Deployed Contracts (Base Mainnet)

🐛 Report a Security Issue

Future Security Plans