Security
How we protect your funds
1.Smart Contract Security
SpinPigs is built on battle-tested foundations:
- OpenZeppelin Contracts v5.4: Industry-standard libraries for Ownable, ReentrancyGuard, and Pausable patterns.
- Hardhat Testing: 119+ automated tests covering normal operations, edge cases, and attack vectors.
- Solidity 0.8.24: Built-in overflow/underflow protection, custom error types for gas efficiency.
- Checked Transfers: All 25 USDT transfers in the protocol use
require()to verify success.
2.Access Controls
Administrative functions are protected by strict access controls:
- Owner-Only Functions: Pause/unpause, emergency withdraw, configuration changes, and yield strategy management are restricted to the contract owner.
- Pausable (v13): The owner can pause all user-facing operations (join, pay, withdraw, leave) in case of emergency. Emergency functions (forceWithdraw, emergencyWithdraw) remain accessible even when paused.
- Rate Limiting (v13): 5-minute cooldown between group joins prevents spam and flash-loan attacks.
- Reentrancy Guard: All state-changing functions are protected against reentrancy attacks.
3.Aave V3 Integration Security
- Owned by CollateralManager: The AaveV3Strategy contract is owned by CollateralManager, not the admin wallet. Only the CollateralManager can supply or withdraw funds from Aave.
- Rounding Protection: The protocol tracks actual USDT balance changes (before/after) rather than intended amounts, preventing Aave V3 rounding issues from causing fund shortfalls.
- Supply Failure Handling: If an Aave supply fails, the event is logged (
StrategySupplyFailed) and funds remain in the CollateralManager — they are not lost.
4.Collateral Protection
- Locked Until Complete: Collateral is locked in the smart contract and cannot be withdrawn until all group obligations are fulfilled.
- Auto-Deduction: Missed payments are automatically covered from collateral, ensuring scheduled payouts are not affected.
- Position-Based Refunds: Excess collateral is refunded immediately after the lottery, based on remaining payment obligations.
- Leave Protection: Members can leave waiting groups for a full refund. Active group members cannot withdraw until the cycle completes.
5.Known Risks & Mitigations
| Risk | Status | Mitigation |
|---|---|---|
| Single-key ownership | Planned | Migration to Gnosis Safe multisig + timelock is the #1 priority |
| Aave V3 rounding | Fixed | Track actual balance changes, safety cap on final payout |
| Strategy drain | Fixed | AaveV3Strategy is onlyOwner (CollateralManager), not externally callable |
| Unchecked transfers | Fixed | All 25 USDT transfers use require() with success check |
| Flash loan attacks | Mitigated | Rate limiting (5-min cooldown) + ReentrancyGuard |
6.Audit Status
- Internal Audit: Completed February 2026. Covered access control, fund flow, reentrancy, rounding, and edge cases.
- External Audit: Planned for future phases as the protocol scales.
- Bug Bounty: Planned for future launch. In the meantime, please report vulnerabilities to support@spinpigs.com.
7.Verified Contracts on PolygonScan
All smart contracts are verified and open-source. Anyone can read the code directly on PolygonScan:
GroupManager (v13)
0xeE17893844a004f85e3EedC95d1F355F7E363ce6
CollateralManager (v13)
0x6a4E7d516011840D192dd689F7Efc32E03Cb31Fa
AaveV3Strategy (v13)
0xe08F4cF77Fc469E70e7380bd4ae8FC56641Ff331
8.Responsible Disclosure
If you discover a security vulnerability, please report it responsibly to support@spinpigs.com. Do not publicly disclose the vulnerability until we have had a chance to investigate and deploy a fix. We take all security reports seriously and will respond promptly.