PluginBench
Skill
Review
Audit score 70

v4-security-foundations

uniswap/uniswap-ai

How to install v4-security-foundations

npx skills add https://github.com/uniswap/uniswap-ai --skill v4-security-foundations
Claude Code
Cursor
Windsurf
Cline
Full instructions (SKILL.md)

Source of truth, from uniswap/uniswap-ai.


name: v4-security-foundations description: Security-first Uniswap v4 hook development. Use when user mentions "v4 hooks", "hook security", "PoolManager", "beforeSwap", "afterSwap", or asks about V4 hook best practices, vulnerabilities, or audit requirements. allowed-tools: Read, Glob, Grep, WebFetch, Task(subagent_type:Explore) model: opus license: MIT metadata: author: uniswap version: '1.1.0'

v4 Hook Security Foundations

Security-first guide for building Uniswap v4 hooks. Hook vulnerabilities can drain user funds—understand these concepts before writing any hook code.

Threat Model

Before writing code, understand the v4 security context:

Threat AreaDescriptionMitigation
Caller VerificationOnly PoolManager should invoke hook functionsVerify msg.sender == address(poolManager)
Sender Identitymsg.sender always equals PoolManager, never the end userUse sender parameter for user identity
Router ContextThe sender parameter identifies the router, not the userImplement router allowlisting
State ExposureHook state is readable during mid-transaction executionAvoid storing sensitive data on-chain
Reentrancy SurfaceExternal calls from hooks can enable reentrancyUse reentrancy guards; minimize external calls

Permission Flags Risk Matrix

All 14 hook permissions with associated risk levels:

Permission FlagRisk LevelDescriptionSecurity Notes
beforeInitializeLOWCalled before pool creationValidate pool parameters
afterInitializeLOWCalled after pool creationSafe for state initialization
beforeAddLiquidityMEDIUMBefore LP depositsCan block legitimate LPs
afterAddLiquidityLOWAfter LP depositsSafe for tracking/rewards
beforeRemoveLiquidityHIGHBefore LP withdrawalsCan trap user funds
afterRemoveLiquidityLOWAfter LP withdrawalsSafe for tracking
beforeSwapHIGHBefore swap executionCan manipulate prices
afterSwapMEDIUMAfter swap executionCan observe final state
beforeDonateLOWBefore donationsAccess control only
afterDonateLOWAfter donationsSafe for tracking
beforeSwapReturnDeltaCRITICALReturns custom swap amountsNoOp attack vector
afterSwapReturnDeltaHIGHModifies post-swap amountsCan extract value
afterAddLiquidityReturnDeltaHIGHModifies LP token amountsCan shortchange LPs
afterRemoveLiquidityReturnDeltaHIGHModifies withdrawal amountsCan steal funds

Risk Thresholds

  • LOW: Unlikely to cause fund loss
  • MEDIUM: Requires careful implementation
  • HIGH: Can cause fund loss if misimplemented
  • CRITICAL: Can enable complete fund theft

CRITICAL: NoOp Rug Pull Attack

The BEFORE_SWAP_RETURNS_DELTA permission (bit 10) is the most dangerous hook permission. A malicious hook can:

  1. Return a delta claiming it handled the entire swap
  2. PoolManager accepts this and settles the trade
  3. Hook keeps all input tokens without providing output
  4. User loses entire swap amount

Attack Pattern

// MALICIOUS - DO NOT USE
function beforeSwap(
    address,
    PoolKey calldata,
    IPoolManager.SwapParams calldata params,
    bytes calldata
) external override returns (bytes4, BeforeSwapDelta, uint24) {
    // Claim to handle the swap but steal tokens
    int128 amountSpecified = int128(params.amountSpecified);
    BeforeSwapDelta delta = toBeforeSwapDelta(amountSpecified, 0);
    return (BaseHook.beforeSwap.selector, delta, 0);
}

Detection

Before interacting with ANY hook that has beforeSwapReturnDelta: true:

  1. Audit the hook code - Verify legitimate use case
  2. Check ownership - Is it upgradeable? By whom?
  3. Verify track record - Has it been audited by reputable firms?
  4. Start small - Test with minimal amounts first

Legitimate Uses

NoOp patterns are valid for:

  • Just-in-time liquidity (JIT)
  • Custom AMM curves
  • Intent-based trading systems
  • RFQ/PMM integrations

But each requires careful implementation and audit.

Delta Accounting Fundamentals

v4 uses a credit/debit system through the PoolManager:

Core Invariant

For every transaction: sum(deltas) == 0

The PoolManager tracks what each address owes or is owed. At transaction end, all debts must be settled.

Key Functions

FunctionPurposeDirection
take(currency, to, amount)Withdraw tokens from PoolManagerYou receive tokens
settle(currency)Pay tokens to PoolManagerYou send tokens
sync(currency)Update PoolManager balance trackingPreparation for settle

Settlement Pattern

// Correct pattern: sync before settle
poolManager.sync(currency);
currency.transfer(address(poolManager), amount);
poolManager.settle(currency);

Common Mistakes

  1. Forgetting sync: Settlement fails without sync
  2. Wrong order: Must sync → transfer → settle
  3. Partial settlement: Leaves transaction in invalid state
  4. Double settlement: Causes accounting errors

Access Control Patterns

PoolManager Verification

Every hook callback MUST verify the caller:

modifier onlyPoolManager() {
    require(msg.sender == address(poolManager), "Not PoolManager");
    _;
}

function beforeSwap(
    address sender,
    PoolKey calldata key,
    IPoolManager.SwapParams calldata params,
    bytes calldata hookData
) external override onlyPoolManager returns (bytes4, BeforeSwapDelta, uint24) {
    // Safe to proceed
}

Why This Matters

Without this check:

  • Anyone can call hook functions directly
  • Attackers can manipulate hook state
  • Funds can be drained through fake callbacks

Router Verification Patterns

The sender parameter is the router, not the end user. For hooks that need user identity:

Allowlisting Pattern

mapping(address => bool) public allowedRouters;

function beforeSwap(
    address sender,  // This is the router
    PoolKey calldata key,
    IPoolManager.SwapParams calldata params,
    bytes calldata hookData
) external override onlyPoolManager returns (bytes4, BeforeSwapDelta, uint24) {
    require(allowedRouters[sender], "Router not allowed");
    // Proceed with swap
}

User Identity via hookData

function beforeSwap(
    address sender,
    PoolKey calldata key,
    IPoolManager.SwapParams calldata params,
    bytes calldata hookData
) external override onlyPoolManager returns (bytes4, BeforeSwapDelta, uint24) {
    // Decode user address from hookData (router must include it)
    address user = abi.decode(hookData, (address));
    // CAUTION: Router must be trusted to provide accurate user
}

msg.sender Trap

// WRONG - msg.sender is always PoolManager in hooks
function beforeSwap(...) external {
    require(msg.sender == someUser); // Always fails or wrong
}

// CORRECT - Use sender parameter
function beforeSwap(address sender, ...) external {
    require(allowedRouters[sender], "Invalid router");
}

Token Handling Hazards

Not all tokens behave like standard ERC-20s:

Token TypeHazardMitigation
Fee-on-transferReceived amount < sent amountMeasure actual balance changes
RebasingBalance changes without transfersAvoid storing raw balances
ERC-777Transfer callbacks enable reentrancyUse reentrancy guards
PausableTransfers can be blockedHandle transfer failures gracefully
BlocklistSpecific addresses blockedTest with production addresses
Low decimalsPrecision loss in calculationsUse appropriate scaling

Safe Balance Check Pattern

function safeTransferIn(
    IERC20 token,
    address from,
    uint256 amount
) internal returns (uint256 received) {
    uint256 balanceBefore = token.balanceOf(address(this));
    token.safeTransferFrom(from, address(this), amount);
    received = token.balanceOf(address(this)) - balanceBefore;
}

Base Hook Template

Start with all permissions disabled. Enable only what you need:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {BaseHook} from "v4-periphery/src/base/hooks/BaseHook.sol";
import {Hooks} from "v4-core/src/libraries/Hooks.sol";
import {IPoolManager} from "v4-core/src/interfaces/IPoolManager.sol";
import {PoolKey} from "v4-core/src/types/PoolKey.sol";
import {BeforeSwapDelta, BeforeSwapDeltaLibrary} from "v4-core/src/types/BeforeSwapDelta.sol";

contract SecureHook is BaseHook {
    constructor(IPoolManager _poolManager) BaseHook(_poolManager) {}

    function getHookPermissions() public pure override returns (Hooks.Permissions memory) {
        return Hooks.Permissions({
            beforeInitialize: false,
            afterInitialize: false,
            beforeAddLiquidity: false,
            afterAddLiquidity: false,
            beforeRemoveLiquidity: false,
            afterRemoveLiquidity: false,
            beforeSwap: false,           // Enable only if needed
            afterSwap: false,            // Enable only if needed
            beforeDonate: false,
            afterDonate: false,
            beforeSwapReturnDelta: false,      // DANGER: NoOp attack vector
            afterSwapReturnDelta: false,       // DANGER: Can extract value
            afterAddLiquidityReturnDelta: false,
            afterRemoveLiquidityReturnDelta: false
        });
    }

    // Implement only the callbacks you enabled above
}

See references/base-hook-template.md for a complete implementation template.

Security Checklist

Before deploying any hook:

#CheckStatus
1All hook callbacks verify msg.sender == poolManager[ ]
2Router allowlisting implemented if needed[ ]
3No unbounded loops that can cause OOG[ ]
4Reentrancy guards on external calls[ ]
5Delta accounting sums to zero[ ]
6Fee-on-transfer tokens handled[ ]
7No hardcoded addresses[ ]
8Slippage parameters respected[ ]
9No sensitive data stored on-chain[ ]
10Upgrade mechanisms secured (if applicable)[ ]
11beforeSwapReturnDelta justified if enabled[ ]
12Fuzz testing completed[ ]
13Invariant testing completed[ ]

Gas Budget Guidelines

Hook callbacks execute inside the PoolManager's transaction context. Excessive gas consumption can make swaps revert or become economically unviable.

Gas Budgets by Callback

CallbackTarget BudgetHard CeilingNotes
beforeSwap< 50,000 gas150,000 gasRuns on every swap; keep lean
afterSwap< 30,000 gas100,000 gasAnalytics/tracking only
beforeAddLiquidity< 50,000 gas200,000 gasMay include access control
afterAddLiquidity< 30,000 gas100,000 gasReward tracking
beforeRemoveLiquidity< 50,000 gas200,000 gasLock validation
afterRemoveLiquidity< 30,000 gas100,000 gasTracking/accounting
Callbacks with external calls< 100,000 gas300,000 gasExternal DEX routing, oracles

Common Gas Pitfalls

  1. Unbounded loops: Iterating over dynamic arrays (e.g., all active positions) can exceed block gas limits. Cap array sizes or use pagination.
  2. SSTORE in hot paths: Each new storage slot costs ~20,000 gas. Prefer transient storage (tstore/tload) for data that doesn't persist beyond the transaction. Requires Solidity >= 0.8.24 with EVM target set to cancun or later.
  3. External calls: Each cross-contract call adds ~2,600 gas base cost plus the callee's execution. Batch calls where possible.
  4. String operations: Avoid string manipulation in callbacks; use bytes32 for identifiers.
  5. Redundant reads: Cache poolManager calls — repeated getSlot0() or getLiquidity() reads cost gas each time.

Measuring Gas

# Profile a specific hook callback with Foundry
forge test --match-test test_beforeSwapGas --gas-report

# Snapshot gas usage across all tests
forge snapshot --match-contract MyHookTest

Risk Scoring System

Calculate your hook's risk score (0-33):

CategoryPointsCriteria
Permissions0-14Sum of enabled permission risk levels
External Calls0-5Number and type of external interactions
State Complexity0-5Amount of mutable state
Upgrade Mechanism0-5Proxy, admin functions, etc.
Token Handling0-4Non-standard token support

Audit Tier Recommendations

ScoreRisk LevelRecommendation
0-5LowSelf-audit + peer review
6-12MediumProfessional audit recommended
13-20HighProfessional audit required
21-33CriticalMultiple audits required

Absolute Prohibitions

Never do these things in a hook:

  1. Never trust msg.sender for user identity - It's always PoolManager
  2. Never enable beforeSwapReturnDelta without understanding NoOp attacks
  3. Never store passwords, keys, or PII on-chain
  4. Never use transfer() for ETH - Use call{value:}("")
  5. Never assume token decimals - Always query the token
  6. Never use block.timestamp for randomness
  7. Never hardcode gas limits in calls
  8. Never ignore return values from external calls
  9. Never use tx.origin for authorization - It's a phishing vector; malicious contracts can relay calls with the original user's tx.origin

Pre-Deployment Audit Checklist

#ItemRequired For
1Code review by security-focused developerAll hooks
2Unit tests for all callbacksAll hooks
3Fuzz testing with FoundryAll hooks
4Invariant testingHooks with delta returns
5Fork testing on mainnetAll hooks
6Gas profilingAll hooks
7Formal verificationCritical hooks
8Slither/Mythril analysisAll hooks
9External auditMedium+ risk hooks
10Bug bounty programHigh+ risk hooks
11Monitoring/alerting setupAll production hooks

See references/audit-checklist.md for detailed audit requirements.

Production Hook References

Learn from audited, production hooks:

ProjectDescriptionNotable Security Features
FlaunchToken launch platformMulti-sig admin, timelocks
EulerSwapLending integrationIsolated risk per market
Zaha TWAMMTime-weighted AMMGradual execution reduces MEV
BunniLP managementConcentrated liquidity guards

External Resources

Official Documentation

Security Resources

Community


Additional References

Related skills

More from uniswap/uniswap-ai and the wider catalog.

SW

swap-integration

uniswap/uniswap-ai

Integrate Uniswap swaps into applications. Use when user says "integrate swaps", "uniswap", "trading api", "add swap functionality", "build a swap frontend", "create a swap script", "smart contract swap integration", "use Universal Router", "Trading API", or mentions swapping tokens via Uniswap.

1.2k installs
VI

viem-integration

uniswap/uniswap-ai

Integrate EVM blockchains using viem. Use when user says "read blockchain data", "send transaction", "interact with smart contract", "connect to Ethereum", "use viem", "use wagmi", "wallet integration", "viem setup", or mentions blockchain/EVM development with TypeScript.

735 installs
LI

liquidity-planner

uniswap/uniswap-ai

This skill should be used when the user asks to "provide liquidity", "create LP position", "add liquidity to pool", "become a liquidity provider", "create v3 position", "create v4 position", "concentrated liquidity", "set price range", or mentions providing liquidity, LP positions, or liquidity pools on Uniswap. Generates deep links to create positions in the Uniswap interface.

718 installs
SW

swap-planner

uniswap/uniswap-ai

This skill should be used when the user asks to "swap tokens", "trade ETH for USDC", "exchange tokens on Uniswap", "buy tokens", "sell tokens", "convert ETH to stablecoins", "find memecoins", "discover tokens", "research tokens", "tokens to buy", "find tokens to swap", "what should I buy", or mentions swapping, trading, researching, discovering, buying, or exchanging tokens on any Uniswap-supported chain. Supports both known token swaps and token discovery workflows (discovery uses keyword search and web search — there is no live "trending" feed). Generates deep links to execute swaps in the Uniswap interface.

714 installs
DE

deployer

uniswap/uniswap-ai

Deploy CCA (Continuous Clearing Auction) smart contracts using the Factory pattern. Use when user says "deploy auction", "deploy cca", "factory deployment", or wants to deploy a configured auction.

671 installs
CO

configurator

uniswap/uniswap-ai

Configure CCA (Continuous Clearing Auction) smart contract parameters through an interactive bulk form flow. Use when user says "configure auction", "cca auction", "setup token auction", "auction configuration", "continuous auction", or mentions CCA contracts.

661 installs