Introduction

Motivation

This project aims to identify and address vulnerabilities arising from the lack of standardization- in Uniswap v4 hooks, enabling proactive threat mitigation within the web3 ecosystem.

Summary of Herbicide

The Hook function, a key feature introduced in Uniswap V4, allows developers to apply custom business logic before and after actions like adding or removing liquidity, token swaps, and liquidity donations. In Uniswap V4, liquidity is managed by PoolKeys, which includes the addresses of two tokens to be exchanged, fees, tick spacing, and the address of the implemented Hook Contract.

Using Hook-applied liquidity, our project analyzes Uniswap V4 to define and address potential threats. The solution enables users to input a PoolKey corresponding to their Hook Contract deployed on the Uni Chain, then dynamically and statically analyze it to detect possible threats.

Dynamic testing is conducted across N categories with M tests, while static analysis follows with N categories and M tests, ultimately displaying results for the user. Uniswap continues to enhance the Uni Chain and blockchain ecosystem through initiatives like the Infinite Hackathon and Retro Program. We aim to assist Uniswap V4 users and Hook developers in creating safer Hook Contracts.

Performance

Our Herbicide platform has identified security issues among various Uniswap v4 hooks detected through our platform. We conducted a direct triage process on each identified issue to verify their validity as vulnerabilities. The following outlines the results of this process.

IDX

Hook Name

Type

Minimum

Time-Lock

OnlyBy

PoolManager

Proxy

Re-

Initialize

Gas-

Griefing

P1

DeltaReturningHook

Uniswap Basic

P

P

P

P

P

P

P2

CustomCurveHook

Uniswap Basic

Detect

Detect

False Positive

P

P

P

P3

DynamicFeesTestHook

Uniswap Basic

P

P

Detect

P

P

P

P4

DynamicReturnFeeTestHook

Uniswap Basic

P

P

Detect

P

P

P

P5

FeeTakingHook

Uniswap Basic

P

P

P

P

P

P

P6

LPFeeTakingHook

Uniswap Basic

P

P

P

P

P

P

P7

FullRange

Uniswap Labs

Detect

Detect

False Positive

P

P

P

P8

GeomeanOracle

Uniswap Labs

Detect

Detect

False Positive

P

P

P

P9

LimitOrder

Uniswap Labs

P

P

P

P

P

P

P10

VolatilityOracle

Uniswap Labs

P

P

Detect

P

P

P

P11

StopLoss

Community

P

P

Detect

P

P

P

P12

TradingDays

Community

P

Detect

Detect

P

P

P

P13

ArrkisHook

ETHCC_Paris

P

P

Detect

P

Detect

P

PreviousWelcomeNextArchitecture

Last updated