Tutorials
Last updated
Last updated
To utilize Herbicide, users can select between two input methods.
The Hook Contract must be deployed on the Unichain.
The specified Hook should be initialized (or be eligible for initialization) with the Pool Manager at 0x38EB8B22Df3Ae7fb21e92881151B365Df14ba967
using the provided PoolKey.
The PoolKey includes the two token addresses to be exchanged (currency0, currency1), LP fees, tick spacing, and the Hook Contract address.
To run an Initialize Test with a specific deployer address, provide the address as an additional parameter. If omitted, the test will default to the standard address for execution.
Detection Available
Malicious Hook Detection: Issues a warning if the Hook attempts to misappropriate user funds or withdraws more tokens than the user intended.
Price Abnormality Detection: Alerts users if there is a significant discrepancy between the simulated price calculated by Herbicide and the actual swap price.
Hook Delta Simulation: Simulates the amounts transferred during Swap/ModifyLiquidity operations, allowing users to understand the specific fund flow characteristics of the Hook.
Static Analysis with Slither: Provides security inspections and detailed contract information using Slither on verified Hook Contracts from BlockScout, facilitating efficient auditing of the Hook Contract.
When a Hook Contract is provided, Herbicide uses its Semgrep script to perform static analysis, detecting potential threats and processing Hook Contract information for review.
onlyPoolManager: Confirms that onlyPoolManager is implemented to ensure access control for hook functions.
Double Initialize Storage Check: Verifies if the Storage accessed by beforeInitialize/afterInitialize
functions is managed by PoolId during Hook initialization.
tx.origin Warning: Issues a warning if access control relies on tx.origin
, which can introduce security vulnerabilities.
All tests are conducted without impacting the actual chain.
Analytics
Track analytics from your docs
Support
Add support widgets to your docs
Interactive
Add extra functionality to your docs
Visitor Authentication
Protect your docs and require sign-in