Hooks in Uniswap v4 execute during core pool lifecycle events such as swaps and liquidity modifications. Any bug in a hook could introduce:
- denial-of-service risks
- price manipulation vectors
- gas griefing
- reentrancy vulnerabilities
Therefore, the hook design follows three principles:
- minimal execution logic
- read-only exposure tracking
- externalized execution
The hook does not directly execute hedge trades. It only observes AMM state and emits exposure signals.
All capital-moving logic occurs in separate contracts.
This dramatically reduces the attack surface.
The system assumes the following adversaries may exist:
| Adversary | Capabilities | Goal |
|---|---|---|
| MEV searchers | observe mempool, reorder transactions | manipulate exposure triggers |
| malicious LP | creates adversarial liquidity positions | manipulate hedge calculations |
| swap attackers | execute large swaps | trigger unnecessary hedges |
| automation griefers | spam triggers | increase protocol gas cost |
Hooks execute inside pool operations.
Reentrancy could occur if the hook:
- calls external contracts
- which calls the pool again
Mitigation:
- no external calls inside hook
- no hedge execution in the hook
- no token transfers
The hook only performs:
- state read
- delta calculation
- event emission
This prevents reentrancy surfaces.
If the system relied entirely on the AMM price, an attacker could:
- perform a large swap
- temporarily distort the price
- trigger hedge
- reverse swap
Mitigation strategies:
- TWAP price checks
- minimum delta thresholds
- cooldown periods between hedges
Future versions can integrate Oracle feeds from Chainlink for price validation.
Attackers could attempt to trigger repeated hedges.
Example:
- swap small amounts repeatedly
- force hedge rebalancing
- increase gas costs
Mitigation:
- delta threshold trigger
- time-based cooldown
- minimum hedge size
Trigger rule example:
|Δ_current − Δ_target| > Δ_threshold
AND
last_hedge_time > cooldownHooks must never revert unless absolutely necessary.
Design rule:
- hook logic must be non-blocking
If exposure computation fails:
- skip update
- emit fallback event
This ensures the pool continues functioning.
System components are intentionally separated.
- Hook → monitoring only
- Controller → strategy logic
- Hedge adapter → execution
A compromise of one layer cannot directly compromise the pool.
Gas efficiency is critical because hooks execute during swaps.
Poorly optimized hooks could make pools unusable.
Hook computation complexity must remain O(1).
Avoid:
- loops
- heavy math
- storage writes
- external calls
Operations allowed:
- simple arithmetic
- event emission
- single storage write
Storage is the most expensive operation in Ethereum.
Instead of storing full LP positions:
- store minimal exposure state
Example structure:
struct ExposureState {
int256 delta;
uint256 lastUpdate;
}This reduces gas during swaps.
Instead of storing complex state on-chain, the hook emits events.
ExposureUpdated(poolId, delta, price)Automation services process events off-chain.
Benefits:
- less storage
- cheaper swaps
- better scalability
Floating-point math does not exist in Solidity.
Use efficient formats:
- Q64.96
- Q128.128
These formats are already used in Uniswap v3 and inherited by v4.
Benefits:
- precision
- gas efficiency
- compatibility with pool math
Instead of recomputing everything:
- reuse pool state
- reuse liquidity values
Example:
price = slot0.sqrtPriceX96Then compute exposure from cached liquidity.
Instead of hedging every swap:
- aggregate exposure
- hedge periodically
This reduces execution cost.
Example rule:
- trigger hedge every N blocks
- or when delta exceeds threshold
DeFi protocols must defend not only against code exploits but also economic manipulation.
Searchers could manipulate prices to force hedging events.
Example:
- large swap → trigger hedge
- reverse swap → capture hedge profit
Mitigation:
- TWAP validation
- hedge delay
- minimum hedge threshold
An attacker could:
- front-run swap
- trigger hedge
- back-run swap
Mitigation:
- hedge only after threshold
- avoid single-swap triggers
Malicious LPs might create positions designed to distort delta calculations.
Example:
- extremely narrow ranges
- very high leverage exposure
Mitigation:
- exposure caps
- minimum liquidity thresholds
If the hedge uses derivatives, attackers could manipulate the derivatives market price.
Mitigation:
- use large liquidity markets
- TWAP validation
- price sanity checks
Over-hedging can destroy LP profits.
Example:
LP fees = 0.05%
hedging cost = 0.07%The strategy would lose money.
Therefore, the system uses:
- adaptive hedge thresholds
This ensures hedging only occurs when risk exceeds cost.
High volatility periods could produce excessive hedging.
Future improvement:
- volatility-aware hedge frequency
The system could increase or decrease hedging frequency depending on market conditions.
Testing includes simulations of:
- large swaps
- rapid volatility
- LP deposits and withdrawals
- hedge trigger conditions
Using Foundry fuzz testing.
This ensures the system behaves correctly under adversarial conditions.