Repository inventory

igoryuzo/uniswapv4-hooks-skill

Skills indexed from this repository, with install-style signals scoped to the repo.
1 skills14 GitHub stars0 weekly installsHTMLGitHubOwner profile

Overview

This skill is a secure Uniswap v4 hook development assistant that guides creation, review, and auditing of hook contracts. It highlights critical threats, permission encoding, access patterns, delta accounting, and testing requirements. Use it to design minimal-permission hooks and avoid common rug-pull and math vulnerabilities.

How this skill works

The skill inspects hook lifecycle points (before/after initialize, add/remove liquidity, swap, donate) and enforces security patterns: PoolManager-only access, router verification, balanced delta accounting, and safe math. It flags dangerous permissions (especially beforeSwapReturnDelta), recommends CREATE2 address mining for permission bits, and provides templates, checklists, and test guidance for Foundry.

When to use it

  • When building or auditing Uniswap v4 hooks (beforeSwap, afterSwap, return-delta variants)
  • When implementing custom AMM logic, dynamic fees, or swap modifications
  • When reviewing PoolManager interactions or hook permission bits in addresses
  • When adding router-dependent features that require identifying end users
  • When preparing pre-deployment audits and fuzz/invariant tests

Best practices

  • Always require msg.sender == PoolManager for hook entry points
  • Minimize enabled permissions; never enable beforeSwapReturnDelta unless necessary
  • Ensure every token take has a corresponding settle; deltas must net to zero
  • Maintain a trusted router allowlist and query actual user via router interface; never trust tx.origin
  • Use mulDiv and checked math for price/fee calculations; add reentrancy guards when making external calls
  • Document unsupported token types (rebasing, fee-on-transfer, ERC-777) and test edge cases

Example use cases

  • Implementing an afterSwap rewards hook that credits users via a verified router
  • Adding a dynamic fee hook that adjusts fees off-chain and enforces correct math on-chain
  • Auditing a third-party hook to verify permission bits, delta balance, and router verification
  • Designing a TWAMM or time-weighted order hook with comprehensive fuzz and invariant tests
  • Mining a hook deployment address with CREATE2 to include only required permission bits

FAQ

When enabled, beforeSwap can replace pool math and divert user funds by returning deltas that satisfy the swap without on-curve settlement. Only enable it for legitimate custom AMMs and after strong audits.

How do I identify the real user in a hook?

Do not trust sender. Maintain a trusted router allowlist and call a router-provided msgSender() interface. Revert if the router is untrusted or does not implement the interface.

1 skills

More from this maintainer
Other repositories and skills published under the same GitHub owner.
Skills library
Jump back to the full directory or explore grouped topics.
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational