uniswapv4-hooks-skill_skill

This skill helps you securely develop Uniswap v4 hooks by enforcing access control, delta accounting, and router verification to prevent rug pulls.
  • HTML

14

GitHub Stars

3

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill igoryuzo/uniswapv4-hooks-skill --skill uniswapv4-hooks-skill

  • LICENSE1.1 KB
  • README.md5.2 KB
  • SKILL.md12.4 KB

Overview

This skill is a secure Uniswap v4 hook development assistant that guides creation, review, and auditing of hook contracts. It highlights critical threats, permission encoding, access patterns, delta accounting, and testing requirements. Use it to design minimal-permission hooks and avoid common rug-pull and math vulnerabilities.

How this skill works

The skill inspects hook lifecycle points (before/after initialize, add/remove liquidity, swap, donate) and enforces security patterns: PoolManager-only access, router verification, balanced delta accounting, and safe math. It flags dangerous permissions (especially beforeSwapReturnDelta), recommends CREATE2 address mining for permission bits, and provides templates, checklists, and test guidance for Foundry.

When to use it

  • When building or auditing Uniswap v4 hooks (beforeSwap, afterSwap, return-delta variants)
  • When implementing custom AMM logic, dynamic fees, or swap modifications
  • When reviewing PoolManager interactions or hook permission bits in addresses
  • When adding router-dependent features that require identifying end users
  • When preparing pre-deployment audits and fuzz/invariant tests

Best practices

  • Always require msg.sender == PoolManager for hook entry points
  • Minimize enabled permissions; never enable beforeSwapReturnDelta unless necessary
  • Ensure every token take has a corresponding settle; deltas must net to zero
  • Maintain a trusted router allowlist and query actual user via router interface; never trust tx.origin
  • Use mulDiv and checked math for price/fee calculations; add reentrancy guards when making external calls
  • Document unsupported token types (rebasing, fee-on-transfer, ERC-777) and test edge cases

Example use cases

  • Implementing an afterSwap rewards hook that credits users via a verified router
  • Adding a dynamic fee hook that adjusts fees off-chain and enforces correct math on-chain
  • Auditing a third-party hook to verify permission bits, delta balance, and router verification
  • Designing a TWAMM or time-weighted order hook with comprehensive fuzz and invariant tests
  • Mining a hook deployment address with CREATE2 to include only required permission bits

FAQ

When enabled, beforeSwap can replace pool math and divert user funds by returning deltas that satisfy the swap without on-curve settlement. Only enable it for legitimate custom AMMs and after strong audits.

How do I identify the real user in a hook?

Do not trust sender. Maintain a trusted router allowlist and call a router-provided msgSender() interface. Revert if the router is untrusted or does not implement the interface.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational