- Home
- Skills
- Igoryuzo
- Uniswapv4 Hooks Skill
- Uniswapv4 Hooks Skill
uniswapv4-hooks-skill_skill
- HTML
14
GitHub Stars
3
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill igoryuzo/uniswapv4-hooks-skill --skill uniswapv4-hooks-skill- LICENSE1.1 KB
- README.md5.2 KB
- SKILL.md12.4 KB
Overview
This skill is a secure Uniswap v4 hook development assistant that guides creation, review, and auditing of hook contracts. It highlights critical threats, permission encoding, access patterns, delta accounting, and testing requirements. Use it to design minimal-permission hooks and avoid common rug-pull and math vulnerabilities.
How this skill works
The skill inspects hook lifecycle points (before/after initialize, add/remove liquidity, swap, donate) and enforces security patterns: PoolManager-only access, router verification, balanced delta accounting, and safe math. It flags dangerous permissions (especially beforeSwapReturnDelta), recommends CREATE2 address mining for permission bits, and provides templates, checklists, and test guidance for Foundry.
When to use it
- When building or auditing Uniswap v4 hooks (beforeSwap, afterSwap, return-delta variants)
- When implementing custom AMM logic, dynamic fees, or swap modifications
- When reviewing PoolManager interactions or hook permission bits in addresses
- When adding router-dependent features that require identifying end users
- When preparing pre-deployment audits and fuzz/invariant tests
Best practices
- Always require msg.sender == PoolManager for hook entry points
- Minimize enabled permissions; never enable beforeSwapReturnDelta unless necessary
- Ensure every token take has a corresponding settle; deltas must net to zero
- Maintain a trusted router allowlist and query actual user via router interface; never trust tx.origin
- Use mulDiv and checked math for price/fee calculations; add reentrancy guards when making external calls
- Document unsupported token types (rebasing, fee-on-transfer, ERC-777) and test edge cases
Example use cases
- Implementing an afterSwap rewards hook that credits users via a verified router
- Adding a dynamic fee hook that adjusts fees off-chain and enforces correct math on-chain
- Auditing a third-party hook to verify permission bits, delta balance, and router verification
- Designing a TWAMM or time-weighted order hook with comprehensive fuzz and invariant tests
- Mining a hook deployment address with CREATE2 to include only required permission bits
FAQ
When enabled, beforeSwap can replace pool math and divert user funds by returning deltas that satisfy the swap without on-curve settlement. Only enable it for legitimate custom AMMs and after strong audits.
How do I identify the real user in a hook?
Do not trust sender. Maintain a trusted router allowlist and call a router-provided msgSender() interface. Revert if the router is untrusted or does not implement the interface.