Threats for UniswapV4 hooks

Overview

An alternative to TWAP oracle that saves the current tick on each swap. This approach mitigates some risk as when using TWAP, “lower-liquidity pools are prone to manipulation”. The hook has a function that allows to get the median price within a given time period.

Median oracle hook implementation example

https://github.com/saucepoint/median-oracles

How it works?

Typical usage consists of the following steps:

1. Swappers perform multiple swaps in the pool.
2. Hook saves current ticks before each swap in a limited buffer.
3. External contract asks for the median price within a given time period.

The following description is based on the specific hook that implements the method from Euler protocol, and its name is EulerMedianOracle. The contract is executed in the following hooks:

• beforeInitialize,
• beforeSwap.

In the beforeInitializehook it simply configures the buffer size (ringSizes) and saves last update timestamp.

Then, in beforeSwap hook, the contract takes the tick from the previous swap and, if it is different from the current one, stores it in a ringBuffers array together with the duration. The duration here is a difference between the current timestamp and the last update. Finally, it caches the current tick for future use.

The main goal of the hook is to provide the tick to other smart contracts that integrate with it. It can be achieved by calling the readOracle function.

This function goes through the ticks saved in ringBuffers and populates the array arr that is later used to calculate the weighted median. The loop adds the tick and its duration to arr, but it updates the tick and duration only when the loop iteration is the multiple of 8 to optimize storage usage (one 32 bytes slot fits 8 pairs of tick and duration, both 2 bytes long).

Besides the Euler median, there is also the implementation of Frugal median.

Realized goals and opportunities:

• Provide the price value as an oracle.
• Protection from TWAP manipulation.
• Multiple algorithms to generate the tick based on the historical data.

Identified threats and threat scenarios:

• Incorrect price
  • Use of short history period.
  • Incorrect calculations (e.g. omitting valid ticks).
  • Breaking assumptions of used source code (e.g. Euler’s).
• Manipulated price
  • Malicious swap that increases the current tick and influences the resulting price.
  • Malicious multiple swaps that influence the median.
  • Data (ticks and duration) pollution by the hook owner.
• Denial of Service
  • Overflow in oracle calculation.
  • Use of long history period that exceeds gas limit.
• Low use
  • Swappers do not want to pay (gas) for updating current values.

Overview

The MultiSigSwapHook contract leverages hooks functionality to require multiple signatures from authorized signers before executing a swap. It provides an additional layer of security and control.

Multi-sig hook implementation example

https://github.com/atj3097/mfa-multisig-hook-v4

How it works?

Typical usage consists of the following steps:

1. Swappers submit swap params off-chain.
2. Authorized signers sign particular swaps in order to allow to process them.
3. Swapper submits a swap.
4. Hook checks whether the swap is authorized by signers and executes it or reverts if there is no enough signatures.

The hook contract is executed in the following hooks:

• beforeSwap ,
• afterSwap .

In the constructor the hooks sets the owner, initial list of signers (authorizedSigners) and the threshold (requiredSignatures).

In the beforeSwap hook, it calculates the hash of the swap params and checks whether the number of approvals in swapApprovals mapping is greater than requiredSignatures.

In the afterSwap hook, the contract deletes the hash of swap from swapApprovals mapping to protect from replay attacks.

Apart from the hooks, the contract implements the approveSwap function that allows the authorized signers to add approvals for specific swap params.

There are also administrative functions, callable only by the owner:

• addSigner,
• removeSigner,
• setRequiredSignatures,

and one view function:

• getApprovalDetails, that allows to get the number of approvals for specific hash and whether the sender has approved it.

Realized goals and opportunities:

• Control over the swaps, allowing only selected ones

Identified threats and threat scenarios:

• Bypassing signatures verification
  • Using an invalid signature that bypasses verification
  • Using multiple signatures by the same signer to bypass threshold verification
  • Submitting a swap with the same hash, but different parameters
• Replaying operations
  • Reusing signatures with a different pool
  • Reusing the same signature to bypass verification (replay attack)
• Denial of Service (swapping)
  • Absence of signers because there are no incentives for them
  • Absence of signers because each swap has to be approved independently
  • Inability to approve the same swap for multiple users (only one user can use the approval)
  • Removing signers below the required threshold
  • Setting a threshold over the number of signers
• Unauthorized signers
  • Malicious owner can add new signers instantly
  • Theft of owner’s key allows to take over the multi-sig and add new owners instantly
• Lack of use
  • Users do not use it because of too strict params (e.g. price limit)

Overview

The smart contract is a KYC (Know Your Customer) hook. It is designed to enforce KYC checks on users, before they are allowed to conduct trades on a Uniswap liquidity pool.

KYC hook implementation example

https://github.com/jdubpark/Uniswap-Hooks/blob/main/contracts/KYCHook.sol

How it works?

Typical usage consists of the following steps:

1. Owner of the hook sets the KYC verification smart contract.
2. Swapper passes the KYC procedure and is added to the KYC verification contract.
3. Swapper submits a swap.
4. Hook calls the KYC contract to check whether user has passed KYC procedure and performs the operation, or blocks it otherwise.

The contract uses two custom hooks:

• beforeSwap,
• beforeModifyPosition.

The beforeSwap hook is triggered before a swap operation is performed. It ensures that the user trying to perform the swap operation has passed KYC procedure.

The beforeModifyPosition hook is triggered before a user tries to modify their position in a pool. It ensures that the user trying to modify their position has passed KYC.

Both hooks have onlyPermitKYC modifier that calls hasValidToken on the external kycValidity contract and requires it to return true. The parameter passed to the function is tx.origin (assumed to be the initial swapper or LP). If the user has not passed KYC procedures, the function will revert and stop the execution of the transaction.

The contract has a function setKYCVerifier which is used to set or change the address of the KYC verifier contract. This function can only be called by the owner of the contract and has a 7-day period before the new smart contract can be set.

Realized goals and opportunities:

• Allows to KYC swappers and LPs
• Allows to swap and provide liquidity only by users that passed KYC

Identified threats and threat scenarios:

• Unauthorized usage
  • Using transaction originating from address (with KYC passed) and forwarding it to the pool via contract (without KYC passed) (KYC address → attacker address → pool)
  • Insufficient checks in the KYC validation contract
• Centralization risk
  • Malicious owner can change the validation contract instantly to a malicious one that accepts anyone
  • Theft of owner’s key allows to take over the validation process and add change the validation contract instantly to a malicious one that accepts anyone
  • Malicious owner or thief of the owner’s key can bypass the timelock, to set the validation contract instantly to a malicious one that accepts anyone
  • Changing the validation contract without any information to users (e.g. events)
  • Owner of the validation contract changes its logic to accept anyone
  • Owner of the validation contract adds only selected addresses as validated
• Lack of possibility to revoke an accepted address
  • Impossibility to remove the access once user has passed KYC procedure
• Ineffective access removal
  • Revoked address front-runs the revocation and executes an operation
• Denial of Service
  • Setting incorrect KYC validation contract that cannot handle the KYC requests
  • Destroying the KYC validation contract

Overview

The primary purpose of the Hedge contract is to allow users to set up triggers that perform hedging actions based on currency prices. When the price crosses a user-defined limit, the contract can automatically swap.

Hedge hook implementation example

https://github.com/vanillaHill/hedge

How it works?

Typical usage consists of the following steps:

1. User sets up the hedge.
2. Swap activates the hedge trigger after price drop.
3. The hook swaps the set amount of token to protect against unfavorable price.

The hook contract is executed in the following hooks:

• afterSwap

1. Setting up a Hedge

Alice, fearing a drop in the TestCoin price, decides to set up a hedge:

• Alice calls the setTrigger function.
• The struct is populated with the provided parameters:
  • _tokenAddress (TestCoin’s address) is stored in trigger.currency0.
  • _priceLimit (50 USD) is stored in trigger.minPriceLimit.
  • _maxAmountSwap (1000 TestCoin) is stored in trigger.maxAmountSwap.
  • msg.sender (Alice’s address) is stored in trigger.owner.
• The _findIndex function is then used to determine where in the orderedPriceByCurrency list Alice’s price limit should be inserted to keep the list ordered.

2. Price Drop and Hedge Activation

After a swap in the Uniswap pool, the afterSwap function is automatically called:

• The current price of currency0 (TestCoin) is calculated. Let’s assume it’s 48 USD.
• The _findIndex function determines the position of this price in the orderedPriceByCurrency list.
• The function then checks all price triggers that are greater than or equal to the current price.
• Since Alice’s set limit (50 USD) is greater than the current price (48 USD), the _performHedge function is called.

Inside _performHedge:

• The function loops through all triggers.
• For Alice’s trigger, since trigger.fired is false, it proceeds to execute the hedge.
• The poolManager.lock function is called, which likely locks the tokens and performs the swap.
• After execution, Alice’s trigger.fired is set to true to indicate the hedge has been executed.

3. Price Recovery and Unwind

If the TestCoin price rebounds, the afterSwap function is triggered again:

• With a rebounded price (say 52 USD), the function now calls _performUnwind for Alice’s trigger since her price limit is now less than the current price.

Inside _performUnwind:

• The function loops through all triggers.
• For Alice’s trigger, since trigger.fired is true, it proceeds to execute the unwind.
• The poolManager.lock function is called again, likely to reverse the previous swap.
• After execution, Alice’s trigger.fired is set to false to indicate the hedge has been unwound.

Realized goals and opportunities:

• Protection against unfavorable price movement.
• Minimizing the risk of the hedge user.

Identified threats and threat scenarios:

• Loss of tokens by Hedge user
  • Setting a high amount for small price fluctuations.
  • Executing hedge via malicious pool (assigned to the hook) with the manipulated price.
  • Token price manipulation within pools via swap to activate hedge.
  • Reliance on flawed price data.
• Loss of tokens by swapper
  • Front-running swap operation with the new trigger that will be called as part of this swap so that the swapper pays for it.
• Denial of Service
  • Excessive trigger creation.
  • Infinite swap loop via hedging and unwinding.
  • Insufficient users’ balances when handling triggers.
• Lowering the attractiveness of the pool
  • Significant increase in gas consumption by adding multiple triggers.
• Wrong hedge activation
  • The hook does not cover all operations that affect the price.
• Lack of use
  • High cost of operation (many triggers executed during swap).

Overview

Locking liquidity hook enables to manage and stabilize liquidity levels. It allows users to lock liquidity for set periods, offering rewards and penalizing early withdrawals with fees to stabilize liquidity levels. This tool incentivizes long-term liquidity provision and enhances LP benefits.

Locking liquidity hook implementation example

https://github.com/BrokkrFinance/hooks-poc/blob/main/src/LiquidityLocking.sol

How it works?

Typical usage consists of the following steps:

1. PoolManager initializes the pool and sets the parameters.
2. Users add and lock their liquidity.
3. Users remove liquidity and receive rewards after a certain period.

The hook contract is executed in the following hooks:

• beforeInitialize,
• beforeModifyPosition,
• beforeSwap.

The contract is designed to manage liquidity in a Uniswap pool, allowing users to lock liquidity for a certain period, earn rewards, and face penalties for early withdrawal. In addition to the standard hook functions that are overridden, two additional functions have been added that can be called by any user: addLiquidity and removeLiquidity.

Let’s break down this hook’s basic flow:

1. Initialization

Just before a pool is initialized, the beforeInitialize function is called. This function sets up the basic parameters of the pool, including reward token generation and early withdrawal penalties.

2. Adding Liquidity

Users can add liquidity to the pool using the addLiquidity function in the Hook. This function requires users to specify how much liquidity they want to add and the duration of the lock.

After a few checks, it calculates the amount of liquidity to be added based on the desired amounts. Then, modifies the position by passing the calculated liquidity amount and finally adjust user LiquidityShares:

3. Reward Calculation

When users add liquidity to custom pools, the contract calculates the rewards based on the amount of liquidity and the duration of the lock. This is done within addLiquidity using the pool’s rewardGenerationRate.

This calculation takes into account the current time (block.timestamp), the time when the liquidity was locked (lockingInfo.lockingTime), and the time until which it is locked (lockingInfo.lockedUntil). The reward is proportional to the duration the liquidity is locked and the amount of liquidity provided.

4. Removing Liquidity

Users can remove their liquidity (part or all of it) using the removeLiquidity function. If they remove it before the lockedUntil period ends, they incur a penalty.

5. Updating Liquidity Shares

Both addLiquidity and removeLiquidity functions update the user’s liquidity shares in the pool. This is crucial for calculating the user’s share of rewards and potential penalties.

Realized goals and opportunities:

• Enhanced Pool Stability: Contributes to the predictability and stability of liquidity pools.
• Reward System: Offers rewards based on locked liquidity duration and amount.
• Early Withdrawal Penalties: Applies penalties for early withdrawal, benefiting remaining liquidity providers.

Identified threats and threat scenarios:

• Denial of Service
  • The user cannot withdraw their funds because the penalty is greater than the liquidity they provided.
• Bad rewards calculation
  • Before collecting the rewards, the user adds a lot of liquidity, which increases the final amount of the reward.
  • Significant disproportions between locking small amounts for the long term and large amounts for the short term.
• Early withdrawals without consequences
  • The user withdraws their assets before the time they locked them for had passed without paying a fine.
  • The user modifies their position by adding a new one with a shorter locked period, which when combining together with previous one, shortens the final locked period while maintaining higher rewards.
  • The user collects rewards earlier to reduce the amount on which the penalty will be charged.
• Changing the lockedUntil period
  • Adding/removing new liquidity may shorten the lockedUntil period.
• Bad fee distribution
  • The user front-run withdrawal with big penalty to add liquidity and become one of the LP’s to steal the fee distributed to LP’s.
• Unfairness for LPs
  • The user locks big amount of assets for very short period of time (e.g. 1 second) to steal distributed fees.
• Lack of pool stability
  • The user withdraws the funds at any time because the penalty is very small, making the pools unstable.
  • Mass withdrawals because of sudden market movements.
• Lack of use
  • The reward token has no value.
  • The reward value is too small.