Security
When building on Uniswap v4, security should be a primary consideration. This section covers emergency response resources and security best practices specific to v4 implementations.
Emergency Response
SEAL 911 Emergency Hotline
If you encounter a security incident (exploit, vulnerability, or other urgent security matter) while working with Uniswap v4, the SEAL 911 Emergency Hotline provides immediate access to security experts.
Emergency Contact: https://t.me/seal_911_bot
SEAL 911 is a community-operated Telegram bot that connects you directly with vetted security responders who can provide immediate assistance during security incidents.
How It Works
- Send a message through the bot during a security emergency
- Automatic alert routing to a vetted group of white hat security professionals
- Immediate response from trusted security experts in the space
Additional Resources
SEAL 911 is a third-party service operated by the Security Alliance. Exercise appropriate judgment when sharing sensitive information during emergency situations.
v4-Specific Security Considerations
Hook Security
When developing custom hooks for v4, ensure proper validation and access controls. Malicious or poorly implemented hooks can compromise pool security.
Flash Accounting
v4's flash accounting system requires careful implementation to prevent exploitation. Always ensure proper settlement of deltas.
Pool Manager Interactions
Direct interactions with the PoolManager require thorough understanding of the locking mechanism and callback patterns.
Audits
Uniswap's V4 core contracts have undergone a handful of extensive security reviews by multiple providers, with some reviews still ongoing. Below is a list of completed and draft reports. The full list can be found in the respective repositories' audits directory:
Open Zeppelin report from July 17th 2024.
Certora draft report from July 2024.
Trail of Bits report from September 5th 2024.
Spearbit draft report from September 5th 2024.
ABDK draft report from September 5th 2024.
Similarly, the V4 periphery contracts have been reviewed by various audit providers, and the full list is inside the periphery repository's audits directory:
Open Zeppelin report from September 5th 2024.
Spearbit draft report from September 5th 2024.
ABDK draft report from September 5th 2024.
Bug Bounty Program
In November 2024 Uniswap announced a $15.5 million dollar bug bounty for their V4 contracts. You can view the full bounty page on Cantina.
Additional Security Resources
- Review the v4 Core contracts for implementation details
- Follow security best practices outlined in the Hooks documentation
- Test thoroughly using the provided test contracts