Back to Blog
Uniswap’s Q64.96 Explained: Essential Security Tips for Hook Developers
TutorialWeb3 SecurityUniswap

Uniswap’s Q64.96 Explained: Essential Security Tips for Hook Developers

Carlos (Bloqarl)
Carlos (Bloqarl)
11 min
Hey there, fellow DeFi enthusiast! If you’ve been poking around in the Uniswap world, you’ve probably heard about ticks, liquidity pools, and maybe even something called Q64.96 numbers. Don’t worry if that last one sounds like a secret code — we’re about to demystify it!
You might be thinking, “Oh great, another deep dive into Uniswap’s ticks?” But hold your horses! While we’ll touch on ticks (because, let’s face it, they’re pretty important), we’re here to talk about something equally crucial but often overlooked: Q64.96 numbers.
“Why should I care about these Q-whatever numbers?” I hear you ask.
Well, if you’re building on Uniswap or creating hooks, understanding Q64.96 numbers could be the difference between a secure, efficient contract and… well, let’s just say you don’t want to be on the other side of that equation.
So, buckle up! We’re about to embark on a journey through the world of Q64.96 numbers, exploring how to use them safely and avoid some nasty pitfalls along the way.

Quick recap: Ticks and Q64.96 numbers in Uniswap

Alright, let’s start with a quick refresher. You know about ticks in Uniswap v3, right? No? Okay, here’s the TL;DR:
Ticks are like price points on Uniswap’s liquidity curve. Each tick represents a 0.01% price change. It’s how Uniswap allows liquidity providers to concentrate their funds in specific price ranges. Pretty neat, huh?
But here’s where it gets interesting. How do you think Uniswap represents these prices internally? Regular decimals? Integers? Nope! Enter Q64.96 numbers.
“Q64.96? Sounds like a Star Wars droid!” you might joke.
Close, but not quite. Q64.96 numbers are a special way of representing decimal numbers using only integers. Why? Because Solidity, the language used for Ethereum smart contracts, doesn’t play nice with decimals.
Intrigued? Good! Because we’re about to dive deeper into these mysterious numbers.

Understanding Q64.96 numbers

Alright, let’s dive into Q64.96 numbers. But wait, what exactly are they, and why do we need them?
Q64.96 numbers are a specific type of fixed-point number representation. Think of them as a way to represent decimal numbers in a system that only understands integers.
But why 64 and 96? Great question!
The “64” refers to the number of bits used for the integer part, while “96” is the number of bits for the fractional part. In total, that’s 160 bits. You might be wondering, “Isn’t that overkill? Why do we need so many bits?” Well, in Uniswap, we’re dealing with a wide range of prices and liquidity amounts. We need enough precision to handle tiny fractions of a cent, but also enough range to represent billions of dollars. That’s where Q64.96 comes in handy.
Let’s break it down with an example. How would we represent the number 1.5 as a Q64.96 number?
Here’s how it works:
  1. Start with 1.5
  2. Multiply it by 2⁹⁶ (that’s 2 to the power of 96)
  3. The result is our Q64.96 representation
In code, it would look something like this:
1uint256 onePointFive = 1.5 * 2**96;
2// This equals 118842243771396506390315925504
Now you might be thinking, “That’s a huge number just to represent 1.5!” You’re right, it is. However, this allows us to perform precise calculations without losing accuracy due to rounding errors.
But here’s the kicker — how do we actually use these numbers in calculations? Don’t worry, we’ll get to that in the next section.

Common pitfalls and security vulnerabilities

Now that we understand what Q64.96 numbers are, let’s talk about what can go wrong when using them. After all, with great precision comes great responsibility, right?

First up: overflow and underflow

You’re probably familiar with these from regular integer math, but with Q64.96, the stakes are even higher. Why? Because we’re dealing with much larger numbers by default.
Let’s say you’re trying to multiply two Q64.96 numbers. You might think, “No big deal, I’ll just multiply them like normal integers.” But hold on! Remember how big these numbers are? Multiplying them directly would almost certainly cause an overflow.
Here’s an example of what NOT to do:
1uint256 a = 1.5 * 2**96;  // Q64.96 representation of 1.5
2uint256 b = 2.0 * 2**96;  // Q64.96 representation of 2.0
3uint256 result = a * b;   // DON'T DO THIS!
You might be wondering, “Okay, so how do we multiply them safely?”
Good question! We need to use special functions that handle the math correctly. We’ll cover that in the best practices section.

Another common issue is precision loss

You might think, “I’ll just divide by 2⁹⁶ at the end to get back to a normal number.” But it’s not that simple. Division in Solidity truncates the result, which means you could be losing important precision.
For example:
1uint256 x = (1 * 2**96) / 3;  // Trying to represent 1/3
2uint256 y = x * 3;  // You might expect this to equal 1 * 2**96, but it won't!

Lastly, let’s talk about type confusion

It’s easy to forget that you’re dealing with Q64.96 numbers and treat them like regular integers. This can lead to some seriously weird results.
For instance:
1uint256 price = 1500 * 2**96;  // Q64.96 representation of 1500
2require(price > 1000, "Price too low");  // This will ALWAYS be true!
You might be thinking, “But 1500 is clearly greater than 1000, so what’s the problem?”
The issue is that we’re comparing a Q64.96 number to a regular integer. The Q64.96 number is MUCH larger due to the 2⁹⁶ multiplication.
So, how do we avoid these pitfalls? Don’t worry, we’ve got you covered in the next section on best practices.

Best practices for secure coding with Q64.96 numbers

Alright, now that we’ve scared you with all the things that can go wrong, let’s talk about how to do things right. Don’t worry, it’s not all doom and gloom!
First up, you might be thinking, “Can’t I just use SafeMath like I do with regular integers?” Good instinct! But unfortunately, SafeMath isn’t designed for Q64.96 numbers. So what do we use instead?
Enter FullMath and FixedPoint96 libraries! These are your new best friends when working with Q64.96 numbers. Let’s look at an example:
1import '@uniswap/v3-core/contracts/libraries/FullMath.sol';
2import '@uniswap/v3-core/contracts/libraries/FixedPoint96.sol';
3function multiplyQ64x96(uint256 a, uint256 b) internal pure returns (uint256) {
4    return FullMath.mulDiv(a, b, FixedPoint96.Q96);
5}
“But wait,” you might say, “what’s this mulDiv function? Why not just multiply and divide?”
Great question! mulDiv is a special function that performs multiplication and division in a way that avoids overflow and preserves precision.
Now, what about division? Remember our precision loss problem from earlier? Here’s how we handle it:
1function divideQ64x96(uint256 a, uint256 b) internal pure returns (uint256) {
2    return FullMath.mulDiv(a, FixedPoint96.Q96, b);
3}
See what we did there? We’re multiplying by Q96 before dividing. This helps preserve precision.
Lastly, let’s talk about comparisons. Remember our type confusion issue? Here’s how to compare Q64.96 numbers correctly:
1function isGreaterThan(uint256 a, uint256 b) internal pure returns (bool) {
2    return a > b;  // Assuming both a and b are Q64.96 numbers
3}

Get the DeFi Protocol Security Checklist

15 vulnerabilities every DeFi team should check before mainnet. Used by 30+ protocols.

No spam. Unsubscribe anytime.

Simple, right? The key is to make sure both numbers are in Q64.96 format before comparing.

Testing and auditing strategies

At this point, you might be wondering, “How can I ensure my Q64.96 implementations are truly secure?”
Great question! While unit tests are important, when it comes to DeFi security, we need to bring out the big guns: fuzzing and formal verification.

Fuzzing: Finding the unknown unknowns

Fuzzing is like throwing a thousand monkeys at your code to see what breaks. Okay, not literally, but close! It involves generating massive amounts of random (or semi-random) inputs to test your functions. This is especially crucial for Q64.96 operations where edge cases can be, well, edgy.
For example, a fuzzer might test your multiplyQ64x96 function with extreme values:
1function testFuzzMultiplyQ64x96(uint256 a, uint256 b) public {
2    vm.assume(a <= type(uint256).max / 2**96);
3    vm.assume(b <= type(uint256).max / 2**96);
4    uint256 result = multiplyQ64x96(a, b);
5    assert(result <= type(uint256).max);
6}
Tools like Echidna or Foundry’s built-in fuzzer can run thousands of these tests, potentially uncovering vulnerabilities you never even considered.

Formal verification: Mathematical certainty

Now, if fuzzing is like throwing monkeys at your code, formal verification is like having a team of mathematicians prove your code is correct. It uses mathematical methods to prove or disprove the correctness of your algorithms.
For Q64.96 numbers, formal verification can be particularly powerful. It can prove that your operations will never overflow, lose precision, or violate any other properties you specify, across all possible inputs.
Here’s where it gets really interesting: Zealynx Security specializes in applying these advanced techniques to DeFi protocols. We’ve used fuzzing and formal verification to uncover subtle bugs that other methods missed. Take a look at how this Advanced Security Test Suite was implemented for this DeFi Protocol.
Advanced Security Test Suite

Comprehensive approach

Of course, the best strategy combines multiple approaches:
  1. Start with thorough unit tests for basic correctness.
  2. Apply fuzzing to uncover unexpected edge cases.
  3. Use formal verification for mathematical certainty.
  4. Finally, consider a professional audit to catch anything you might have missed.
Remember, when it comes to DeFi security, you can never be too careful. The stakes are high, and even a small bug in Q64.96 calculations could lead to significant losses.
By combining these advanced testing strategies, you’re not just writing secure code — you’re building the foundation for a more robust and trustworthy DeFi ecosystem.

Conclusion

Phew! We’ve covered a lot of ground, haven’t we? Let’s do a quick recap:
  1. Q64.96 numbers are a powerful tool for precise calculations in Uniswap and similar DeFi protocols.
  2. They come with their own set of pitfalls, including overflow/underflow risks and precision loss.
  3. Using the right libraries and following best practices can help you avoid these issues.
  4. Thorough testing and professional audits are crucial for ensuring the security of your Q64.96 calculations.
Remember, when it comes to DeFi, precision, and security go hand in hand. By mastering Q64.96 numbers, you’re not just writing better code — you’re contributing to a more secure and reliable DeFi ecosystem.

Let’s Connect:

https://x.com/TheBlockChainer
https://www.linkedin.com/in/carlos-vendrell-felici/
https://linktr.ee/bloqarl

Let’s Collaborate if you need help with:

  • Smart Contract Audits (Solidity, Rust, Cairo)
  • Advanced Security Test Suites (Fuzz, Invariant tests + Formal Verification)
  • Smart Contract Development
  • Web2 Penetration Testing
https://github.com/ZealynxSecurity
https://x.com/ZealynxSecurity
Footer Image

FAQ: Q64.96 numbers in Uniswap

1. Why does Uniswap use Q64.96 instead of regular decimals?
Solidity does not support floating-point numbers natively. Q64.96 is a fixed-point representation that uses 64 bits for the integer part and 96 bits for the fractional part, allowing precise price calculations without rounding errors that would occur with integer-only math.
2. What happens if I multiply two Q64.96 numbers directly?
Direct multiplication of two Q64.96 numbers will almost certainly overflow uint256 because the result scales by 2^192. You must use FullMath.mulDiv() which performs intermediate 512-bit math to avoid overflow while preserving precision.
3. Can I compare a Q64.96 number to a regular integer?
No. A Q64.96 number representing 1.0 is stored as 2^96, which is vastly larger than the integer 1. Both values must be in the same format before comparison, or you will get incorrect results every time.
4. How do ticks relate to Q64.96 numbers?
Ticks are discrete price points on Uniswap's liquidity curve, where each tick represents a 0.01% price change. The sqrtPriceX96 stored internally is a Q64.96 representation of the square root of the current price, and tick math converts between ticks and this Q64.96 price representation.
5. Is fuzzing effective for finding Q64.96 bugs?
Yes. Fuzzing is particularly effective because Q64.96 edge cases are hard to enumerate manually. A fuzzer can test extreme values, near-overflow conditions, and precision-loss scenarios across thousands of random inputs, catching vulnerabilities that unit tests miss.

Glossary

TermDefinition
Fixed-Point ArithmeticA method of representing decimal numbers using integers by reserving a fixed number of bits for the fractional part, avoiding floating-point imprecision in smart contracts.
FullMathA Uniswap library that performs multiplication and division with intermediate 512-bit precision, preventing overflow when working with large fixed-point numbers.
sqrtPriceX96The square root of a token pair's price stored in Q64.96 format, used internally by Uniswap V3 and V4 for efficient price and liquidity calculations.
FuzzingAn automated testing technique that generates large volumes of random or semi-random inputs to discover unexpected behavior, edge cases, and vulnerabilities in code.
TickA discrete price point in Uniswap's concentrated liquidity system, where each tick represents a 0.01% (1 basis point) change in price.
View complete glossary →

Get the DeFi Protocol Security Checklist

15 vulnerabilities every DeFi team should check before mainnet. Used by 30+ protocols.

No spam. Unsubscribe anytime.

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx