Core architecture and key features

Direct ERC20-to-ERC20 pairs

• For traders: Reduced transaction costs (from two 0.3% fees to one) and minimized price impact on direct token-to-token swaps.
• For liquidity providers: Enabled LPs to create and provide liquidity for any pair of ERC20 assets, including correlated pairs like two USD-pegged stablecoins. This significantly reduced exposure to impermanent loss compared to providing liquidity against the more volatile ETH.

Core/periphery architecture

• Core contracts: UniswapV2Factory and UniswapV2Pair are minimal, immutable, and highly secure. Their responsibilities are to create pairs, hold liquidity, and enforce the $x \cdot y = k$ invariant. The attack surface of these contracts was deliberately minimized to protect the assets they secure.
• Periphery contracts: The primary periphery contract, UniswapV2Router02, provides a user-friendly and safe interface for interacting with the core. It handles complex logic such as calculating trade routes across multiple pairs, wrapping and unwrapping ETH into WETH, and enforcing user-specified safety checks like slippage tolerance and deadlines. Because periphery contracts are stateless and do not hold funds, they can be updated or replaced over time without requiring liquidity to migrate. This modularization of risk allows for greater flexibility and faster innovation without compromising the security of the core protocol.

Manipulation-resistant TWAP oracles

Flash swaps

Protocol fee mechanism

Security analysis: Vulnerabilities and audits

Formal verification and audit (dapp.org, 2020)

• Router incompatibility with fee-on-transfer tokens: The router assumes that the amount of tokens specified in a transfer is the amount received. For tokens that take a fee during transfer, the pair receives fewer tokens than expected, leading transactions to revert.
• Race condition in liquidity deflation fix: A fix to address a potential liquidity deflation attack introduced a theoretical race condition during liquidity removal.

Deep dive: Sandwich attacks and dynamic pricing risk

• Mechanism: An MEV bot detects a large pending user swap in the mempool and performs two actions in a single bundle: front-runs with a buy to push the price up, then back-runs with a sell after the victim's trade to realize profit.
• Enabling factor: A transparent mempool and user-specified slippage tolerance. The slippage tolerance effectively caps the maximum profit an attacker can extract from a single trade.

Developer integration guide

1. Important considerations for v2 integration

• Interact via the router: For most use cases, interact with UniswapV2Router02. It provides a safe and gas-efficient interface for swaps and liquidity management, abstracting underlying complexity. Direct interaction with pair contracts is for advanced use cases like flash swaps and requires manual safety checks.
• WETH instead of native ETH: The core works exclusively with ERC20 tokens. To trade with native ETH, it must be wrapped into WETH. The router handles wrapping/unwrapping for user-facing functions (e.g., swapExactETHForTokens), but integrating contracts must use the correct WETH address.
• Deterministic pair addresses: V2 uses CREATE2 to deploy pairs, making addresses deterministic. UniswapV2Library.pairFor computes the pair address from the factory and token addresses.
• Token transfer mechanism: Unlike v1, the user or integrating contract must transfer tokens to the pair before calling swap or mint. The pair infers amounts by checking balance deltas, improving gas efficiency and security.

2. Security-specific considerations for v2 integration

• Use the TWAP oracle, not the spot price: For on-chain price needs, query the cumulative price over a sufficient window to compute a manipulation-resistant TWAP. Avoid spot prices.
• Set slippage and deadline parameters: Always supply amountOutMin/amountInMax based on reliable, recent pricing to protect against MEV. Use deadline to avoid stale transactions executing later at unfavorable prices.
• Secure flash swap callbacks: Implement uniswapV2Call carefully to perform intended actions and ensure repayment of the borrowed amount plus the 0.3% fee within the same transaction. Guard against reentrancy attacks.
• Handle fee-on-transfer tokens explicitly: Standard router flows fail for deflationary tokens. Use specialized routers or custom logic that accounts for transfer fees to ensure correct amounts reach the pair.

Forking Uniswap v2: A Security Checklist

Common pitfalls and vulnerabilities in forks

• Incorrect fee implementation: Many forks attempt to add a custom fee mechanism (e.g., a "dev fee" or a fee-to-burn). If the fee is taken before the new reserves are used to calculate the amount of LP tokens to mint, it breaks the $x \cdot y = k$ invariant. This can allow arbitrageurs to systematically drain value from liquidity providers or, in worst-case scenarios, create an "infinite mint" bug that destroys the pool's integrity. Any modification to the fee logic must ensure that the core accounting remains consistent.
• Breaking the TWAP oracle: The security of the v2 oracle relies on the price{0,1}CumulativeLast values being updated precisely once at the beginning of any block where an interaction occurs. Modifying the _update function's logic or timing can corrupt the oracle, making it vulnerable to manipulation and rendering it unsafe for any protocol that relies on it.
• Reintroducing reentrancy risks: The v2 core contracts are secure against reentrancy because they are self-contained and make no external calls during critical state changes. Forks that add external calls within core functions (e.g., calling a staking contract during a swap) reintroduce reentrancy vectors that were explicitly designed out of the original protocol.
• Removing initial liquidity protection: The MINIMUM_LIQUIDITY mechanism, which burns the first small batch of LP tokens, is a deliberate defense against front-running the initial liquidity provider. Some forks have removed this logic to simplify the code, inadvertently exposing the first LP to having their initial deposit stolen.

Security checklist for forking Uniswap v2

• Minimize core contract changes: The golden rule of forking v2 is to avoid modifying UniswapV2Pair.sol unless absolutely necessary. Its logic is highly optimized and battle-tested. If new functionality is required, implement it in the periphery (e.g., a new router or wrapper contract) whenever possible.
• Rigorously test core invariants: If you must modify the core contracts, your highest priority is to prove that the $x \cdot y = k$ invariant is maintained across all functions. This requires extensive testing, including:
  • Property-based testing (fuzzing): Use tools to throw large ranges of random inputs at your functions to search for edge cases that could break the invariant.
  • Mathematical modeling: Formally reason about and, where feasible, prove that your new logic (especially for fees) does not violate the core formula.
• Preserve oracle integrity: Do not modify the logic within _update that handles accumulation of priceCumulativeLast. Ensure that this update occurs before any reserve changes are made within a transaction and is correctly weighted by the block timestamp.
• Isolate external calls: If new functionality requires an external call, it must never be placed within a core function like swap, mint, or burn. Isolate such calls in the router or in separate contracts that interact with the pair contract only after the core state changes have been completed and committed.
• Fork the entire test suite: Do not just fork the contract code. Fork, adapt, and expand the complete Uniswap v2 test suite. Ensure high coverage for all original functionality and write comprehensive new tests that specifically target your modifications.
• Conduct a full, independent security audit: A fork is a new protocol. It must undergo a professional security audit from a reputable firm. The audit scope must explicitly include analyzing the impact of your changes on the original protocol's security assumptions.
• Understand fee-on-transfer tokens: If your goal is to add native support for fee-on-transfer tokens, be aware that this is a non-trivial change. The core logic relies on checking the balance delta to calculate input amounts. Any modification here must be carefully designed to prevent accounting errors that could be exploited.

Conclusion

Get in touch

FAQ: Uniswap v2: Core mechanics