Back to Blog 
UniswapDeFiWeb3 Security
Uniswap V4 Hooks — Introduction to Hooks — Find the answer to your questions
Below, you will find questions asked by the students of the Uniswap Hook Incubator Cohort 2 managed by Atrium Academy + Uniswap Foundation, and answered by Haardik, our instructor.
This lesson was an introduction to Uniswap v4 Hooks, with theory and technical parts, so the questions below will be both about overall functionality and specific technicalities.
1. If a hook contract function is being called within another function, it will be needed to complete in a single transaction or block time like a flash loan? If yes, we can’t have large logic within hooks?
They assume synchronous behavior by default, but there are ways to, technically, make them async. It’s up to you. You create these hooks however you want.
2. Will Uniswap curate hooks? Because there could be malicious hooks, or really high-quality hooks that have lots of functions and capabilities.
V4 isn’t deployed to mainnet, so that’s not a real issue as of today. But, eventually, when permissionless routing begins, it will, they’ll probably have some thought into it. But, like, on day 1 of coming to mainnet, the website, will probably not be sending users through random pools with random hooks. It’ll come later.
3. Is there only one hook (before/after) per token pair? or you can plug and play any hook (before/after) during a swap
Each pool only has one hook max. We have many different hooks. So I’ve kind of tried to categorize them a little bit over here. So there’s before and after initialize. These get called when a new pool is created. So when a pool is being set up for the very first time, you know, it has the possibility of going through before initialize and after initialize calls. Then we have before and after for add liquidity and remove liquidity. And this is kind of self explanatory by the name, but they’re called before and after you add or remove liquidity.
Then we have, like, before swap and after swap that we’ve already talked about. There’s also before donate and after donate. Donations are something we haven’t yet talked about right now, but, they have they’re like a niche thing. They have, like, a use case in very, very specific cases, but donations are literally like you’re just donating money to the LPs in a pool. So, like, if you wanna give them a tip, maybe for some reason, maybe you love the LPs and you wanna thank them for adding liquidity to your obscure shitcoin, I mean, you can just tip them occasionally and call donate, and they’ll be happy about it.
But, yeah, donate hooks run over there. And then before and after, swap, add liquidity, remove liquidity, return delta, These are some advanced hooks. We’re not gonna talk about this right now. We’ll talk about this later, but these are some some some advanced hooks, we’ll go through, like, in the second half of the cohort.”
So while each pool can only have one hook contract, that contract can implement multiple hook functions for different actions (like before swap, after swap, before add liquidity, etc.). The specific hooks that are enabled for a pool are determined by the address of the hook contract, which we’ll cover in the next question about address mining for hooks.
4. Does the core pool logic also manages the transfer of tokens or only accounting? If only accounting then why not transfers?
No token transfers actually happen until the very end. So let’s talk about how this works. So the main logic behind this is really this locking mechanism that v4 has. So, basically, what happens is, let’s say, whenever you want to do some actions in the Pool Manager, the top level functions, like swap and modify position and stuff like that, they’re actually not callable by an end user. Like, an EOA, an EOA address, like your MetaMask wallet or something, you can’t actually call those functions on the pool manager.
What you need is you need a router contract to call those functions on your behalf. Right? This is this also used to happen in Uniswap v3 where, you’d actually be going through a router contract to all the actual pool contract. Like, those functions are not callable directly as an end user. But what would happen is, basically, when the router contract starts that call to the pool manager, they first call this function called unlock.
And you can kind of think of it, you know, like, the pool manager is initially in a state of being locked. When your transaction begins, you first unlock the pool manager, and, you know, it must not already be unlocked. Otherwise, that will revert. So once it is unlocked, the pool manager will do a callback to your contract, to the router contract. So it’ll call this callback function.
Inside this callback function, you do whatever you wanna do. You do a swap, you add some liquidity somewhere, you remove some liquidity from some other place, you do another swap perhaps, you do whatever you want. And then, eventually, you return from that callback function. Once you return from the callback function, as you were doing those actions, v4 kept track of how the balances were changing. It did accounting internally.
Right? Like, how much money does the user owe to the pool manager and how much money does the pool manager owe to the user? So it kept track of that at every single action. Like, if you started off with sell 1 ETH for some USDC, it kept track of, okay. I need to take money from the user. I need to give them back 35100 USDC. And then maybe you were like, okay. Now take the USDC and swap a 1,000 of it for some other token. So then it kept track of that. And it’s it, like, accounts for every single thing you did at every single action.
But then, eventually, when you return, at that point, the overall thing should be balanced. At that point, there shouldn’t be any pending balances. So by the end of all of your actions, you must have settled all balances. You must have given the pool manager any money you owed to it, and you must have taken from the pool manager any money it owed to you. And if that was not the case, if there was a balance that hadn’t been settled, your transaction would revert.
Otherwise, the pool will lock itself again and your transaction will succeed.
5. How are the hooks enforced? I mean they’re connected to a specific LP, like when users add liquidity they add LP connected to a specific hook logic?
Just to clarify, there’s a little bit of confusion over there. LPs don’t have hooks. LPs are users. Hooks are attached to pools.
6. Do we have to write the router contract ourselves or it’s available?
There are basic routers available. Like, some routers are available like they did with v3, but you always have the option of creating your own router contract if you need to for some very specific thing maybe, that does not exist. But, if the basic thing doesn’t fulfill your needs, you can create your own.
7. What is transient storage EIP number?
EIP number 1153. Transient Accounting (Transient Storage) is a very, very new EIP that very recently got merged into Ethereum mainnet.
And the cool thing about transient storage is it’s very cheap to read and write data to and from transient storage, but that data only exists within the context of a single transaction. Right? It doesn’t exist outside of that transaction. So you can start writing to transient storage at the beginning of a transaction, and then you can read from it until the end of the transaction. But after the transaction is done, it’s like it never existed. Right? But it’s really cheap to use, which is kind of nice.
8. Do the LPs in V4 would be able to earn more and less impermanent loss? If yes how?
The core logic of v4 is the same as v3. Swaps, fees, LP positions, etcetera, work the exact same as v3. So assuming a pool with no hooks attached, they work exactly the same as v3. But you can create hooks that try to maximize yield for LPs and give them more and reduce impermanent loss, but the default behavior of v4 is no different than v3.
9. Are these hooks sync / async??
They assume synchronous behavior by default, but there are ways to technically make them async. It’s up to you. You create these hooks however you want.
10. How does Uniswap handle malicious hooks?
V4 isn’t deployed to the mainnet, so that’s not a real issue as of today. But, eventually, when permissionless routing begins, it will, they’ll probably have some thought into it. But, like, on day 1 of coming to mainnet, the website, will probably not be sending users through random pools with random hooks. Like, it’ll come later.
11. In 1155, all the tokens are similar or the same, but 6909 can have different tokens of the same token architecture, right?
ERC-6909 is just multiple ERC-20s in a single contract. So, it’s not like you can have, like, an ERC-20 and an ERC-721 in there or something. No. Like, there’s just multiple ERC twenties.
12. If I would like to know the price of, say, ETH in USDC, would I need to query by pair, fee, and hook? Is there a way to receive a list of all hooks?
If you wanna look up a price of a pair, then, yes, you need to know the specific pool you wanna check. And, again, there might be multiple ETH to USDC pools as you said, but, yeah, you can when you’re looking at price or need to specify a specific ETH-USDC pool to look into, each pool only has one hook max.
So, I mean, if you’re trying to figure out all the ETH-USDC pools that exist, you’re gathering this data off-chain, I’m assuming. So, it’s kinda like you index all the pool creation events from the Pool Manager contract and find all the pools where the token pair is ETH and USDC.
13. Even if we manage to mine an address, how do we make sure the hook is deployed to that address? We cannot specify the address to deploy to beforehand, right?
You can. You can do it. There’s an EVM opcode called create2, which allows you to figure out a deployment address before the contract is deployed. So all hooks must be deployed through the create2. So you can mine a very specific address and then deploy your hook over there.
14. Is the idea that the best pool with the best hook will attract the most liquidity?
Not necessarily. It’s really more about, there’s gonna be different use cases. Right? So, for example, the average everyday uninformed trader might be going through the default ETH-USDC pool, which perhaps has no hook attached at all. But then let’s say somebody else who maybe wants to do very large trades. They’re trading, like, $50,000,000 at a time perhaps. They might wanna go through a pool which has a hook attached, which can help reduce MEV and reduce their risk of sandwich attacks and, you know, give them better price efficiency for that money. So they might choose that.
But on the other hand, an LP who might wanna, you know, not worry about rebalancing their position and wants that stuff to happen automatically. They might go through a pool which has a hook, which does that for them. It automatically rebalances their liquidity.
So, different use cases for different people is kind of a more analogy, I think. But for the average everyday uninformed trader, they’re probably going through whatever the frontend takes them through or whatever their wallet will take them through.
15. Is it good to call unlock in a hook contract inside a non-hook function? or only meant to be called via routers?
You can call unlock from anywhere. Any contract can call unlock to do something with the Pool Manager and then lock it again. It doesn’t in fact, you cannot call unlock inside of a hook contract, actually, because the fact you even got to a hook function means somebody called unlock, did something, which then called your hook.
So, you and you cannot call unlock twice. So it’s actually not possible to call unlock inside a hook contract inside a regular hook function.
But in a non-hook function, you can do that. Yes. Sorry. I misread your question. In a non-hook function, you can do that. Yes.
16. Can hooks be updated after pool creation?
No. I mean, I guess you can use proxies and stuff like people are saying, but, not other than that.
If you have any questions that were not answered here, now is your chance!!
Ask it in the comments and I will get back to you with the answer you seek.
Make sure to subscribe and stay tuned since I’ll be posting more Uniswap V4 content for the next months.
Let’s connect:
Let’s Collaborate if you need help with:
- Smart Contract Audits (Solidity, Rust, Cairo)
- Advanced Security Test Suites (Fuzz, Invariant tests + Formal Verification)
- Smart Contract Development
- Web2 Penetration Testing
Glossary
| Term | Definition |
|---|---|
| Hooks | External smart contracts in Uniswap v4 that execute custom logic at specific points in a pool's lifecycle. |
| Pool Manager | The singleton contract in Uniswap v4 that manages all pools, liquidity, and swaps in a unified system. |
| Address Mining | Process of finding a contract deployment address with specific properties, used in Uniswap v4 to configure hook permissions. |
| ERC-6909 | Minimal Multi-Token Interface standard used in Uniswap v4 for gas-efficient token accounting. |
| Transient Accounting | EIP-1153 storage pattern tracking net balance changes within transactions, settling only final amounts to reduce gas costs. |
| Flash Accounting | A gas optimization technique that tracks balance deltas during a transaction and only settles the final net amount. |
