A New Security Framework for Hook Developers

Hooks unlock new capabilities: custom curves, liquidity management, external integrations, and autonomous parameter tuning. These features introduce security risks that differ from traditional smart contracts. Understanding common failure patterns early helps teams design safer systems.

To support the developer community in shipping secure hooks, we’re introducing a Self-Directed Security Framework: an open-source resource designed to help hook teams understand their security risks and implement best practices as they build.

This framework is built on four core principles that reflect how we think about hook security:

Developer ownership is key
Teams are responsible for their own security posture. The framework provides the tools and guidance; teams decide how to apply them based on their specific context and constraints. 

Transparency is non-negotiable
We believe in clear, public communication about security risks. Audit reports should be published, upgrade policies should be documented, and vulnerability disclosure should be handled responsibly. When teams are transparent about their security approach, the entire community benefits from shared learnings and trust.

Risk response should be proportional
Security requirements should match the actual risk at hand. A simple hook with limited scope and minimal dependencies needs less oversight than a complex, autonomous system managing external liquidity with multiple integrations. By tailoring recommendations to each hook's specific characteristics, we avoid both under-securing high-risk projects and over-burdening simple ones.

Community-driven evolution
This framework isn't static. We expect it to evolve based on feedback from developers, auditors, and the broader Uniswap community. As the hook ecosystem matures and we learn from real-world implementations, we'll continue refining and expanding the resources we provide.

Score Your Hook Risk

The framework and accompanying worksheet are available on Uniswap v4’s documentation here.

Note: This is a public resource. The Uniswap Foundation does not review submissions, validate scores, or certify implementations. Use of this framework is voluntary and self-directed.