Security-first Uniswap v4 hook development. Use when user mentions "v4 hooks", "hook security", "PoolManager", "beforeSwap", "afterSwap", or asks about V4 hook…
v4 Hook Security Foundations Security-first guide for building Uniswap v4 hooks. Hook vulnerabilities can drain user funds—understand these concepts before writing any hook code. Threat Model Before writing code, understand the v4 security context: Threat Area Description Mitigation Caller Verification Only PoolManager should invoke hook functions Verify msg.sender == address(poolManager) Sender Identity msg.sender always equals PoolManager, never the end user Use sender parameter for user identity Router Context The sender parameter identifies the router, not the user Implement router allowlisting State Exposure Hook state is readable during mid-transaction execution Avoid storing sensitive data on-chain Reentrancy Surface External calls from hooks can enable reentrancy Use reentrancy guards; minimize external calls Permission Flags Risk Matrix All 14 hook permissions with associated risk levels:
don't have the plugin yet? install it then click "run inline in claude" again.