From Uniswap V4 to the native protocol of Artela, the advanced journey of the DeFi Hooks revolution

CN
PANews
Follow
1 year ago

What are Hooks

Hooks, also known as Hook programming, is a programming pattern in which developers can insert custom code into the execution path of a system, application, or library without modifying the original code, using predefined functions or code blocks called Hooks. Hooks are commonly used in various programming environments and frameworks, such as operating systems, frameworks and libraries, web development, and plugin systems.

By using Hooks, developers can increase the scalability and customizability of programs without the need to modify the original code for every change or expansion requirement, helping to maintain clean and robust code. Hooks provide an elegant way to extend software and are a very useful programming model in software design.

In particular, Aspect-oriented Programming (AOP) is often compared with Hook programming. AOP is a modular programming paradigm for implementing cross-cutting concerns, with the goal of enhancing or modifying functionality without changing the main business logic. AOP is a higher-level abstraction of Hook programming.

Uniswap V4: The Revolution of Hooks

From Uniswap V4 to the Artela native protocol, the advanced journey of DeFi Hooks revolution

In June 2023, Uniswap announced and released a draft version of the Uniswap V4 whitepaper, with an important feature of Uniswap V4 being the introduction of Hooks.

In fact, Hooks have been widely used in the financial systems of Web2, as these systems often require a high degree of customization and scalability. Customization scenarios include inserting additional validation logic before and after transaction execution through Hooks, such as two-factor authentication, risk control checks, and anti-money laundering (AML) strategies. Scalability scenarios include integrating with external APIs or microservices through Hooks to expand new features in financial systems, such as identity verification services, currency conversion, and payment gateways. However, introducing Hooks into DeFi, Uniswap has pioneered in this area.

The essence of Uniswap V4 Hooks is an external contract created and defined by developers, which can be bound to a Hook contract when a liquidity pool is created. Subsequently, the liquidity pool will call the specified operations of the previously bound Hook contract at different stages of its lifecycle, providing a high level of customization. Developers can use Uniswap's Hooks to meet more personalized trading scenarios and build more feature-rich DApps, such as:

  • Dynamic fees: Liquidity pools can dynamically adjust fees based on market volatility or other input parameters through Hooks to better adapt to market conditions.
  • On-chain Limit Orders: Hooks can implement the creation and execution of limit orders on-chain, allowing users to trade at specified prices.
  • Time-Weighted Average Market Maker (TWAMM): Utilize the Hooks mechanism to create liquidity pools that support TWAMM strategies for averaging the execution of large orders over a period of time.

Currently, Uniswap V4 supports four sets of Hook callbacks, each containing a pair of callbacks:

  • beforeInitialize/afterInitialize: Initialize the liquidity pool.
  • beforeModifyPosition/afterModifyPosition: Add/reduce/remove liquidity.
  • beforeSwap/afterSwap: Swap.
  • beforeDonate/afterDonate: Donate (a new feature introduced in Uniswap V4, providing tips to liquidity providers within the trading range).

The following image from the whitepaper shows the process of the beforeSwap/afterSwap Hook callbacks, indicating that the corresponding Hook of the liquidity pool will be checked for the respective flag before and after executing the swap.

From Uniswap V4 to the Artela native protocol, the advanced journey of DeFi Hooks revolution

These Hooks can be executed before the start of a transaction and after its completion, achieving functionality similar to on-chain limit orders. Users can place limit orders on the Hook contract, and then based on custom or oracle judgments, determine whether the price meets the limit in the afterSwap callback. If it does, the transaction is executed; if not, it is canceled.

Uniswap V4 deeply integrates liquidity with the development of DApps through Hooks, enhancing DApp functionality and strengthening the network effect of Uniswap, making it the underlying infrastructure of the entire DeFi ecosystem.

Security Issues of Uniswap V4 Hooks

From Uniswap V4 to the Artela native protocol, the advanced journey of DeFi Hooks revolution

The BlockSec team has previously explored the security risks of the Hooks mechanism in Uniswap V4. Apart from malicious Hook contracts, benign Hook contracts are also highly susceptible to vulnerabilities. The BlockSec team analyzed the Awesome Uniswap v4 Hooks repository (commit hash 3a0a444922f26605ec27a41929f3ced924af6075) and found that over 30% of the projects in the repository had vulnerabilities. These vulnerabilities mainly stem from the risk interaction between Hooks, PoolManager, and external third parties, and can be categorized into two types:

  • Access control issues: Focus on the callback functions in Uniswap V4, which should only be callable by PoolManager and not by other addresses (including EOA and contracts). For example, in cases where rewards are distributed by the liquidity pool key, if the corresponding function can be called by any account, rewards may be incorrectly claimed. Therefore, establishing strong access control mechanisms for Hooks, especially when they can be called by parties other than the pool itself, is crucial.
  • Input validation issues: Various types of attacks, including well-known reentrancy attacks, can result from improper input validation in some vulnerable Hook implementations. The most common scenario is calling untrusted external contracts within certain critical Hook functions. To exploit these vulnerable Hooks, attackers can register a malicious liquidity pool for their fake tokens and then call the Hook to perform operations on the pool. When interacting with the liquidity pool, the malicious token logic hijacks control flow to carry out malicious behavior.

Even with the necessary access control for sensitive external/public functions and validation of input parameters to mitigate the security risks associated with these two types of Hooks, vulnerabilities in contracts cannot be completely avoided, especially if Hooks are implemented as upgradeable contracts, which may encounter issues similar to the UUPSUpgradeable vulnerability in OpenZeppelin.

The reason for this is that Hook programming increases the complexity of smart contracts, thereby increasing the attack vector. For regular smart contracts, OpenZeppelin has a series of best practice libraries to ensure that contracts developed based on it are secure. However, it essentially adds "security usage constraints" for developers. In comparison, Hook contracts require stricter "security usage constraints." Therefore, for Hook programming to be widely applied, a comprehensive framework is needed: it requires a secure execution environment, a programming paradigm suitable for Hooks, and stricter usage constraints.

Artela Aspect: Protocol-Level Support for Hook Programming

From Uniswap V4 to the Artela native protocol, the advanced journey of DeFi Hooks revolution

Uniswap V4 Hooks are implemented through smart contracts, and its security issues are also due to the limitations of smart contracts. Is there a solution that supports Hook programming at the protocol level? Artela Aspect provides us with the answer!

Artela is a highly scalable and high-performance EVM-compatible Layer 1 blockchain network designed to build modular, feature-rich, scalable, and customizable applications for developers. Artela defines a new programmable module as a native extension called Aspect, innovatively introducing AOP into the blockchain network. Aspect needs to specify join points, which are the positions where Aspect is executed throughout the transaction processing lifecycle, similar to Hook callbacks. The join points include:

  • Block Init: Block initialization.
  • Transaction Verification: Transaction verification.
  • Pre Execute: Before execution.
  • Post Execute: After execution.
  • Block Finalize: Block finalization.

Aspect currently only supports Typescript, and its code is compiled into WebAssembly (WASM) bytecode and deployed to the Artela network. After deployment, the owner of the smart contract can bind the contract with Aspect. The smart contract owner is defined as an external account (EOA) address that can pass the check isOwner(address) returns (bool) through the smart contract.

Subsequently, the execution of subsequent transactions calling the smart contract will be handled by Aspect, as shown in the diagram below:

From Uniswap V4 to the Artela native protocol, the advanced journey of DeFi Hooks revolution

As a protocol-level Hooks implementation, Artela Aspects have significant advantages over Uniswap V4 Hooks:

Firstly, Artela Aspects use WASM to execute their code, which is several orders of magnitude more efficient than EVM.

Secondly, Artela Aspects can hook the entire transaction lifecycle, not just the core logic of DeFi, enabling the construction of more feature-rich DApps.

Lastly, and most importantly, Artela Aspects run independently in a secure sandbox environment, ensuring that the execution of Aspects does not affect the security of contract execution.

The isolation of Artela Aspects restricts the mutual calls between Hook contracts and external contracts, addressing the pain points of access control and input validation in Uniswap V4 Hooks. DeFi contracts deployed on Artela, such as Uniswap, can enjoy a faster, stronger, and more secure Hook experience.

Conclusion

As a key participant and leader in the DeFi industry, Uniswap has played a crucial role in driving industry progress and improving functionality. The introduction of Hooks in Uniswap V4 will undoubtedly lead the development direction of DEX and be imitated by successors.

However, Uniswap V4 Hooks are limited by the inherent limitations of smart contracts. Regardless of how robust the protocol is designed and how comprehensive the tool libraries are, it cannot fundamentally prevent the mutual calls between Hook contracts and external contracts, leading to potential security vulnerabilities.

Artela, as a high-performance EVM-compatible Layer 1 blockchain network, has designed Aspect to natively support Hook programming from the protocol level, running independently in WASM, greatly enhancing security. This provides an advanced solution for DeFi protocols that consider security as paramount.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarTechub News
14 minutes ago
From "Huang" to "La": Who is the "Real Tough Guy" during Bitcoin's decline?
avatar
avatarPANews
1 hour ago
In-depth evaluation of the 8 major application scenarios of AI "Super Butler" OpenClaw
avatar
avatar深潮TechFlow
1 hour ago
Silver Delivery Crisis: Paper Prosperity and Physical Shortage
avatar
avatarOdaily星球日报
1 hour ago
Weekly Editor's Picks (0131-0206)
avatar
avatarTechub News
1 hour ago
Arriving at the station, the historical wheels rumble past Rollups.
APP

X

Telegram

Facebook

Reddit

CopyLink