From 208a721a8f514c9ade929244cb3c6090f629f5d4 Mon Sep 17 00:00:00 2001 From: Nick Koutrelakos Date: Wed, 1 Apr 2026 09:51:05 -0700 Subject: [PATCH 1/3] [new-plugin] uniswap-v4-security-foundations v1.1.0 --- .../uniswap-v4-security-foundations/LICENSE | 21 ++++++ .../uniswap-v4-security-foundations/README.md | 24 +++++++ .../plugin.yaml | 23 +++++++ .../uniswap-v4-security-foundations/SKILL.md | 65 +++++++++++++++++++ 4 files changed, 133 insertions(+) create mode 100644 submissions/uniswap-v4-security-foundations/LICENSE create mode 100644 submissions/uniswap-v4-security-foundations/README.md create mode 100644 submissions/uniswap-v4-security-foundations/plugin.yaml create mode 100644 submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md diff --git a/submissions/uniswap-v4-security-foundations/LICENSE b/submissions/uniswap-v4-security-foundations/LICENSE new file mode 100644 index 0000000..fb60be1 --- /dev/null +++ b/submissions/uniswap-v4-security-foundations/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2026 Uniswap Labs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/submissions/uniswap-v4-security-foundations/README.md b/submissions/uniswap-v4-security-foundations/README.md new file mode 100644 index 0000000..a01fb26 --- /dev/null +++ b/submissions/uniswap-v4-security-foundations/README.md @@ -0,0 +1,24 @@ +# uniswap-v4-security-foundations + +Security-first guide for building Uniswap v4 hooks covering vulnerabilities, audit requirements, and best practices + +## Source + +This skill is maintained by Uniswap Labs in the [uniswap-ai](https://github.com/uniswap/uniswap-ai) monorepo. + +The canonical source is at [`packages/plugins/uniswap-hooks/skills/v4-security-foundations/`](https://github.com/uniswap/uniswap-ai/tree/main/packages/plugins/uniswap-hooks/skills/v4-security-foundations). + +### What It Does + +- Teaches AI agents security-first v4 hook development practices +- Covers common hook vulnerabilities that can drain user funds +- Provides audit checklists and security patterns + +### Related Skills + +- **uniswap-viem-integration**: Foundational EVM blockchain integration +- **uniswap-cca-configurator**: Configure auction contracts that use v4 hooks + +## License + +MIT diff --git a/submissions/uniswap-v4-security-foundations/plugin.yaml b/submissions/uniswap-v4-security-foundations/plugin.yaml new file mode 100644 index 0000000..2e36157 --- /dev/null +++ b/submissions/uniswap-v4-security-foundations/plugin.yaml @@ -0,0 +1,23 @@ +schema_version: 1 +name: uniswap-v4-security-foundations +version: "1.1.0" +description: "Security-first guide for building Uniswap v4 hooks covering vulnerabilities, audit requirements, and best practices" +author: + name: "Uniswap Labs" + github: "wkoutre" +license: MIT +category: security +tags: + - uniswap + - v4-hooks + - security + - smart-contracts + - audit + - solidity + - ethereum + +components: + skill: + dir: skills/uniswap-v4-security-foundations + +api_calls: [] diff --git a/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md b/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md new file mode 100644 index 0000000..675ca3c --- /dev/null +++ b/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md @@ -0,0 +1,65 @@ +--- +name: uniswap-v4-security-foundations +description: "Security-first guide for building Uniswap v4 hooks" +version: "1.1.0" +author: "Uniswap Labs" +tags: + - uniswap + - v4-hooks + - security + - solidity +--- + +# V4 Hook Security Foundations + +Security-first guide for building Uniswap v4 hooks. Hook vulnerabilities can drain user funds. Understand these concepts before writing any hook code. + +## Overview + +Uniswap v4 hooks are external contracts that execute at key points in the pool lifecycle (beforeSwap, afterSwap, beforeAddLiquidity, etc.). A vulnerability in a hook can compromise all funds in the pool. This skill covers the critical security patterns, common vulnerabilities, and audit requirements. + +## Pre-flight Checks + +1. Foundry (forge/cast) installed for Solidity development +2. Understanding of Uniswap v4 PoolManager architecture +3. Understanding of Solidity security patterns (reentrancy, access control) + +## Key Security Patterns + +### Access Control + +- Only the PoolManager should be able to call hook functions +- Validate `msg.sender == address(poolManager)` in every callback +- Never expose admin functions without proper access control + +### Reentrancy Protection + +- Hooks are called during pool operations, creating reentrancy risks +- Use the checks-effects-interactions pattern +- Be cautious with external calls within hook callbacks + +### State Validation + +- Validate all parameters passed to hook callbacks +- Do not trust user-supplied data without verification +- Check return values from external calls + +## Full Skill + +For the complete security guide with vulnerability taxonomy, audit checklists, and tested patterns: + +``` +npx skills add Uniswap/uniswap-ai +``` + +## Error Handling + +| Error | Cause | Resolution | +|-------|-------|------------| +| Hook callback reverts | Invalid access control or state | Verify msg.sender is PoolManager | +| Unexpected pool state | Hook modified state incorrectly | Review state transitions in hook logic | + +## Skill Routing + +- For viem/wagmi blockchain setup -> use `uniswap-viem-integration` +- For CCA auction configuration -> use `uniswap-cca-configurator` From 2643a7daf30034fbe1582e2806ab1470dec64216 Mon Sep 17 00:00:00 2001 From: Nick Koutrelakos Date: Wed, 1 Apr 2026 09:55:41 -0700 Subject: [PATCH 2/3] simplify SKILL.md to minimal stub pointing to canonical source --- .../uniswap-v4-security-foundations/SKILL.md | 56 ++----------------- 1 file changed, 5 insertions(+), 51 deletions(-) diff --git a/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md b/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md index 675ca3c..44d5ecf 100644 --- a/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md +++ b/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md @@ -1,65 +1,19 @@ --- name: uniswap-v4-security-foundations -description: "Security-first guide for building Uniswap v4 hooks" +description: "Security-first guide for building Uniswap v4 hooks covering vulnerabilities, audit requirements, and best practices" version: "1.1.0" author: "Uniswap Labs" tags: - uniswap - - v4-hooks - - security - - solidity + - defi --- -# V4 Hook Security Foundations +# uniswap-v4-security-foundations -Security-first guide for building Uniswap v4 hooks. Hook vulnerabilities can drain user funds. Understand these concepts before writing any hook code. - -## Overview - -Uniswap v4 hooks are external contracts that execute at key points in the pool lifecycle (beforeSwap, afterSwap, beforeAddLiquidity, etc.). A vulnerability in a hook can compromise all funds in the pool. This skill covers the critical security patterns, common vulnerabilities, and audit requirements. - -## Pre-flight Checks - -1. Foundry (forge/cast) installed for Solidity development -2. Understanding of Uniswap v4 PoolManager architecture -3. Understanding of Solidity security patterns (reentrancy, access control) - -## Key Security Patterns - -### Access Control - -- Only the PoolManager should be able to call hook functions -- Validate `msg.sender == address(poolManager)` in every callback -- Never expose admin functions without proper access control - -### Reentrancy Protection - -- Hooks are called during pool operations, creating reentrancy risks -- Use the checks-effects-interactions pattern -- Be cautious with external calls within hook callbacks - -### State Validation - -- Validate all parameters passed to hook callbacks -- Do not trust user-supplied data without verification -- Check return values from external calls - -## Full Skill - -For the complete security guide with vulnerability taxonomy, audit checklists, and tested patterns: +This skill is maintained by Uniswap Labs. Install the full version: ``` npx skills add Uniswap/uniswap-ai ``` -## Error Handling - -| Error | Cause | Resolution | -|-------|-------|------------| -| Hook callback reverts | Invalid access control or state | Verify msg.sender is PoolManager | -| Unexpected pool state | Hook modified state incorrectly | Review state transitions in hook logic | - -## Skill Routing - -- For viem/wagmi blockchain setup -> use `uniswap-viem-integration` -- For CCA auction configuration -> use `uniswap-cca-configurator` +Source: [uniswap-ai/packages/plugins/uniswap-hooks/skills/v4-security-foundations](https://github.com/uniswap/uniswap-ai/tree/main/packages/plugins/uniswap-hooks/skills/v4-security-foundations) From 424c67154e99547dda3b3b877a9a608c006da6dd Mon Sep 17 00:00:00 2001 From: Nick Koutrelakos Date: Wed, 1 Apr 2026 10:01:53 -0700 Subject: [PATCH 3/3] add per-plugin install command to stub --- .../skills/uniswap-v4-security-foundations/SKILL.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md b/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md index 44d5ecf..d0a524a 100644 --- a/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md +++ b/submissions/uniswap-v4-security-foundations/skills/uniswap-v4-security-foundations/SKILL.md @@ -16,4 +16,10 @@ This skill is maintained by Uniswap Labs. Install the full version: npx skills add Uniswap/uniswap-ai ``` +Or install just this plugin: + +``` +claude plugin add @uniswap/uniswap-hooks +``` + Source: [uniswap-ai/packages/plugins/uniswap-hooks/skills/v4-security-foundations](https://github.com/uniswap/uniswap-ai/tree/main/packages/plugins/uniswap-hooks/skills/v4-security-foundations)