04-06, 12:55–13:15 (Europe/Zurich), Verge Stage
During the presentation, I would like to share practical insights and tips from our in-depth research conducted with the support of a grant from the Uniswap Foundation. It will be a journey into the heart of Uniswap V4's architecture, where we'll unravel the complexities and innovations of its hooks mechanism. Based on examples, I will discuss the threats specific to most popular hook use cases. This talk promises to be a treasure trove of insights for anyone keen on mastering Uniswap V4 hooks and fortifying their security.
Key Takeaways for audience:
- A richer understanding of Uniswap V4's innovative architecture.
- Practical strategies for developing and securing hooks.
- Insights from research supported by the Uniswap Foundation Grant.
- Further materials they can use to increase the security of their hooks.
I would like to share practical insights and tips from our in-depth research conducted with the support of a grant from the Uniswap Foundation. This presentation is designed to provide attendees with a holistic view of Uniswap V4 hooks, from their architecture and use cases to the crucial aspect of security. It aims to equip developers, researchers, and enthusiasts with the knowledge and tools needed to navigate the complexities of Uniswap V4, ensuring a safer and more reliable DeFi future.
The talk will begin with an in-depth introduction to the Uniswap V4 architecture, laying a foundation for understanding its innovative framework.
However, the focus will be placed on the security threats associated with hooks. By examining the landscape of potential vulnerabilities, the presentation will expose the risks that developers and users face need to be aware of when using Uniswap V4 hooks. I will present examples of both malicious and vulnerable hooks that have been identified in the ecosystem during our research. This will include a detailed analysis of how these hooks were exploited and the implications of such security breaches.
My goal is to make this session an invaluable resource for anyone looking to deepen their understanding and enhance the security of decentralized finance platforms.
Web3 Security Reviewer & Researcher with over 5 years of experience in Web3Sec.
-
Programming:
Beginning his journey in 2005 as a backend developer, Damian collaborated with a diverse array of companies spanning multiple industries. By 2009, he pivoted towards cyber security, embarking on an academic pursuit that culminated in a PhD from Warsaw University of Technology. -
WebSec:
With a solid foundation in programming, Damian ventured into Web2 security in 2016. His expertise led him to conduct numerous pentests and source code reviews, predominantly for banking and fintech sectors. -
Web3Sec:
In 2018, Damian delved into the Web3 security domain, pioneering the Smart Contract Security Verification Standard – the most extensive security checklist for Web3 initiatives to date. Throughout this period, he has been a speaker at various conferences, including EthCC, Web3 Security Conference, ETHWarsaw, OWASP AppSec Global, Confidence and InfoShare. -
By 2022, Damian took another significant step by co-founding Composable Security, a firm dedicated to Web3 security assessments and consultations.