Home  >  Article  >  From Uniswap V4 to Artela native protocol, the advanced journey of DeFi Hooks revolution

From Uniswap V4 to Artela native protocol, the advanced journey of DeFi Hooks revolution

WBOY
WBOYforward
2024-04-30 16:40:021118browse

What is Hooks

Hooks, namely Hook Programming, is a programming model that allows developers to program in a system and application through Hooks, which are predefined functions or code blocks. Insert custom code into the execution path of a program or library without modifying the original code. Hooks are often used in many programming environments and frameworks, such as operating systems, frameworks and libraries, web development, and plug-in systems.

By using Hooks, developers can increase the scalability and customizability of the program without having to modify the original code for every change or expansion requirement, which helps to keep the code clean and stable. Hooks provide an elegant implementation method for software extension and are a very useful programming model in software design.

Specially, AOP (Aspect-oriented Programming) is often compared with Hook programming. AOP is a modular programming paradigm that realizes cross-cutting concerns, and the goal is also Enhance or modify functionality without changing the main business logic. I won’t expand on AOP in detail here. You can simply think of AOP as a higher-level abstraction of HooK programming.

Uniswap V4: Hooks Revolution

从Uniswap V4到Artela原生协议,DeFi Hooks 革命的进阶之旅

In June 2023, Uniswap announced and published a draft version of the Uniswap V4 white paper. An important feature of Uniswap V4 is Hooks are introduced.

In fact, Hooks have been widely used in Web2 financial systems, because these systems usually require a high degree of customization and scalability. Customized scenarios, such as when processing transactions, use Hooks to insert additional verification logic before and after transaction execution, such as secondary verification, risk control detection, and anti-money laundering (AML) strategies. Scalability scenarios include integrating with external APIs or microservices through Hooks to expand new functions in the financial system, such as identity authentication services, exchange rate conversion, payment gateways, etc. But by introducing Hooks into DeFi, Uniswap has set a precedent.

Uniswap V4 Hooks is essentially an external contract created and defined by developers. When the liquidity pool is created, you can choose to bind a Hook contract. Afterwards, the liquidity pool will call the previously bound Hook contract to perform specified operations at different stages of the life cycle, providing a high degree of customization. Developers can meet more personalized trading scenarios based on Uniswap's Hooks and build DApps with richer functions, such as:

  • Dynamic fees: Through Hooks, the liquidity pool can adjust according to market volatility or Other input parameters dynamically adjust fees to better adapt to market conditions;
  • On-chain Limit Orders: Hooks can create and execute limit orders on the chain, allowing users to Specify the price for trading;
  • Time Weighted Average Market Maker (TWAMM): Use the Hooks mechanism to create a liquidity pool that supports the TWAMM strategy to evenly disperse the transactions of large orders over a period of time.

Currently Uniswap V4 supports four groups of Hook callbacks, each group contains a pair of callbacks:

  • beforeInitialize/afterInitialize: initialize the liquidity pool;
  • beforeModifyPosition /afterModifyPosition: add/reduce/remove liquidity;
  • beforeSwap/afterSwap: exchange;
  • beforeDonate/afterDonate: donation (new feature introduced by Uniswap V4, giving liquidity within the transaction range Tips for sex providers).

The following figure is the process of beforeSwap/afterSwap Hook shown in the white paper. You can see that before and after executing the swap, it will first check whether the corresponding flag of the liquidity pool is turned on. If it is turned on, , the corresponding function of the Hook contract will be called.

从Uniswap V4到Artela原生协议,DeFi Hooks 革命的进阶之旅

These Hooks can be executed before the transaction starts and after the transaction ends, thus achieving functionality similar to on-chain price orders. The user places a limit order on the Hook contract, and then uses a custom or managed oracle in the afterSwap callback to determine whether the price meets the limit. If it does, the transaction will be executed. If it does not, the transaction will be cancelled.

Uniswap V4 deeply binds liquidity to the development of DApp itself through Hooks. It enhances the functions of DApp and also enhances the network effect of Uniswap, making it the underlying infrastructure of the entire DeFi ecosystem.

Security issues of Uniswap V4 Hooks

从Uniswap V4到Artela原生协议,DeFi Hooks 革命的进阶之旅

The BlockSec team has explored the security risks of the Hooks mechanism in Uniswap V4. In addition to the fact that the Hook contract itself is malicious, Benign Hook contracts are also extremely prone to vulnerabilities. The BlockSec team analyzed the Awesome Uniswap v4 Hooks repository (commit hash 3a0a444922f26605ec27a41929f3ced924af6075) and found that more than 30% of the projects in the repository were vulnerable. These vulnerabilities mainly originate from risk interactions between Hook, PoolManager and external third parties, and can be mainly divided into two categories:

  • Access control issues: The main concern is the callback functions in Uniswap V4. These functions should only be called by PoolManager and cannot be called by other addresses (including EOA and contracts). For example, in the case where rewards are distributed by pool keys, rewards may be claimed incorrectly if the corresponding function can be called by any account. Therefore, it is crucial for Hooks to establish strong access control mechanisms, especially since they can be called by other parties besides the pool itself;
  • Input validation issues: Due to some vulnerable Improper input validation in Hook implementations can lead to various types of attacks, including well-known reentrancy attacks. The most common situation is that untrusted external contracts are called in some key Hook functions. In order to attack these vulnerable Hooks, the attacker can register a malicious fund pool for his own fake tokens, and then call the Hook to use the funds. Pool performs operations. When interacting with the pool, the malicious token logic hijacks the control flow in order to engage in unwanted behavior.

Even if necessary access control to sensitive external/public functions is properly implemented and input parameters are verified, which reduces the security risks related to the above two types of Hooks, the contract vulnerability itself cannot be completely avoided. , especially if Hook is implemented as an upgradeable contract, you may also encounter related issues similar to OpenZeppelin's UUPSUpgradeable vulnerability.

The reason is that Hook programming will increase the complexity of smart contracts, thereby increasing the attack vector. For ordinary smart contracts, OpenZeppelin will have a series of best practice libraries to make contracts developed based on it safe, but it essentially adds "safe usage constraints" to developers. Compared with ordinary contracts, Hook contracts require stricter "safety usage constraints". Therefore, for Hook programming to be widely used, a comprehensive framework is needed: a safe execution environment, a programming paradigm suitable for Hook, and stricter usage constraints.

Artela Aspect: Protocol-level support for Hook programming

从Uniswap V4到Artela原生协议,DeFi Hooks 革命的进阶之旅

Uniswap V4 Hooks are implemented through smart contracts, and its security issues are also due to the limitations of smart contracts. Due to the nature of the problem, is there a solution to support Hook programming from the protocol level? Artela Aspect gives us the answer!

Artela is a highly scalable and high-performance EVM-compatible Layer 1 blockchain network designed for developers to build modular, feature-rich, scalable and customizable applications. Artela defines a new programmable module as a native extension called Aspect, which innovatively introduces AOP into the blockchain network. Aspect needs to specify the connection point, that is, the location where Aspect is executed in the entire transaction processing life cycle, similar to the callback of Hook. The connection points include:

  • Block Init: block initialization;
  • Transaction Verification: transaction verification;
  • Pre Execute: before execution;
  • Post Execute: after execution;
  • Block Finalize: The block is finalized.

Aspect currently only supports Typescripts, whose code is compiled into WebAssembly (WASM) bytecode and deployed to the Artela network. After the Aspect is deployed, the smart contract owner can bind the contract to the Aspect. The smart contract owner means that its external account (EOA) address can pass the smart contract isOwner(address) returns (bool) check.

Subsequent transactions that call the smart contract will then be handled by Aspects, as shown in the figure below:

从Uniswap V4到Artela原生协议,DeFi Hooks 革命的进阶之旅

Artela Aspects is implemented as a protocol-level Hooks, compared to Uniswap V4 Hooks have great advantages:

Firstly, Artela Aspects uses WASM to execute its code, and the execution efficiency is several orders of magnitude higher than EVM;

Secondly, Artela Aspects can Hook the entire transaction life Cycles, not just DeFi core logic, can build more feature-rich DApps;

Lastly, and most importantly, Artela Aspects runs independently in a secure sandbox environment. This isolation ensures that Aspects Execution will not affect the security of contract execution.

The isolation of Artela Aspects limits the mutual calls between the Hook contract as a normal contract and other external contracts, solving the pain points of Uniswap V4 Hooks access control and input verification. For DeFi contracts like Uniswap, you can enjoy a faster, stronger and safer Hook experience by deploying it to Artela.

Summary

As an important participant and leader in the DeFi industry, Uniswap has played a vital role in promoting industry progress and improving functions. The Hooks introduced in Uniswap V4 this time have There is no doubt that it will lead the development direction of DEX and be imitated by its successors.

But Uniswap V4 Hooks is limited by the limitations of the smart contract itself. No matter how solid the protocol design is and how complete the tool library is, it cannot prevent the root cause of the conflict between the Hook contract and other external contracts. Calling each other creates potential security vulnerabilities.

As a high-performance EVM-compatible Layer 1 blockchain network, Artela has designed Aspect to run independently in WASM from the beginning of the protocol to natively support Hooks programming, which greatly improves security. This provides an advanced solution for DeFi protocols that regard security as life.

The above is the detailed content of From Uniswap V4 to Artela native protocol, the advanced journey of DeFi Hooks revolution. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:panewslab.com. If there is any infringement, please contact admin@php.cn delete