How Does Uniswap V4 Work?

All pools consolidated into a single PoolManager contract, eliminating per-pool contract deployments and reducing gas costs

Singleton architecture concentrates all liquidity and pool logic in one contract. Reduces gas by ~99% for pool creation but increases systemic risk — a bug in PoolManager affects all pools.

Permissionless hooks allow arbitrary smart contract code to execute at 8 lifecycle points: before/after initialize, swap, modify position, and donate

Hooks are the defining V4 innovation. They enable dynamic fees, custom oracles, limit orders, and novel trading mechanisms. However, 36% of analyzed hooks were found potentially vulnerable to attacks.

Hooks can take full custody of pool assets via custom accounting, controlling deposits, withdrawals, and delta resolution

Custom accounting is the most dangerous V4 feature. Unlike vanilla hooks, custom accounting hooks control underlying liquidity — any bug is likely catastrophic.

Inherited from V3: LPs allocate capital within custom price ranges for capital efficiency

Same concentrated liquidity model as V3, with the same IL and JIT liquidity risks, but enhanced by hooks that can modify behavior.

Hooks can implement dynamic fee structures that adjust based on market conditions, volatility, or custom logic

Dynamic fees enabled by hooks replace V3's static fee tiers. Can optimize for LPs but also introduce complexity and potential manipulation.

Transient storage-based flash accounting where balances are tracked temporarily within a transaction, settled at the end

Flash accounting reduces gas for multi-hop swaps by deferring settlement. Uses EIP-1153 transient storage for efficiency.

UNI token governance inherited from Uniswap governance framework

Same UNI governance as V2/V3. Protocol fee switch and governance parameters apply to V4.

V4 supports native ETH pools directly, eliminating the need for WETH wrapping

Native ETH support reduces gas costs and simplifies UX, but introduces different security considerations than WETH-based pools.

Any developer can deploy hooks that execute arbitrary code during swaps. Malicious or buggy hooks can steal LP funds, manipulate prices, or deny service. Users may not realize the hook attached to their pool is unaudited. The Cork Protocol $11M hack demonstrated this exact vector.

Custom accounting hooks take full control of pool assets, enabling sophisticated logic but creating a single point of failure. A bug in custom accounting logic can drain the entire pool's liquidity — these hooks effectively become the custodians of all deposited assets.

All V4 pools share the same PoolManager contract. While this reduces gas costs, a critical vulnerability in the PoolManager would expose all pools simultaneously, potentially putting the entire $640M+ TVL at risk in a single exploit.

Dynamic fee hooks could be engineered to front-run or sandwich trades by adjusting fees in real-time based on pending transaction data. This creates new MEV vectors beyond traditional sandwich attacks.

The permissionless hook ecosystem means most hooks will be unaudited or poorly audited. Users interact with pools without understanding the security posture of the attached hook. Aggregators may route through pools with vulnerable hooks unknowingly.