Vanguard

First Flight #56

Beginner FriendlyDeFiFoundry

0 EXP

View all submissions

Previous Next

Submission Details

Impact: high

Likelihood: high

Deploy Script Uses Wrong Hook Flag (BEFORE_INITIALIZE Instead of AFTER_INITIALIZE)

Author Revealed upon completion

Description

Uniswap V4 hooks must have their address match specific bit flags indicating which hook callbacks they implement. The HookMiner is used to find a salt that produces an address with the correct flags.
The deploy script mines for an address with BEFORE_INITIALIZE_FLAG, but the contract actually implements afterInitialize (setting afterInitialize: true in permissions). This mismatch will cause deployment validation to fail.

// deployLaunchHook.s.sol - WRONG FLAG

uint160 flags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.BEFORE_INITIALIZE_FLAG);

// @> Should be AFTER_INITIALIZE_FLAG

// TokenLaunchHook.sol - Actual permissions

function getHookPermissions() public pure override returns (Hooks.Permissions memory) {

return Hooks.Permissions({

beforeInitialize: false, // @> Not using beforeInitialize

afterInitialize: true, // @> Using afterInitialize

// ...

beforeSwap: true,

// ...

});

}

Risk

Likelihood:

This will occur on every deployment attempt using the provided script
The address mined will have incorrect flag bits

Impact:

Uniswap V4 PoolManager will reject the hook during pool initialization due to flag mismatch
Protocol cannot be deployed using the provided deployment script
Developers must manually fix the script before any deployment

Proof of Concept

Compare flag values - script uses BEFORE_INITIALIZE_FLAG, hook requires AFTER_INITIALIZE_FLAG.

function test_DeployScriptWrongFlag() public {

// The deploy script uses:

uint160 wrongFlags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.BEFORE_INITIALIZE_FLAG);

// But the hook implements:

uint160 correctFlags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.AFTER_INITIALIZE_FLAG);

// These will mine different addresses

assertNotEq(wrongFlags, correctFlags, "Flags should be different");

// Deployment with wrong flags will fail Uniswap's hook validation

}

Recommended Mitigation

Change flag from BEFORE_INITIALIZE_FLAG to AFTER_INITIALIZE_FLAG.

// script/deployLaunchHook.s.sol

function run() public {

// hook contracts must have specific flags encoded in the address

- uint160 flags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.BEFORE_INITIALIZE_FLAG);

+ uint160 flags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.AFTER_INITIALIZE_FLAG);

// Mine a salt that will produce a hook address with the correct flags

// ...

}

Rewards breakdown

nSLOC

273

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!