Uniswap V4
MITHRILDEX / AMM · Multi-chain · $3.5B TVL · 8 contracts
Public risk assessment — scores are produced with the same methodology as monitored protocols
Security Profile
92
88
98
88
92
89
39
88
82
100
92
88
98
88
92
89
39
88
82
100
Audit History
Bug Bounty Program
Assessment
Best-in-class DEX architecture. Immutable core, transient storage reentrancy guard, flash accounting, zero oracle deps. D7 pulls score from ADAMANTINE due to 81 validated findings (13 Critical) from deep adversarial research. TRIB-SETTLE-001 (permissionless fund theft via Tribunal composition) is the most severe finding to date, additionally impacting D4. Below ADAMANTINE due to deployment age (18mo), hook extensibility model, and now-demonstrated periphery composition risks.
Dimension Breakdown
How scores work →- Minimal admin surface (fee setting only, capped)
- Transient storage lock eliminates reentrancy class
- Flash accounting enforces within-tx balance invariants
- 58 access control checks across 246 total checks (23.6% check density)
- All core PoolManager functions are view/pure (6 functions)
- Flash accounting IS the primitive, not a vulnerability
- No share-inflation attack surface in singleton design
- 98 state writes but concentrated in ERC6909 token ops (balanceOf, allowance, isOperator)
- MEV is user-side (sandwich), not protocol-level
- Zero value extracted in fork validation
- Zero external oracle dependencies in core
- Self-sovereign pricing via AMM math
- Protocol is oracle SOURCE, not consumer
- 2 price_feed edges are hook-level, sandboxed per-pool
- Deployed 2024-11-27 (~18 months live)
- Uniswap org active since 2018 (8 years)
- V3 never had a protocol-level exploit
- 4 audit firms (ToB, OZ, Spearbit, C4)
- $15.5M bug bounty (largest in DeFi)
- Z-factor: 0.744
- PoolManager is IMMUTABLE (no proxy, no upgrade path)
- Owner = 2-day Timelock controlled by GovernorBravo
- Admin can ONLY set protocol fee controller (capped at 0.1%)
- Cannot drain funds, modify logic, or upgrade contract
- 2 low-severity validated findings
- Strong CI/CD (Lint, MythX, Tests, Release workflows)
- GitHub Actions pinned to commit SHAs
- Immutable contract = no deployment key risk
- Limited public incident response documentation
- Zero external dependencies in core PoolManager
- Hook risk sandboxed per-pool, not protocol-wide
- 14 trust_dependency edges all hook-related
- Bad hook affects one pool, not all of Uniswap
- TRIB-SETTLE-001: Universal Router <-> Compact/Tribunal composition creates permissionless fund theft vector via unlinked sourceClaimHash
- Appears in 1 cross-protocol cascade chain (XPC-014)
- Member of 2 dependency clusters
- Zero downstream protocol dependencies
- Fully isolated architecture — no systemic contagion risk
- Solidity 0.8.26 (stable, no critical known bugs)
- Minimal external dependencies (custom libs)
- Fully verified on Etherscan
- Immutable deployment (no proxy risk)
- 41 mappings in singleton -- well-structured state
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "uniswap-v4"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
registry.getScore("uniswap-v4")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.