BoostHook is a Uniswap V4-style hook contract. Hook contracts execute alongside swaps and can introduce vulnerabilities in their beforeSwap / afterSwap / beforeAddLiquidity callbacks. Common subtypes: (a) missing authorization checks allowing arbitrary callers to invoke hook entry points, (b) improper validation of pool/sender state inside the hook, (c) accounting flaws where hook-collected fees or rewards are credited to the wrong account, (d) reentrancy into the PoolManager via the hook. The small loss size suggests a precise targeted call against a hook function with insufficient caller validation rather than a broad math exploit.
Method: Uniswap V4 hook-contract logic exploit. Root cause: BoostHook is a Uniswap V4-style hook contract. Hook contracts execute alongside swaps and can introduce vulnerabilities in their beforeSwap / afterSwap / beforeAddLiquidity callbacks. Common subtypes: (a) missing authorization checks allowing arbitrary callers to invoke hook entry points, (b) improper validation of pool/sender state inside the hook, (c) accounting flaws where hook-collected fees or rewards are credited to the wrong account, (d) reentrancy into the PoolManager via the hook. The small loss size suggests a precise targeted call against a hook function with insufficient caller validation rather than a broad math exploit. Attack tx: 0xb45cc4d9c13c2c24b4bbf71db9e6f52ed24d174ad23ed2622a290289cebd3811. First flagged by TenArmor TenMonitor.
- chain
- ethereum
- protocol
- BoostHook
- bug_class
- access-control
- date_occurred
- 2026-05-12
- loss_usd
- $47,500
- source_id
- tenarmor:ethereum:0xb45cc4d9c13c2c24b4bbf71db9e6f52ed24d174ad23ed2622a290289cebd3811