veric.audit/ hooks
All certified hooks

0xC3F1…821B

PASSDegraded
Arbitrum0xC3F1a08E47b29D6510fA8c3b71e0D924A6f5821BExplorer TVL $3.4M (approx)

Don’t trust — verify

Re-check this certificate yourself with the open-source MIT checker. It pulls the live bytecode via eth_getCode, confirms it hashes to the pinned bytecode_hash, fetches and hashes the witness, replays the derivation locally, and prints PASS only if all hold — trusting nothing from veric.audit except the math.

tarski-verify-veric verify --cert arbitrum-degraded.hook-cert.json
Checker: tarski-verify-veric@0.4.2tarski-verify-veric repo (MIT)

What this proves

  • For this exact bytecode on this chain, the cork-class access-control + state-transition property holds.
  • The specific failure shape that cost Cork Protocol ~$11M is provably absent — to the strength stated by the trust flavour.
  • The result is re-checkable by the open MIT tarski-verify-veric checker, trusting nothing from this site.

What this does NOT prove

  • That the hook is safe, bug-free, or audited overall.
  • Anything about reentrancy, oracle/MEV, donation, rounding, admin/upgrade, or economic-design risk.
  • Anything about a different bytecode, a different chain, or the surrounding protocol.
  • Liveness or fitness for purpose.
  • A guarantee over time — a proxy upgrade or redeploy voids this cert.

The certificate

Property
cork-class/access-control+state-transition
Verdict
PASS
Trust flavour
degraded
Analyzer
tarski-verify-veric@0.4.2 (3034b09)
Checked at
22 May 2026
Expires
Never on a clock — a bytecode change voids it
Bytecode hash (the pin)
sha256:84a05f1e9b7c2d3068e1f4a97b50c2d83e60147af9b2e85c310d7f64a209e5cd

This cert is valid only for this exact bytecode. A proxy upgrade or redeploy changes the hash and voids the cert.

Raw .hook-cert.json (the exact bytes a re-checker consumes)
{
  "schema": "hook-cert/v1",
  "subject": {
    "kind": "uniswap-v4-hook",
    "chain": "arbitrum",
    "address": "0xC3F1a08E47b29D6510fA8c3b71e0D924A6f5821B",
    "bytecode_hash": "sha256:84a05f1e9b7c2d3068e1f4a97b50c2d83e60147af9b2e85c310d7f64a209e5cd"
  },
  "property": "cork-class/access-control+state-transition",
  "verdict": "PASS",
  "trust_flavor": "degraded",
  "analyzer": {
    "name": "tarski-verify-veric",
    "version": "0.4.2",
    "git": "3034b09"
  },
  "evidence": {
    "witness_uri": "veric.audit/witness/arbitrum-degraded.json",
    "witness_hash": "sha256:cf28e0719a6b4d35802e1fc4a9d70b386e51294af0b7c63d815ea0972f4d6b3a"
  },
  "recheck": {
    "checker": "tarski-verify-veric",
    "checker_version": "0.4.2",
    "cmd": "tarski-verify-veric verify --cert arbitrum-degraded.hook-cert.json"
  },
  "checked_at": "2026-05-22T09:03:27Z",
  "expires_hint": null
}

Witness

This is the re-checkable witness the cert points at — the artifact the trust rests on. You don’t trust this rendering; you trust the re-check. Confirm the bytes hash to the pin below.

witness_hashsha256:cf28e0719a6b4d35802e1fc4a9d70b386e51294af0b7c63d815ea0972f4d6b3a
{
  "schema": "hook-witness/v1",
  "cert_ref": "arbitrum:0xC3F1a08E47b29D6510fA8c3b71e0D924A6f5821B",
  "analyzer": {
    "name": "tarski-verify-veric",
    "version": "0.4.2"
  },
  "trust_flavor": "degraded",
  "inputs": {
    "chain": "arbitrum",
    "address": "0xC3F1a08E47b29D6510fA8c3b71e0D924A6f5821B",
    "bytecode_hash": "sha256:84a05f1e9b7c2d3068e1f4a97b50c2d83e60147af9b2e85c310d7f64a209e5cd",
    "property": "cork-class/access-control+state-transition",
    "evm_semantics": "cancun"
  },
  "derivation": {
    "method": "abstract-interpretation",
    "degradations": [
      "Loop bound in the afterSwap accounting path exceeded the analyzer's unrolling budget; the path was over-approximated by a sound widening. The PASS holds, but on a coarser abstraction than a conformance proof."
    ],
    "steps": [
      {
        "id": "decode",
        "summary": "Lift bytecode to the typed CFG; recover the hook callback entry points."
      },
      {
        "id": "access-control",
        "summary": "Prove every state-mutating callback is PoolManager-guarded (exact)."
      },
      {
        "id": "state-transition",
        "summary": "Prove the cork-class settlement invariant holds under a sound over-approximation of the unbounded accounting loop."
      }
    ],
    "conclusion": "PASS"
  }
}

This cert pins bytecode sha256:84a05f1e9b7c2d3068e1f4a97b50c2d83e60147af9b2e85c310d7f64a209e5cd. If the contract is upgraded or redeployed, the pin no longer matches and the cert is pulled on the next pipeline run. A row disappearing is not a published statement about the hook.