veric.audit/ hooks
All certified hooks

Aerodrome Dynamic-Fee Hook

PASSMechanical derivation
Base0x2B9a17Ce4F08d3E5a6710bB29C8fD41e0A3b75C2Explorer TVL $12.8M (approx)

Don’t trust — verify

Re-check this certificate yourself with the open-source MIT checker. It pulls the live bytecode via eth_getCode, confirms it hashes to the pinned bytecode_hash, fetches and hashes the witness, replays the derivation locally, and prints PASS only if all hold — trusting nothing from veric.audit except the math.

tarski-verify-veric verify --cert base-mechanical.hook-cert.json
Checker: tarski-verify-veric@0.4.2tarski-verify-veric repo (MIT)

What this proves

  • For this exact bytecode on this chain, the cork-class access-control + state-transition property holds.
  • The specific failure shape that cost Cork Protocol ~$11M is provably absent — to the strength stated by the trust flavour.
  • The result is re-checkable by the open MIT tarski-verify-veric checker, trusting nothing from this site.

What this does NOT prove

  • That the hook is safe, bug-free, or audited overall.
  • Anything about reentrancy, oracle/MEV, donation, rounding, admin/upgrade, or economic-design risk.
  • Anything about a different bytecode, a different chain, or the surrounding protocol.
  • Liveness or fitness for purpose.
  • A guarantee over time — a proxy upgrade or redeploy voids this cert.

The certificate

Property
cork-class/access-control+state-transition
Verdict
PASS
Trust flavour
mechanical-derivation
Analyzer
tarski-verify-veric@0.4.2 (3034b09)
Checked at
23 May 2026
Expires
Never on a clock — a bytecode change voids it
Bytecode hash (the pin)
sha256:1d72e0a98c4b3f6512de07a8b94c1f30e5d29a6740bc81f3e09d52a4187c63bf

This cert is valid only for this exact bytecode. A proxy upgrade or redeploy changes the hash and voids the cert.

Raw .hook-cert.json (the exact bytes a re-checker consumes)
{
  "schema": "hook-cert/v1",
  "subject": {
    "kind": "uniswap-v4-hook",
    "chain": "base",
    "address": "0x2B9a17Ce4F08d3E5a6710bB29C8fD41e0A3b75C2",
    "bytecode_hash": "sha256:1d72e0a98c4b3f6512de07a8b94c1f30e5d29a6740bc81f3e09d52a4187c63bf"
  },
  "property": "cork-class/access-control+state-transition",
  "verdict": "PASS",
  "trust_flavor": "mechanical-derivation",
  "analyzer": {
    "name": "tarski-verify-veric",
    "version": "0.4.2",
    "git": "3034b09"
  },
  "evidence": {
    "witness_uri": "veric.audit/witness/base-mechanical.json",
    "witness_hash": "sha256:6b04e1d3a87f29c450e1b8d2796af34c0e5172d9b8430af6125e9c073d8a41fe"
  },
  "recheck": {
    "checker": "tarski-verify-veric",
    "checker_version": "0.4.2",
    "cmd": "tarski-verify-veric verify --cert base-mechanical.hook-cert.json"
  },
  "checked_at": "2026-05-23T20:11:54Z",
  "expires_hint": null
}

Witness

This is the re-checkable witness the cert points at — the artifact the trust rests on. You don’t trust this rendering; you trust the re-check. Confirm the bytes hash to the pin below.

witness_hashsha256:6b04e1d3a87f29c450e1b8d2796af34c0e5172d9b8430af6125e9c073d8a41fe
{
  "schema": "hook-witness/v1",
  "cert_ref": "base:0x2B9a17Ce4F08d3E5a6710bB29C8fD41e0A3b75C2",
  "analyzer": {
    "name": "tarski-verify-veric",
    "version": "0.4.2"
  },
  "trust_flavor": "mechanical-derivation",
  "inputs": {
    "chain": "base",
    "address": "0x2B9a17Ce4F08d3E5a6710bB29C8fD41e0A3b75C2",
    "bytecode_hash": "sha256:1d72e0a98c4b3f6512de07a8b94c1f30e5d29a6740bc81f3e09d52a4187c63bf",
    "property": "cork-class/access-control+state-transition",
    "evm_semantics": "cancun"
  },
  "derivation": {
    "method": "abstract-interpretation+declared-assumption",
    "assumptions": [
      "The external library at 0x9c…f3 delegatecalled from afterSwap is assumed to preserve the caller-guard; its bytecode is not in scope of this proof and is recorded as a declared assumption."
    ],
    "steps": [
      {
        "id": "decode",
        "summary": "Lift bytecode to the typed CFG; recover the hook callback entry points."
      },
      {
        "id": "access-control",
        "summary": "Prove every in-scope state-mutating callback is PoolManager-guarded."
      },
      {
        "id": "state-transition",
        "summary": "Prove the settlement invariant holds for all in-scope paths, modulo the declared delegatecall assumption."
      }
    ],
    "conclusion": "PASS"
  }
}

This cert pins bytecode sha256:1d72e0a98c4b3f6512de07a8b94c1f30e5d29a6740bc81f3e09d52a4187c63bf. If the contract is upgraded or redeployed, the pin no longer matches and the cert is pulled on the next pipeline run. A row disappearing is not a published statement about the hook.