Uniswap v4 Hooks are a massive new attack surface. Most developers see flexibility. I see risk. In v3, pool logic was rigid and battle-tested. In v4, Hooks let developers inject custom logic at key points - before swaps, after swaps, during liquidity changes. A malicious Hook can: - Redirect swapped tokens to attacker addresses - Block execution to lock user assets - Manipulate dynamic fees to extract value from LPs The "Dynamic Fee Griefing" vector is subtle. If a Hook can alter fees based on sender or pool state, it can extract value from every transaction. Most auditors reviewing v4 integrations focus on core protocol logic. They assume Hooks are safe because they're "just custom logic." But Hooks execute with trust. They access critical pool state. A malicious Hook drains users as effectively as any reentrancy bug. If you're building on v4, your Hook isn't a feature - it's a security surface.