Skip to content

Contracts & security

Hoodl’s on-chain logic is four small contracts. This page describes them, how they’re tested, and where they’re deployed.

The protocol contracts are live on Robinhood Chain mainnet (chain ID 4663), deployed at block 6960162 and verified on Blockscout. Hoodl reads them from @hoodl/config and never hardcodes them.

ContractAddress
HoodlLaunchFactory0x4e872FB872bEf35C6041855C94B63e59397DECFF
HoodlFeeVault0xa321811771d4C8fB4D75A24859330bB5F2e42Ce7
FeeSplitterEscrow0x8c8542Aa27224884D6584655a084712278C8F090

HoodlToken has no fixed address — the factory deploys a fresh token contract for every launch.

ContractRole
HoodlTokenA no-tax ERC-20 with a fixed 1B supply, minted once at launch. No transfer hooks — fees live in the pool, not the token, so aggregator routing is never broken.
HoodlLaunchFactoryThe createToken entry point. In one call it takes the creation fee, deploys the token, creates and seeds the locked full-range single-sided Uniswap V3 position (1% tier), registers the fee split, and runs an optional dev-buy.
HoodlFeeVaultHolds each locked position NFT (liquidity locked forever, collect-only) and distributes fees: 30% to treasury, swap the token side of the 70% into the quote asset (bounded by a price oracle), then deposit to the router.
FeeSplitterEscrowThe fee router. Splits the 70% pool across up to two recipients (wallet or X handle), holds unlinked handles’ shares in escrow, and lets recipients withdraw/claim.
  • Foundry (Solidity), OpenZeppelin 5.x + Solady.
  • solc 0.8.28, EVM target cancun (verified safe on Robinhood Chain).
  • Chain-agnostic — every external address (Uniswap V3, WETH, USDG) is read from a per-chain address book, never hardcoded.

The money-touching contracts are held to a high bar — 64 passing tests:

  • Unit + fuzz on every contract (supply/no-tax, the full escrow register → deposit → withdraw → link → claim lifecycle, the vault’s 30/70 split and oracle-bounded fee swap, the factory’s happy path + reverts, and an end-to-end integration).
  • A solvency invariant on the escrow: the contract’s balance always covers every unclaimed recipient balance, checked across thousands of random deposit/withdraw/link/claim sequences.
  • Range-math fuzzing of the single-sided seed for both token orderings and both quote decimals.
  • Fork tests against live Uniswap V3 on Robinhood Chain (4663) — the seed math and the full deploy + create flow, validated on a mainnet fork.

A Slither static-analysis pass is clean (all findings benign/informational).

An internal security review flagged the risks specific to the single-sided-V3 model, and all of the must-fix items were resolved and re-tested:

  • Single-sided range math — computed per launch for both token orderings and both quote decimals, fork-validated on live Uniswap V3.
  • Pool-poisoning / front-running the pool creation — mitigated with per-launch address entropy and an in-transaction retry, plus a launch-time price assertion.
  • Fee-swap slippage — the memecoin→quote swap is bounded to a time-weighted average price, and the dev-buy takes a creator-supplied minimum-out.
  • Handle-link trust — narrow multisig dispute paths, and a reclaim mechanism that’s disabled by default.

Each token you launch is a plain, fixed-supply ERC-20 (see Launch mechanics) — no owner, no mint, no fees, no transfer hooks. Its source is automatically published to Blockscout right after launch, so anyone (and every scanner) can read the real code rather than guessing from bytecode. That’s what makes a fresh Hoodl token read as open-source and safe instead of an unverified unknown.

The contracts are live, but a few things are deliberately still in progress:

  • App wiring. On-chain reads and sign-in are live; the app’s create/trade/claim writes are still being connected to the deployed contracts, so the app is rolling out rather than open.
  • Admin keys. Protocol roles (owner/treasury/linker) are being moved onto multisigs as part of the rollout.
  • External audit. The internal test suite and clean Slither pass are done, but an independent external audit has not been published. Treat the protocol accordingly and only trade what you can afford to lose.

See Robinhood Chain for the verified third-party addresses Hoodl builds on.