Contracts & security
Hoodl’s on-chain logic is four small contracts. This page describes them, how they’re tested, and where they’re deployed.
Deployed addresses
Section titled “Deployed addresses”The protocol contracts are live on Robinhood Chain mainnet (chain ID 4663), deployed at block
6960162 and verified on Blockscout. Hoodl reads them from
@hoodl/config and never hardcodes them.
| Contract | Address |
|---|---|
| HoodlLaunchFactory | 0x4e872FB872bEf35C6041855C94B63e59397DECFF |
| HoodlFeeVault | 0xa321811771d4C8fB4D75A24859330bB5F2e42Ce7 |
| FeeSplitterEscrow | 0x8c8542Aa27224884D6584655a084712278C8F090 |
HoodlToken has no fixed address — the factory deploys a fresh token contract for every launch.
The contracts
Section titled “The contracts”| Contract | Role |
|---|---|
| HoodlToken | A no-tax ERC-20 with a fixed 1B supply, minted once at launch. No transfer hooks — fees live in the pool, not the token, so aggregator routing is never broken. |
| HoodlLaunchFactory | The createToken entry point. In one call it takes the creation fee, deploys the token, creates and seeds the locked full-range single-sided Uniswap V3 position (1% tier), registers the fee split, and runs an optional dev-buy. |
| HoodlFeeVault | Holds each locked position NFT (liquidity locked forever, collect-only) and distributes fees: 30% to treasury, swap the token side of the 70% into the quote asset (bounded by a price oracle), then deposit to the router. |
| FeeSplitterEscrow | The fee router. Splits the 70% pool across up to two recipients (wallet or X handle), holds unlinked handles’ shares in escrow, and lets recipients withdraw/claim. |
Built with
Section titled “Built with”- Foundry (Solidity), OpenZeppelin 5.x + Solady.
- solc 0.8.28, EVM target
cancun(verified safe on Robinhood Chain). - Chain-agnostic — every external address (Uniswap V3, WETH, USDG) is read from a per-chain address book, never hardcoded.
How it’s tested
Section titled “How it’s tested”The money-touching contracts are held to a high bar — 64 passing tests:
- Unit + fuzz on every contract (supply/no-tax, the full escrow register → deposit → withdraw → link → claim lifecycle, the vault’s 30/70 split and oracle-bounded fee swap, the factory’s happy path + reverts, and an end-to-end integration).
- A solvency invariant on the escrow: the contract’s balance always covers every unclaimed recipient balance, checked across thousands of random deposit/withdraw/link/claim sequences.
- Range-math fuzzing of the single-sided seed for both token orderings and both quote decimals.
- Fork tests against live Uniswap V3 on Robinhood Chain (4663) — the seed math and the full deploy + create flow, validated on a mainnet fork.
A Slither static-analysis pass is clean (all findings benign/informational).
What was hardened
Section titled “What was hardened”An internal security review flagged the risks specific to the single-sided-V3 model, and all of the must-fix items were resolved and re-tested:
- Single-sided range math — computed per launch for both token orderings and both quote decimals, fork-validated on live Uniswap V3.
- Pool-poisoning / front-running the pool creation — mitigated with per-launch address entropy and an in-transaction retry, plus a launch-time price assertion.
- Fee-swap slippage — the memecoin→quote swap is bounded to a time-weighted average price, and the dev-buy takes a creator-supplied minimum-out.
- Handle-link trust — narrow multisig dispute paths, and a reclaim mechanism that’s disabled by default.
Every launched token is verified
Section titled “Every launched token is verified”Each token you launch is a plain, fixed-supply ERC-20 (see Launch mechanics) — no owner, no mint, no fees, no transfer hooks. Its source is automatically published to Blockscout right after launch, so anyone (and every scanner) can read the real code rather than guessing from bytecode. That’s what makes a fresh Hoodl token read as open-source and safe instead of an unverified unknown.
After the deploy
Section titled “After the deploy”The contracts are live, but a few things are deliberately still in progress:
- App wiring. On-chain reads and sign-in are live; the app’s create/trade/claim writes are still being connected to the deployed contracts, so the app is rolling out rather than open.
- Admin keys. Protocol roles (owner/treasury/linker) are being moved onto multisigs as part of the rollout.
- External audit. The internal test suite and clean Slither pass are done, but an independent external audit has not been published. Treat the protocol accordingly and only trade what you can afford to lose.
See Robinhood Chain for the verified third-party addresses Hoodl builds on.