Uniswap V3

Stage 2
TVL $1.6B
uniswap.org
2026-02-06
Chains ethereum arbitrum polygon optimism base

Risk Assessment

Upgradeability
Immutable
Admin Control
DAO Governance
Fund Access
Impossible
Audits
Extensive
Oracle
Self-Contained
Track Record
4+ years

Uniswap V3 Risk Assessment

Overview

Uniswap V3 is a decentralized exchange using concentrated liquidity AMM. Core contracts are immutable and governed by UNI token holders.

Uniswap V3 represents the third iteration of the Uniswap protocol, introducing concentrated liquidity positions that allow liquidity providers to specify price ranges for their capital. The protocol operates without any ability to upgrade core exchange logic or access user funds.

Smart Contract Risk

Contract Architecture:

  • Core contracts are deployed without proxy patterns
  • No upgrade mechanisms exist for pool contracts
  • Factory contract is immutable after deployment
  • Position manager contracts handle NFT-based LP positions

Code Quality:

  • Extensively audited by Trail of Bits and ABDK
  • Formal verification performed on critical components
  • Open source with multiple security reviews
  • Battle-tested codebase with 4+ years in production

Attack Surface:

  • Limited attack surface due to immutability
  • No admin functions that can access user funds
  • Oracle manipulation requires significant capital and provides limited attack vectors
  • Reentrancy protections built into core logic

Admin/Governance Risk

Governance Structure:

  • UNI token holders control governance
  • Minimum 2-day timelock on governance actions
  • Governance scope is limited to protocol fee parameters only
  • Cannot modify pool logic or access liquidity

Key Controls:

  • Factory owner can enable fee tiers (new pool types)
  • Protocol fee collection is capped at 0.05% (half of LP fees)
  • No ability to pause trading or freeze funds
  • No emergency withdrawal mechanisms

Trust Assumptions:

  • Governance cannot drain user funds
  • Fee changes only affect future trades, not existing positions
  • No single points of failure in governance execution

Oracle Risk

TWAP Oracle:

  • Built-in time-weighted average price oracle
  • Self-contained within each pool
  • No external dependencies
  • Manipulation requires sustained capital commitment

Oracle Security:

  • Manipulation cost scales with pool liquidity
  • Historical price data stored on-chain
  • Multiple observation checkpoints available
  • Used by numerous DeFi protocols as price source

Economic Risk

Liquidity Risk:

  • $2.3B+ TVL across multiple chains
  • Deep liquidity in major pairs
  • Concentrated liquidity can create price impact in thin ranges

Operational History:

  • Launched May 2021
  • $2.75T+ cumulative volume processed
  • Zero exploits of core contracts
  • Consistently highest DEX volume across markets

Stage Assessment

Stage 2 Criteria Met: ✓ Immutable core contracts with no upgrade capability ✓ Governance with timelock (2+ days) ✓ No admin fund access under any circumstances ✓ Self-contained oracle with no external dependencies ✓ Extensive audits and formal verification ✓ 4+ years of battle-testing with significant TVL

Justification: Uniswap V3 achieves Stage 2 (Trustless) status due to its complete immutability, limited governance scope that cannot access user funds, self-contained oracle system, and extensive security track record. Users can interact with the protocol without trusting any centralized party or governance process with their funds.