Add MoonpotHook hook on base

[hooklist-generator]

Summary

A single-pool USDC/TMP hook that applies a dynamic price-defense fee on TMP sells (scaled by distance above a configurable floor tick), intercepts and burns TMP in excess of a floor-enforced sell limit, injects USDC as a protocol floor-band liquidity position, and records a TWAP oracle to guard liquidity injection against price manipulation.

Flags

Flag	Value
beforeInitialize	true
afterInitialize	false
beforeAddLiquidity	false
afterAddLiquidity	false
beforeRemoveLiquidity	false
afterRemoveLiquidity	false
beforeSwap	true
afterSwap	false
beforeDonate	false
afterDonate	false
beforeSwapReturnsDelta	true
afterSwapReturnsDelta	false
afterAddLiquidityReturnsDelta	false
afterRemoveLiquidityReturnsDelta	false

Properties

Property	Value
dynamicFee	true
upgradeable	false
requiresCustomSwapData	false
vanillaSwap	false
swapAccess	governance

Warnings

• On-chain verified contract name is MockHook (a test wrapper that inherits MoonpotHook byte-for-byte); source comment reads "Test-only hook. Not for production." Submitter name "MoonpotHook" adopted as it matches the parent contract containing all hook logic.
• Submitter did not provide a description. Using AI-generated description.

Closes #651

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
hooklist	Ready	Preview, Comment	Jun 11, 2026 4:57pm

[github-actions]

Review: hooks/base/0x282b5e7d546b5e39963753d11b2bb6cd3c9da088.json

Flags ✅

Address 0x...a088 → 0xa088 = 1010 0000 1000 1000 binary. The 14 lowest bits decode to:
beforeInitialize=true, beforeSwap=true, beforeSwapReturnsDelta=true, all others false.

This matches both the hook file's flags section and the getHookPermissions() override in the source. ✅

Properties

• dynamicFee: true ✅ — _beforeSwap returns tax | LPFeeLibrary.DYNAMIC_FEE_FLAG on every swap path.
• upgradeable: false ✅ — No proxy, delegatecall, or SELFDESTRUCT.
• requiresCustomSwapData: false ✅ — The bytes calldata hookData parameter in _beforeSwap is completely ignored; swaps work without it.
• vanillaSwap: false ✅ — dynamicFee=true and beforeSwapReturnsDelta=true both apply.
• swapAccess: "governance" ✅ — TMP sells revert (FloorTickNotSet) until a manager-controlled call to setCurrentFloorTick() sets the floorTickSet boolean. This is a governance-style boolean flag set by an admin.

Description ✅

The description accurately reflects the source logic: dynamic price-defense fee on TMP sells scaled by distance above floor tick, intercept-and-burn of excess TMP, USDC liquidity injection, and TWAP oracle guard. All claims are substantiated by _beforeSwap, _defenseTax, _calculateTax, _computeMaxTmpSell, injectLiquidity, and the Oracle library.

chainId ✅

8453 matches base in chains.json.

verifiedSource ✅

source_meta.json reports "verified": true.

---

❌ Issues Requiring Changes

1. Deployed contract is a test mock — explicitly "Not for production"

source_meta.json reports contractName: "MockHook". The verified source is contracts/mocks/MockHook.sol, whose NatSpec reads:

"Test-only hook. Inherits {MoonpotHook} logic byte-for-byte; only the contract name differs. Still must be deployed at a CREATE2-mined address carrying the same v4 permission flags. Not for production."

A contract explicitly marked as a test mock should not appear in a production registry of deployed hooks. The submitter may have intended to register the production MoonpotHook contract at a different address.

2. Name mismatch with on-chain contract

The hook file uses "name": "MoonpotHook", but the Etherscan-verified contract name is MockHook. While MoonpotHook is the parent contract and is substantiated by the source, the deployed artifact is MockHook. The name should either be MockHook (the actual deployed contract name) or the correct production MoonpotHook address should be submitted instead.

---

Recommendation: This PR should be rejected until the submitter provides the address of the production MoonpotHook deployment (not the test mock). If this address is truly the intended production hook, the name must be corrected to MockHook — but deploying a "Not for production" mock to mainnet and registering it here is itself a problem that warrants clarification.

[paksa92]

To be clear on the issue '1. Deployed contract is a test mock — explicitly "Not for production"'; the deployed bytecode is the audited MoonpotHook bytecode, this is just a source-verification mixup and it's correction is in progress.

MockHook is a name-only subclass (contract MockHook is MoonpotHook { constructor(...) MoonpotHook(...) {} }, no logic of its own), so it compiles to byte-identical bytecode. With bytecode_hash = "none" there's no metadata to tell the two apart, so Basescan accepted the MockHook source, but the contract actually deployed is the audited MoonpotHook.

Verifiable:

• MoonpotHook and MockHook runtime bytecode are identical, sha256 087b17b6…d25b (16,204 bytes).
  On-chain code at 0x282b…a088 matches it, differing only in the 5 constructor immutables.
  forge verify-bytecode 0x282b5E7d546B5E39963753D11B2bb6CD3C9Da088 MoonpotHook --rpc-url https://mainnet.base.org

The full audited MoonpotHook.sol is already in the verified source (MockHook imports it). Hacken-audited — happy to share the report or re-verify under the correct name on Sourcify/Blockscout.

[paksa92]

Contract details on blockscout: https://base.blockscout.com/address/0x282b5E7d546B5E39963753D11B2bb6CD3C9Da088?tab=contract

[marktoda]

Closing per the bot review's findings: the verified contract at this address is MockHook (contracts/mocks/MockHook.sol), whose NatSpec explicitly states it is a test-only mock, "Not for production." The submitted name MoonpotHook does not match the deployed artifact.

If there is a production MoonpotHook deployment, please re-open issue #651 (or file a new one) with that address and the submission will be re-processed. Registering a contract self-described as not-for-production isn't appropriate for this registry even with a corrected name.