Description

The PoolAddress library included in contracts/defi/uniswap/libraries/PoolAddress.sol uses an incorrect value for the POOL_INIT_CODE_HASH constant, at least for mainnet pools. Issue #348↗ on the Uniswap v3-perhiphery repository points this out. We also verified that the correct value is

bytes32 internal constant POOL_INIT_CODE_HASH =
    0xe34f199b19b2b4f47f68442619d555527d244f78a3297ea89325f843f87b8b54;

using the following Python snippet with the contract-creation code from one of the Uniswap pools on mainnet.

#!/usr/bin/env python3
# took this from https://etherscan.io/address/0x4e68ccd3e89f51c3074ca5072bbac773960dfa36#code
text = '6101...'
code = bytes.fromhex(text)

from Cryptodome.Hash import keccak
keccak_hash = keccak.new(digest_bits=256)
keccak_hash.update(code)
print(keccak_hash.hexdigest())

Impact

Results of computeAddress will be incorrect for mainnet pools. However, it appears that the PoolAddress library is not used at all, so there is no impact in practice.

Recommendations

As the PoolAddress appears to be unused, we recommend removing it if it is not needed anymore. Otherwise, update the constant to the correct value:

bytes32 internal constant POOL_INIT_CODE_HASH =
-     0xa598dd2fba360510c5a8f02f44423a4468e902df5857dbce3ca162a43a3a31ff;
+     0xe34f199b19b2b4f47f68442619d555527d244f78a3297ea89325f843f87b8b54;

Remediation

This issue has been acknowledged by Singularity, and a fix was implemented in commit fe268599↗.