Transfer Hook
Token-2022 extension that runs custom program logic on every transfer of a mint, enabling compliance and composability but introducing reentrancy-like and context-validation risks.
A Transfer Hook is a Token-2022 extension that executes custom logic (via a program specified by the mint) on every transfer of that mint. It enables use cases such as transfer allowlists, fees, and compliance checks. Hooks receive additional accounts through an ExtraAccountMetaList; failure to strictly validate PDA derivation and seeds can allow attackers to inject malicious accounts (e.g., a spoofed whitelist) and bypass transfer logic.
If a Transfer Hook triggers a CPI that initiates another transfer of the same mint, it can create a recursion loop—potentially leading to griefing or asset freeze. Auditors must verify hook acyclicity, enforce read-only access on external state where possible, and respect Solana's CPI depth limit (4) for DeFi composability.
Articles Using This Term
Learn more about Transfer Hook in these articles:
Solana Smart Contract Audit Guide 2026: Firedancer, Token-2022 & Security Checklist
Complete 2026 Solana audit guide: Firedancer skip-vote risks, Token-2022 transfer hooks, localized DoS attacks. Essential security checklist.
Solana Security Checklist: 45 Critical Checks for Anchor & Native Programs
Complete Solana smart contract security checklist with 45 vulnerability categories. Prevent exploits with checks for account validation, CPI security, PDAs, Token-2022, and more. Essential guide for Solana developers and auditors.
Related Terms
Token-2022
Solana token standard (Token Extensions) that adds programmable features like Transfer Hooks, Confidential Transfers, and CPI guards, reintroducing control-flow and reentrancy considerations.
Hooks
External smart contracts in Uniswap v4 that execute custom logic at specific points in a pool's lifecycle.
Reentrancy Guard
Smart contract security pattern preventing attackers from recursively calling functions to drain funds during execution.
Need expert guidance on Transfer Hook?
Our team at Zealynx has deep expertise in blockchain security and DeFi protocols. Whether you need an audit or consultation, we're here to help.
Get a Quote
