Hook Protocol Overview and Security Audit

Hook Protocol Overview and Security Audit

We're excited to share our call options protocol for NFTs. If you haven’t read our first post on “Why call options make sense for NFTs”, you can take a look here. It’s a 2 minute read and will provide helpful context for this blog post. If you prefer to read the full docs, you can find it at docs.hook.xyz.


Hook is an oracle-free, on-chain option protocol for non-fungible tokens (NFTs). Unlike many popular approaches to NFT DeFi, Hook does not sacrifice the non-fungible nature of NFTs by requiring that they are converted into fungible tokens.

Any holders of individual ERC-721 NFTs can write covered call options through Hook via the following process:

option creation and sale process
  1. Anyone who holds an NFT (writer) can transfer it into the protocol while specifying a specific strike price and maturity.
  2. The protocol holds that the original NFT and mints a new option NFT representing the option as a bearer token. Until expiration, the holder of the option NFT is the owner of the option.
  3. The writer can earn a premium by selling the option NFT. This sale can occur on any marketplace which supports the sale of ERC-721s, including the one hosted by Hook.
  4. Anyone can purchase the option NFT from the writer, gaining upside exposure to the underlying original NFT.

Before the option expires, the protocol automatically starts a settlement auction for the original NFT:

settlement auction process

5. If the highest bid in this auction is less than or equal to the strike price, the writer retains ownership of the original NFT and keeps the option premium.

6. If the highest bid is above the strike price (e.g., the original NFT appreciated during the option period to above the strike), the writer earns the strike price and option premium; the original NFT is sold to the highest bidder; and the option buyer earns the price spread (difference between the highest bid and the strike price).

The protocol is compatible with any ERC-721 NFT. Hook initially targets Ethereum Mainnet, but the code is implemented to be compatible with any EVM compatible chain.

How a covered call works

Mint an option

At launch Hook will support a limited number of collections in its options market in order to concentrate liquidity, with plans to expand support for more collections soon.

To mint, the writer must select a strike price and expiration date for their NFT off-chain. The writer must balance the probability of the option expiring out-of-money (OOM) against the price of the option (premium). Hook Protocol will provide suggestions, derived from the Black-Scholes formula and current market conditions, for reference.

Sell an option for premium

The newly minted option NFT must be sold for the writer to earn a premium. The protocol hosts an off-chain order book to facilitate the option sales process. Because the contract is pre-approved, the owner does not need to pay any gas to list.

Use the original NFT during the option period

Hook’s vault is styled after a smart contract wallet, which allows the option writer to utilize their asset during the option period, similar to a flash loan, for specific uses such as participating in governance or minting other projects.

Trade an option

The option holder (option writer or buyer) is free to trade their option NFT (ERC-721) on any platform that supports the standard and does not ban these contracts. There are no royalties on trading options.

Cash settle an option

Options on the protocol cash-settle, allowing participants to receive an ETH payout for the option's value at expiration without selling back to a market maker expecting physical delivery. The ETH to support the settlement is raised through a settlement auction of the underlying NFT.

24 hours, or at a per-collection configured time, before the option expires, the option will begin accepting bids. When a bid is placed, the bidder deposits the ETH value of their bid into the smart contract. Once a bid exceeds the reserve price, the piece will be sold.

At the option expiry, the auction settlement is permissionless. If no one wins the auction (i.e., highest bid ≤ strike price), the original NFT is released and can be withdrawn by the writer. Otherwise (i.e., highest bid > strike price), the strike price is transferred to the option writer, the spread ([highest bid - strike price]) to the option holder, and the original NFT to the highest bidder.

Hook NFT marketplace

In order to create a consistent venue for trades and liquidity, Hook plans on hosting an order book where people can place orders for specific option NFTs or option NFTs with certain characteristics. These orders will be fulfilled by the excellent suite of exchange smart contracts hosted by 0x, available on several popular chains.


The protocol does not have a native token.

Security audit

There is smart contract risk associated with any new protocol. This is why Hook is audited and insured by Sherlock, a smart contract auditor and insurer, for exploits up to USD $10M.

In brief, Sherlock security experts have inspected Hook’s architecture closely, suggested fixes for any potential attack surface, and reviewed the implementation of said fixes prior to initiating Hook’s coverage. Sherlock’s protocol is also designed to have “skin in the game”, where any claims against exploits will be paid out from the protocol’s treasury. You can read more about Sherlock here.

Finally, Hook’s product team continues to follow industry best practices and has paid close attention to most if not all recent security exploits in DeFi. Every precaution has been taken to mitigate the risk of malicious attacks.

What’s next?

As we get closer to our Mainnet launch, my co-founder Regy and I plan to share our personal perspectives on NFT DeFi.