From d58e8860237b57920d74b049ffc68b4736caf2da Mon Sep 17 00:00:00 2001
From: Kaze <kaze@cow.fi>
Date: Wed, 22 Oct 2025 15:15:29 +0900
Subject: [PATCH 1/3] doc(contracts/core): disclose compromised balancer
 contract vulnerability

We recently learned that due to Balancer Deployer wallet being compromised due to the profanity vanity address generator vulnerability.

As we are planning to continue deploying on these networks with the same deployer address, we wanted to disclose this as a known issue prior to deployment on these affected networks.
---
 .../reference/contracts/core/README.mdx       | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/docs/cow-protocol/reference/contracts/core/README.mdx b/docs/cow-protocol/reference/contracts/core/README.mdx
index 0d712fb1..742fe463 100644
--- a/docs/cow-protocol/reference/contracts/core/README.mdx
+++ b/docs/cow-protocol/reference/contracts/core/README.mdx
@@ -161,3 +161,31 @@ Partner fees are encoded in the app data struct and are accounted for once the o
 From the perspective of the API, two orders with the same parameters and the same owner but different app data are two different valid orders.
 It can happen that the order that is part of the final settlement is the one controlled by the adversary, especially if other order parameters can be changed to create the appearence of an inflated surplus.
 In this case, the order surplus decreases as partner fees are taken from the surplus.
+
+### Loss of funds if a compromised Balancer contract is deployed
+
+A malicious solver can steal the entire amount of a user's trade if the Balancer contract is compromised and the solver processes a vulnerable user order.
+
+Due to a vulnerability in the [profanity vanity address generator](https://medium.com/@rebryk/how-to-hack-a-vanity-address-generated-with-profanity-ffad61ecacd2), the deployer wallet for the Balancer Vault was compromised. This allows arbitrary actors to deploy any bytecode to the address that is normally used to deploy [Balancer's Core Vault contract](https://docs.balancer.fi/concepts/vault/).
+
+In order to preserve a consistent settlement address on all chains, CoW Protocol uses the `CREATE2` opcode to deploy the settlement contract. Since the balancer vault address is supplied as an immutable constructor property, the Settlement contract contains a dependency upon this compromised contract.
+
+The Balancer vault is only used in `GPv2Transfer.sol` as an alternative way for a user to receive or supply funds from the settlement contract when the user sets `buyTokenBalance` or `sellTokenBalance` to `BALANCE_INTERNAL`.
+
+There are two general effects that this vulnerability can have:
+* If the compromised contract at the `Balancer` address reverts upon a call to `manageUserBalance`, the attacker can effectively DoS any trade batches that contain a trade using `BALANCE_INTERNAL`.
+* If the compromised contract does *not* revert, the settlement contract assumes that the user's balance was successfully transferred, and no further action is taken. This assumption allows for a solver to steal the full amount of a user's trade output, since the settlement contract does not verify that the funds were received by the user.
+
+In total, there are 3 conditions that are needed to make this vulnerability harmful:
+1. The user must be trading on a network with a compromised Balancer contract
+2. The trade must have been signed with `buyTokenBalance` or `sellTokenBalance` as `BALANCE_INTERNAL`
+3. A malicious solver must obtain the signed order outside of the usual order flow (the CoW Orderbook API rejects these order types) and steal the user's funds. For the attack to be profitable, the stolen amount must exceed the current bond amount (as of writing, 1.5m USDC).
+
+As of writing, these are the CoW-supported networks affected by this vulnerability:
+* Plasma
+
+:::warning
+
+In order to avoid being affected by this vulnerability, we do not reccomend signing orders with `buyTokenBalance` or `sellTokenBalance` set to `BALANCE_INTERNAL`.
+
+:::

From 7e078e462d590f82c9627ce11eee72d50195dc85 Mon Sep 17 00:00:00 2001
From: Kaze <kaze@cow.fi>
Date: Wed, 22 Oct 2025 17:26:46 +0900
Subject: [PATCH 2/3] Update
 docs/cow-protocol/reference/contracts/core/README.mdx

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---
 docs/cow-protocol/reference/contracts/core/README.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/cow-protocol/reference/contracts/core/README.mdx b/docs/cow-protocol/reference/contracts/core/README.mdx
index 742fe463..505e806b 100644
--- a/docs/cow-protocol/reference/contracts/core/README.mdx
+++ b/docs/cow-protocol/reference/contracts/core/README.mdx
@@ -186,6 +186,6 @@ As of writing, these are the CoW-supported networks affected by this vulnerabili
 
 :::warning
 
-In order to avoid being affected by this vulnerability, we do not reccomend signing orders with `buyTokenBalance` or `sellTokenBalance` set to `BALANCE_INTERNAL`.
+In order to avoid being affected by this vulnerability, we do not recommend signing orders with `buyTokenBalance` or `sellTokenBalance` set to `BALANCE_INTERNAL`.
 
 :::

From 16e6d7ee5316b53f51b25910be395257f740f487 Mon Sep 17 00:00:00 2001
From: Kaze <kaze@cow.fi>
Date: Thu, 30 Oct 2025 18:10:37 +0900
Subject: [PATCH 3/3] updates based on comments

---
 docs/cow-protocol/reference/contracts/core/README.mdx | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/cow-protocol/reference/contracts/core/README.mdx b/docs/cow-protocol/reference/contracts/core/README.mdx
index 742fe463..9f45edee 100644
--- a/docs/cow-protocol/reference/contracts/core/README.mdx
+++ b/docs/cow-protocol/reference/contracts/core/README.mdx
@@ -164,7 +164,7 @@ In this case, the order surplus decreases as partner fees are taken from the sur
 
 ### Loss of funds if a compromised Balancer contract is deployed
 
-A malicious solver can steal the entire amount of a user's trade if the Balancer contract is compromised and the solver processes a vulnerable user order.
+When a user is trading on certain affected networks and the user initiates a trade through a third party endpoint submitting a order type that has not been supported since 2024, it is possible that a malicious solver could steal the entire input amount of a user's trade.
 
 Due to a vulnerability in the [profanity vanity address generator](https://medium.com/@rebryk/how-to-hack-a-vanity-address-generated-with-profanity-ffad61ecacd2), the deployer wallet for the Balancer Vault was compromised. This allows arbitrary actors to deploy any bytecode to the address that is normally used to deploy [Balancer's Core Vault contract](https://docs.balancer.fi/concepts/vault/).
 
@@ -173,13 +173,13 @@ In order to preserve a consistent settlement address on all chains, CoW Protocol
 The Balancer vault is only used in `GPv2Transfer.sol` as an alternative way for a user to receive or supply funds from the settlement contract when the user sets `buyTokenBalance` or `sellTokenBalance` to `BALANCE_INTERNAL`.
 
 There are two general effects that this vulnerability can have:
-* If the compromised contract at the `Balancer` address reverts upon a call to `manageUserBalance`, the attacker can effectively DoS any trade batches that contain a trade using `BALANCE_INTERNAL`.
+* If the compromised contract at the `Balancer` address reverts upon a call to `manageUserBalance`, the attacker can effectively prevent users from trading in any trade batches that contain a trade using `BALANCE_INTERNAL`.
 * If the compromised contract does *not* revert, the settlement contract assumes that the user's balance was successfully transferred, and no further action is taken. This assumption allows for a solver to steal the full amount of a user's trade output, since the settlement contract does not verify that the funds were received by the user.
 
 In total, there are 3 conditions that are needed to make this vulnerability harmful:
-1. The user must be trading on a network with a compromised Balancer contract
-2. The trade must have been signed with `buyTokenBalance` or `sellTokenBalance` as `BALANCE_INTERNAL`
-3. A malicious solver must obtain the signed order outside of the usual order flow (the CoW Orderbook API rejects these order types) and steal the user's funds. For the attack to be profitable, the stolen amount must exceed the current bond amount (as of writing, 1.5m USDC).
+1. The user must be trading on a network with a compromised Balancer contract (see affected networks below).
+2. The trade must have been signed with `buyTokenBalance` or `sellTokenBalance` as `BALANCE_INTERNAL`. As of writing, this order type has not been processed by the protocol since March 2024.
+3. The malicious solver must obtain the signed order outside of the usual order flow (the CoW Orderbook API rejects these order types) and steal the user's funds. For the attack to be profitable, the stolen amount must exceed the current bond amount (as of writing, 1.5m USDC).
 
 As of writing, these are the CoW-supported networks affected by this vulnerability:
 * Plasma