fix: update known issues related to orders with zero amounts

[igorroncevic]

Related: cowprotocol/contracts#29

Summary by CodeRabbit

• Documentation
  • Updated security guidance to clarify vulnerability conditions for orders with zero amounts
  • Refined documentation to specify when orders are susceptible to repeated execution vulnerabilities

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview	May 4, 2026 4:39pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 373922af-4430-42fe-ad13-b8f42208e49d

📥 Commits

Reviewing files that changed from the base of the PR and between 3fea150 and 6870b29.

📒 Files selected for processing (1)

• docs/cow-protocol/reference/contracts/core/README.mdx

---

📝 Walkthrough

Walkthrough

Documentation update clarifying zero-amount order vulnerabilities. The known issue now applies when either sellAmount = 0 or buyAmount = 0, removing the prior requirement that both amounts be zero and partiallyFillable be true. Section title simplified from "Partially fillable orders with zero amounts" to "Orders with zero amounts."

Changes

Documentation Clarification

Layer / File(s)	Summary
Known Issues Documentation docs/cow-protocol/reference/contracts/core/README.mdx	"Orders with zero amounts" subsection updated: vulnerability condition changed from AND logic (both amounts zero AND partiallyFillable = true) to OR logic (either sellAmount = 0 or buyAmount = 0). Impact claim preserved.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A doc fix hops into view,
Where zero amounts now ring most true—
OR, not AND, the logic now reads,
Simpler wisdom for security's deeds! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is entirely missing, with no content provided by the author.	Add a pull request description following the repository template, including a description of changes and the rationale for updating the known issues documentation.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating documentation about known issues related to orders with zero amounts.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/known-issue-zero-amounts

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[anxolin]

do we mention somewhere they must not use any fee too?

[fedgiac]

We only do so indirectly, for example:

• https://docs.cow.fi/cow-amm/tutorials/cow-amm-for-solvers#settling-a-custom-order
• https://docs.cow.fi/governance/fees/partner-fee#a-user-sells-1-eth-for-dai-on-your-widget

But we also have contradicting documentation:

• https://docs.cow.fi/governance/fees/partner-fee#a-user-sells-1-eth-for-dai-on-your-widget
• https://docs.cow.fi/cow-protocol/reference/core/intents#batch-auction

I agree we should change that, this is not part of this PR however.