Skip to content

feat: working security #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Sep 30, 2025
Merged

feat: working security #2

merged 15 commits into from
Sep 30, 2025

Conversation

@kaze-cow
Copy link
Collaborator

@kaze-cow kaze-cow commented Sep 13, 2025

look to the test file CowEvcWrapper.t.sol to see the bulk of the expected process

adds the following fixes:

  • need to account for the
  • moves the action of skimming the euler vault to be inside the settlement contract. So the solvers will need to be able to process transferring to and skimming from the euler vaults. This ensures that the user receives their funds (as the settlement contract verifies it)

we still have the capability to surround the call with a wrapper that matches the call of the current, though recent discussions have pointed towards setting up these ewrappers so there can be multiple (in wihch case, the call signature would likely have to change...)

still a bit of a mess. cleanup will probalby be the next iteration.

Kaze added 5 commits September 11, 2025 21:44
feat: pull in from PoC and minify and adjust for easy integratoin
ee6eb57
remove unnecessary console logs
0172171
fix: some security lockdowns
3e72e99 
* check solver on internalSettle function
* check only callable through EVC
* prevent reentrancy
it builds
453c007
fix: new strategy
0f635c7 
make settlement the gatekeeper

why did I not do this before
This was referenced Sep 25, 2025
Merged
Closed
anxolin
anxolin reviewed Sep 29, 2025
View reviewed changes
Copy link

@anxolin anxolin left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kaze-cow if this needs review, you need to remember to add @cowprotocol/contracts for review

Also, you need to work a bit more on the description to really. We don't enforce a template for PRs, but if it helps we can, what I need to be able to do with reading the code is

  • find a easy to read description of what is this PR doing
  • Giving some additional context. The less you assume the reviewer knows the better. In your description. The description you added could introduce more to the problem and not take things for granted like what is the "skimming the euler vault"
  • Making sure the scope is clear (what changes belong and what changes doesn't belong). You should be solving one thing only and solving it well
  • Instructions how to test or review, including any commands or hints on what to pay attention to

need to account for the

Seems unfinished phrase

All PRs should explain what is it about. "working security" needs clarification.
Also, "test file CowEvcWrapper.t.sol to see the bulk of the expected process" is also not good intro for the PR. You want the revieewer to read this file to know what this PR is about? Also, this file existed and just have a few changes.

src/CowEvcWrapper.sol Outdated
data: abi.encodeCall(this.internalSettle, (tokens, clearingPrices, trades, interactions))
});

// immediately after processing the swap, we should be skimming the result to the user
Copy link

@anxolin anxolin Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this big commented code belong to this PR?

@kaze-cow kaze-cow merged commit 3ff8dc0 into feat/initial Sep 30, 2025
2 of 4 checks passed
This was referenced Oct 23, 2025
Closed
Open
This was referenced Oct 31, 2025
Open
Open
@claude claude bot mentioned this pull request Nov 8, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anxolin anxolin anxolin left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kaze-cow @anxolin