.svg)
Summary
The most critical subjects covered in our audit are access control, functional correctness, and protocol integration. Access control is enforced through a fixed set of five immutable approved caller addresses; security regarding access control is high. Security regarding functional correctness of the call-forwarding mechanism is also high. Informational findings such as Nonce Invalidation via Reverted Self-Call have been addressed in the latest version. Security regarding protocol integration is high, though solvers upgrading to this delegate should be aware of a number of operationally relevant considerations; see ERC-7702 Behavioral Changes for Solver EOAs and
Loss of Compatibility with Protocols Relying on tx.origin.
The general subjects covered are code quality and operational security. The contract is minimal and focused; security regarding both is high. In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Solver7702Delegate
CoW Swap implements Solver7702Delegate, an ERC-7702 delegation target for CoW Protocol solver EOAs that forwards calls from a fixed set of approved callers to arbitrary targets.