Fallback Handler Blog / Comms

# All you need to know about CoW Protocol Safe Fallback handler! Don't worry, trade happy! We've been busy cooking up Conditional Orders, an architecture that allows developers (and their users) to create all kinds of orders. At the core of this system is a flexible smart contract wallet that allows us to implement this kind of logic, and what better than to stand on the shoulders of a giant in the ecosystem; [`Safe`](https://safe.global). Wait? Smart contract wallet? CoW Protocol pioneered intents across the Ethereum space for EOAs (think Metamask, Trezor, Ledger etc), but all along we were sitting on a little known, more flexible system - ERC-1271 integration. Sounds technical, but basically this is a standard designed to allow smart contracts to "Sign" - a familiar experience the seasoned CoWmunity have come to be familiar with - but now with this system you can define conditions and the smart contract wallet can do the clicking for you. Designed, implemented, and tested in collaboration with `Safe`, incubated through our [Grants Program](https://grants.cow.fi), we have developed the `ExtensibleFallbackHandler`. Sounds complicated! Simply put, this is a way to add extra powers to your `Safe`, while preserving the strong security guarantees that `Safe` has come to be well regarded for. The process of upgrading your `Safe`'s fallback handler is a secure process, and you should remain guided by the `Safe` user interface. The contracts that implement this system have been audited, both by an independent Gnosis auditor (the implementer is _not_ part of Gnosis / CoW Protocol LDA), and an external auditor from Ackee Blockchain. > The owl-eyed among you would be aware that smart contracts could always use CoW Protocol, though this both required a transaction on chain to signal your intent, and the orders were fixed (not conditional). Wave goodbye to these limitations :wave:. With an `ExtensibleFallbackHandler`+`ComposableCoW`-enabled `Safe` you now benefit from signature MEV protection, no failed swap transactions, at-execution path discovery, conditional orders, and batching if you need to do pesky things like `approve`. If you're technically inclined, you can see how you can [start building with conditional orders with `ComposableCoW`](#), or drop into [#tech-talk](#) on our discord! While you're busy reading up how to write the latest and greatest conditional order, you could be gradually buying up more of your favourite token using `TWAP` 👇 Celebrating `ComposableCoW`'s conditional order super powers, we are releasing it with `TWAP` (time-weighted average price) order support for enabled-`Safe` users. Just head over to [`Safe`](https://app.safe.global) use `CoW Swap` from the `Safe` 'Apps'. When placing your first conditional order through the `Safe` app, you will be prompted with a transaction signing request that contains a batch of transactions (we're big fans of gas savings through batching ⛽🚫). Included in this batch is `setFallbackHandler` - the conditional order framework depends on a more extensible "fallback handler" than the stock version - so we upgrade to one! What is a `Safe` `fallbackHandler`? Long story short, `Safe` is designed to have strong security guarantees over basic operations (think executing transactions, spending your precious tokens), but there's not enough time to program all functionality that a user _may_ require. Therefore, the `Safe` can "forward" all function requests that aren't known to it to another contract (the `FallbackHandler`). > **CRITICALLY**: `FallbackHandlers` do **NOT** have the same authority as the `Safe` from which they were called. Due to the security architecture of `Safe`, it is not possible for the `FallbackHandler` to execute transactions on behalf of the `Safe`. OK, so the `fallbackHandler` can't execute a transaction for you, why should you care? `Safe` doesn't by default (without a `fallbackHandler`) support `ERC-1271` signatures. The standard deployment of a `Safe` deploys with `CompatibilityFallbackHandler` as the `FallbackHandler`, which has a limited (read: cannot be automated) `ERC-1271` support. Our system super-charges this by allowing a `Safe` to *additionally* specify a smart contract that can sign messages for a specific application on it's behalf. That's where `ComposableCoW` takes over! 🐮🎶 You can think of `ComposableCoW` as an autonomous agent, signing orders that meet conditions you have specified. The second transaction you will see in the batch when you create your first conditional order is enabling `ComposableCoW`, where you tell your `Safe` *"I want `ComposableCoW` to be able to sign orders from `CoW Protocol`"*. `TWAP` is _just_ a `ConditionalOrder` type that works with `ComposableCoW`. > **CRITICALLY**: Due to the design of ERC-1271, all signature verification is **read-only** which means it is **impossible** for a `ComposableCoW` or any conditional order to *directly* access user funds (the movement of funds on a swap is initiated by the settlement contract **ONLY**). In summary, to enjoy CoW Swap's new `TWAP` order features: * `Safe` users need to upgrade their `fallbackHandler` (enables conditional signing). * Conditional orders are automatically placed in the CoW Protocol orderbook (signed now with the new handler). * Automated signing of orders means you may hear less of CoW's trademark moo. Feel free to set this as your phone's notification tone if suffering withdrawal symptoms 🐄. We take security very seriously, with the `Safe` `fallbackHandler` upgrade procedure being secure, with the underlying code fully audited by both teams, `Safe`, and `CoW`, as well as an independent external audit, for which you can find the final report [here](#). The solution presented maintains strong `Safe` security guarantees and has vendor buy-in from upstream (`Safe`). But, to your surprise, the `fallbackHandler` we built isn't just about placing orders. It allows limitless, as yet unknown functionality. Maybe you want to: * Define a custom method handler for any non-standard method (if you _really_ want you can turn your `Safe` into an ERC-20 token). * Define a custom `EIP-712` domain verifier, whereby a contract implementing `ISafeSignatureVerifier` can do your menial signing automatically (it is _this_ interface that `ComposableCoW` implements - and powers the shiny new TWAP orders). * Define a set of methods (`interfaceId`) that your `Safe` supports, and report such using ERC-165. The architecture for the `ExtensibleFallbackHandler` can be viewed [here]([#](https://hackmd.io/-nLuF3JIRyuS5w864_mbrg)). **NOTE**: Audits are not a guarantee that code is free from error. Use with caution.