All you need to know about CoW Protocol Safe Fallback handler!

Don't worry, trade happy! We've been busy cooking up Conditional Orders, an architecture that allows developers (and their users) to create all kinds of orders. At the core of this system is a flexible smart contract wallet that allows us to implement this kind of logic, and what better than to stand on the shoulders of a giant in the ecosystem; Safe.

Wait? Smart contract wallet? CoW Protocol pioneered intents across the Ethereum space for EOAs (think Metamask, Trezor, Ledger etc), but all along we were sitting on a little known, more flexible system - ERC-1271 integration. Sounds technical, but basically this is a standard designed to allow smart contracts to "Sign" - a familiar experience the seasoned CoWmunity have come to be familiar with - but now with this system you can define conditions and the smart contract wallet can do the clicking for you.

Designed, implemented, and tested in collaboration with Safe, incubated through our Grants Program, we have developed the ExtensibleFallbackHandler. Sounds complicated! Simply put, this is a way to add extra powers to your Safe, while preserving the strong security guarantees that Safe has come to be well regarded for.

The process of upgrading your Safe's fallback handler is a secure process, and you should remain guided by the Safe user interface. The contracts that implement this system have been audited, both by an independent Gnosis auditor (the implementer is not part of Gnosis / CoW Protocol LDA), and an external auditor from Ackee Blockchain.

The owl-eyed among you would be aware that smart contracts could always use CoW Protocol, though this both required a transaction on chain to signal your intent, and the orders were fixed (not conditional). Wave goodbye to these limitations

Image Not Showing Possible Reasons

• The image file may be corrupted
• The server hosting the image is unavailable
• The image path is incorrect
• The image format is not supported

Learn More →

.

With an ExtensibleFallbackHandler+ComposableCoW-enabled Safe you now benefit from signature MEV protection, no failed swap transactions, at-execution path discovery, conditional orders, and batching if you need to do pesky things like approve. If you're technically inclined, you can see how you can start building with conditional orders with ComposableCoW, or drop into #tech-talk on our discord! While you're busy reading up how to write the latest and greatest conditional order, you could be gradually buying up more of your favourite token using TWAP 👇

Celebrating ComposableCoW's conditional order super powers, we are releasing it with TWAP (time-weighted average price) order support for enabled-Safe users. Just head over to Safe use CoW Swap from the Safe 'Apps'.

When placing your first conditional order through the Safe app, you will be prompted with a transaction signing request that contains a batch of transactions (we're big fans of gas savings through batching ⛽🚫). Included in this batch is setFallbackHandler - the conditional order framework depends on a more extensible "fallback handler" than the stock version - so we upgrade to one!

What is a Safe fallbackHandler? Long story short, Safe is designed to have strong security guarantees over basic operations (think executing transactions, spending your precious tokens), but there's not enough time to program all functionality that a user may require. Therefore, the Safe can "forward" all function requests that aren't known to it to another contract (the FallbackHandler).

CRITICALLY: FallbackHandlers do NOT have the same authority as the Safe from which they were called. Due to the security architecture of Safe, it is not possible for the FallbackHandler to execute transactions on behalf of the Safe.

OK, so the fallbackHandler can't execute a transaction for you, why should you care? Safe doesn't by default (without a fallbackHandler) support ERC-1271 signatures. The standard deployment of a Safe deploys with CompatibilityFallbackHandler as the FallbackHandler, which has a limited (read: cannot be automated) ERC-1271 support. Our system super-charges this by allowing a Safe to additionally specify a smart contract that can sign messages for a specific application on it's behalf.

That's where ComposableCoW takes over! 🐮🎶 You can think of ComposableCoW as an autonomous agent, signing orders that meet conditions you have specified. The second transaction you will see in the batch when you create your first conditional order is enabling ComposableCoW, where you tell your Safe "I want ComposableCoW to be able to sign orders from CoW Protocol". TWAP is just a ConditionalOrder type that works with ComposableCoW.

CRITICALLY: Due to the design of ERC-1271, all signature verification is read-only which means it is impossible for a ComposableCoW or any conditional order to directly access user funds (the movement of funds on a swap is initiated by the settlement contract ONLY).

In summary, to enjoy CoW Swap's new TWAP order features:

• Safe users need to upgrade their fallbackHandler (enables conditional signing).
• Conditional orders are automatically placed in the CoW Protocol orderbook (signed now with the new handler).
• Automated signing of orders means you may hear less of CoW's trademark moo. Feel free to set this as your phone's notification tone if suffering withdrawal symptoms 🐄.

We take security very seriously, with the Safe fallbackHandler upgrade procedure being secure, with the underlying code fully audited by both teams, Safe, and CoW, as well as an independent external audit, for which you can find the final report here.

The solution presented maintains strong Safe security guarantees and has vendor buy-in from upstream (Safe). But, to your surprise, the fallbackHandler we built isn't just about placing orders. It allows limitless, as yet unknown functionality. Maybe you want to:

• Define a custom method handler for any non-standard method (if you really want you can turn your Safe into an ERC-20 token).
• Define a custom EIP-712 domain verifier, whereby a contract implementing ISafeSignatureVerifier can do your menial signing automatically (it is this interface that ComposableCoW implements - and powers the shiny new TWAP orders).
• Define a set of methods (interfaceId) that your Safe supports, and report such using ERC-165.

The architecture for the ExtensibleFallbackHandler can be viewed here.

NOTE: Audits are not a guarantee that code is free from error. Use with caution.