docs: add Solver7702Delegate docs#627
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Warning Review limit reached
More reviews will be available in 42 minutes and 6 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdds a comprehensive Solver7702Delegate tutorial describing parallel settlement submission under ERC-7702 and updates solver onboarding and driver tutorials with cross-references and formatting changes. ChangesSolver7702Delegate Documentation
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~8 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/cow-protocol/tutorials/arbitrate/solver/driver.md`:
- Line 58: Update the wording in the sentence fragment "discarding orders that
can definitely not be settled (e.g. user is missing balances)" to improve flow
by replacing "can definitely not be settled" with "definitely cannot be settled"
or "cannot be settled" (e.g., change to "discarding orders that definitively
cannot be settled (e.g. user is missing balances)" or "discarding orders that
cannot be settled (e.g. user is missing balances)").
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 0b6db3ef-bbe4-447c-94a1-6b2c9ddc530b
📒 Files selected for processing (3)
docs/cow-protocol/tutorials/arbitrate/solver/driver.mddocs/cow-protocol/tutorials/solvers/onboard.mddocs/cow-protocol/tutorials/solvers/solver-7702-delegate.md
kaze-cow
left a comment
kaze-cow
left a comment
There was a problem hiding this comment.
please re-read and re-review before submitting for review again! in general the document is too long and restates things constantly, and loses track of what is important to solvers (the setup)
|
|
||
| API specification: <https://github.com/cowprotocol/services/blob/main/crates/solvers/openapi.yml> | ||
|
|
||
| Solvers that need parallel settlement submission can use [Solver7702Delegate](./solver-7702-delegate.md) to keep their existing solver EOA while adding extra submission nonce lanes. |
There was a problem hiding this comment.
i would almost say that this is storngly recommended, as solvers that don't support parallel submission are likely to run into issues if they ever start processing some real volume. Might as well do the setup right off the bat.
| If the settlement does not expose any MEV (e.g. it executes all trades without AMMs) it's safe and most efficient to directly submit to the public mempool. | ||
| However, if a settlement exposes MEV the driver would submit to an MEV-protected RPC like [MEVBlocker](https://mevblocker.io). | ||
|
|
||
| Solvers that need parallel settlement submission can use [Solver7702Delegate](../../solvers/solver-7702-delegate.md). It keeps the existing solver EOA as the settlement caller while auxiliary EOAs provide additional nonce lanes if the main solver EOA has pending transactions. |
There was a problem hiding this comment.
same comment: i would almost say that this is storngly recommended, as solvers that don't support parallel submission are likely to run into issues if they ever start processing some real volume. Might as well do the setup right off the bat.
There was a problem hiding this comment.
Good point, I wrote should as a way to push solvers to set it up early.
| `Solver7702Delegate` keeps the current solver identity. The solver EOA delegates execution to the delegate contract, and a fixed set of auxiliary EOAs can call through it. | ||
|
|
||
| ```text | ||
| auxiliary EOA 1 -> solver EOA running Solver7702Delegate -> GPv2Settlement |
There was a problem hiding this comment.
probably should also show that the main solver EOA can (and should) still be used for running a solution, but the general concept is good.
| Inside the delegate: | ||
|
|
||
| ```text | ||
| msg.sender = auxiliary EOA | ||
| address(this) = solver EOA | ||
| ``` | ||
|
|
||
| Inside `GPv2Settlement`: | ||
|
|
||
| ```text | ||
| msg.sender = solver EOA | ||
| ``` | ||
|
|
||
| This keeps settlement authorization tied to the solver EOA. |
There was a problem hiding this comment.
tbh I found this kind of confusing, and we can probably go without it. or replace with a statement like "Since the Solver EOA effectively proxies the call from the auxillery EOA, it is seen as the solver EOA from the perspective of the settlement contract."
|
|
||
| This keeps settlement authorization tied to the solver EOA. | ||
|
|
||
| ## Call shape |
There was a problem hiding this comment.
this section is getting way too detailed and should be left in the https://github.com/cowprotocol/solver-7702-delegate repo
| - deploy the delegate with the expected caller set; | ||
| - create the ERC-7702 authorization for the solver EOA; | ||
| - submit the authorization transaction; | ||
| - sign the authorization for the next nonce if the solver EOA also sends the authorization transaction; | ||
| - route delegated settlements with `to = solver EOA`; | ||
| - encode delegated calldata as `bytes20(target) || targetCalldata`; | ||
| - simulate the exact transaction shape before sending it. |
| ## Funding | ||
|
|
||
| Auxiliary EOAs pay gas. The delegate does not fund them. | ||
|
|
||
| If an auxiliary EOA is underfunded: | ||
|
|
||
| - skip it; | ||
| - alert the operator; | ||
| - use another idle funded account; | ||
| - fall back to direct submission if that is safe; | ||
| - otherwise wait. |
There was a problem hiding this comment.
what is this section actually doing
| ## Replacing callers | ||
|
|
||
| Approved callers cannot be changed on an existing delegate. To replace any auxiliary EOA: | ||
|
|
||
| 1. Deploy a new `Solver7702Delegate` with the new caller set. | ||
| 2. Have the solver EOA sign a new ERC-7702 authorization to the new delegate. | ||
| 3. Submit the replacement authorization transaction. | ||
| 4. Verify the solver EOA code is `0xef0100 || newDelegate`. | ||
| 5. Verify the new delegate runtime bytecode matches the new caller set. | ||
| 6. Update driver config and monitoring. | ||
| 7. Treat the old delegate as deprecated. | ||
|
|
||
| The old delegate remains on-chain, but it has no power unless the solver EOA delegates to it. |
There was a problem hiding this comment.
This section could probably just say "If you need to change any of the authorized auxillery accounts, you will need to redeploy and re-delegate."
| ## Revoking delegation | ||
|
|
||
| To clear ERC-7702 delegation: | ||
|
|
||
| 1. Have the solver EOA sign an ERC-7702 authorization to the zero address. | ||
| 2. Submit a transaction with that authorization. | ||
| 3. Verify that the solver EOA no longer has delegated code. | ||
| 4. Disable delegated submission in the driver. | ||
| 5. Fall back to direct solver EOA submission. | ||
|
|
||
| Revocation is useful when auxiliary submission is no longer needed, or when the caller set cannot be safely replaced immediately. |
There was a problem hiding this comment.
just give the cast command(s)!
| ## Compromised auxiliary key response | ||
|
|
||
| Treat a compromised auxiliary EOA as severe. An approved auxiliary EOA can trigger arbitrary calls from the solver EOA context until it is removed. | ||
|
|
||
| Recommended response: | ||
|
|
||
| 1. Disable ERC-7702 submission for that solver. | ||
| 2. Consider disabling the solver while you assess the risk. | ||
| 3. Deploy a new `Solver7702Delegate` without the compromised caller. | ||
| 4. Have the solver EOA authorize the new delegate. | ||
| 5. Verify delegation and delegate bytecode. | ||
| 6. Move funds and revoke approvals from the solver EOA if needed. | ||
| 7. Mark the old delegate/config as deprecated in monitoring. | ||
|
|
||
| If replacement cannot be done quickly, clear the solver EOA delegation and use direct submission only. |
| - sets up `Solver7702Delegate` during startup when the required signers are available; | ||
| - uses the auxiliary accounts as extra settlement nonce lanes, when solver EOA is busy; | ||
| - reuses the expected delegate deployment when the same code is already present; | ||
| - refuses to start with `max-solutions-to-propose > 1` unless submission accounts are configured. |
There was a problem hiding this comment.
last bullet point isn't necessary
kaze-cow
left a comment
kaze-cow
left a comment
There was a problem hiding this comment.
reading it over again, its probably best to link any duplicated content back to the README which is in the delegation repo
| sidebar_position: 11 | ||
| --- | ||
|
|
||
| # Using Solver7702Delegate for parallel settlement submission |
There was a problem hiding this comment.
Looking at how the title actually looks on the wbesite, it should probably be shortened to simply "Parallel Settlement Submission" (the other titles on the site aren't very good either but thats a different issue)
| classDef contract fill:#1864ab,stroke:#0b3558,stroke-width:3px,color:#ffffff,font-weight:bold | ||
| class SolverEOA,AuxEOAs eoa | ||
| class DirectTx,DelegatedTx,TargetCall tx | ||
| class DelegatedSolver,Settlement contract |
There was a problem hiding this comment.
same comments cowprotocol/solver-7702-delegate#5 (comment) and cowprotocol/solver-7702-delegate#5 (comment) . also, when looking at the website this doesn't seem to render.
| ## Manual cast commands | ||
|
|
||
| Most solvers should use the reference driver setup above. Use these commands only if you are setting up delegation manually and/or building a custom driver. | ||
|
|
||
| **To authorize a delegate when the solver EOA sends its own authorization transaction, sign with `--self-broadcast`**: | ||
|
|
||
| ```shell | ||
| cast wallet sign-auth <delegate_address> \ | ||
| --private-key <solver_private_key> \ | ||
| --rpc-url <rpc_url> \ | ||
| --chain <chain_id> \ | ||
| --self-broadcast | ||
|
|
||
| cast send 0x0000000000000000000000000000000000000000 \ | ||
| --auth <signed_authorization> \ | ||
| --private-key <solver_private_key> \ | ||
| --rpc-url <rpc_url> \ | ||
| --chain <chain_id> | ||
| ``` | ||
|
|
||
| **If a different funded account sends either transaction, do not use `--self-broadcast` when signing.** The solver EOA signs the authorization, but the funded account pays gas and submits the transaction: | ||
|
|
||
| ```shell | ||
| cast wallet sign-auth <delegate_or_zero_address> \ | ||
| --private-key <solver_private_key> \ | ||
| --rpc-url <rpc_url> \ | ||
| --chain <chain_id> | ||
|
|
||
| cast send 0x0000000000000000000000000000000000000000 \ | ||
| --auth <signed_authorization> \ | ||
| --private-key <transaction_sender_private_key> \ | ||
| --rpc-url <rpc_url> \ | ||
| --chain <chain_id> | ||
| ``` | ||
|
|
||
| To revoke delegation, sign an authorization to the zero address: | ||
|
|
||
| ```shell | ||
| cast wallet sign-auth 0x0000000000000000000000000000000000000000 \ | ||
| --private-key <solver_private_key> \ | ||
| --rpc-url <rpc_url> \ | ||
| --chain <chain_id> \ | ||
| --self-broadcast | ||
|
|
||
| cast send 0x0000000000000000000000000000000000000000 \ | ||
| --auth <signed_authorization> \ | ||
| --private-key <solver_private_key> \ | ||
| --rpc-url <rpc_url> \ | ||
| --chain <chain_id> | ||
| ``` |
There was a problem hiding this comment.
since these commands appear to basically just be repeats of hwat is on the repo readme, we can link to the Usage section there here I guess.
| ## Custom driver requirements | ||
|
|
||
| If you do not use the reference driver, your driver must: | ||
|
|
||
| - deploy `Solver7702Delegate` for the approved auxiliary caller set; | ||
| - have the solver EOA delegate to the deployed `Solver7702Delegate`; | ||
| - route delegated settlement transactions with `from = auxiliary EOA` and `to = solver EOA` (if solver EOA is busy); | ||
| - encode delegated calldata as `bytes20(target) || targetCalldata`. | ||
|
|
||
| ## Capabilities and limits | ||
|
|
||
| - Version 1 supports up to five immutable approved caller slots. | ||
| - Approved auxiliary EOAs are trusted hot keys. They can trigger arbitrary calls as the solver EOA. | ||
| - Changing authorized auxiliary accounts requires redeploying the delegate and re-delegating the solver EOA. | ||
| - The delegate can call arbitrary targets. The driver should normally use `GPv2Settlement` for settlement submissions. | ||
| - Use this only on chains and infrastructure that support ERC-7702 transaction authorization handling. | ||
|
|
||
| Keep solver EOA funds and approvals minimal, do not share auxiliary EOAs across solvers, and rotate callers immediately if an auxiliary key is compromised. |
There was a problem hiding this comment.
all this can probably be removed
|
|
||
| ## More details | ||
|
|
||
| For exact manual deployment, authorization, revocation, bytecode verification, and operational procedures, use the [`Solver7702Delegate` README](https://github.com/cowprotocol/solver-7702-delegate). |
igorroncevic
force-pushed
the
feat/solver-7702-delegate
branch
from
930e151 to
d313bd4
Compare
| If the settlement does not expose any MEV (e.g. it executes all trades without AMMs) it's safe and most efficient to directly submit to the public mempool. | ||
| However, if a settlement exposes MEV the driver would submit to an MEV-protected RPC like [MEVBlocker](https://mevblocker.io). | ||
|
|
||
| Solvers that expect real settlement volume should set up [Solver7702Delegate](../../solvers/solver-7702-delegate.md) early. It keeps the existing solver EOA as the settlement caller while auxiliary EOAs provide additional nonce lanes when the solver EOA has pending transactions. |
There was a problem hiding this comment.
"Real settlement volume" sounds a bit vague/weird.
The sentence somehow also feel a bit out of place but i don't have a strong opinion about this.
Note the last sentences of the previous section (L80-83) are also related to the topic so not sure what the best way to structure everything
|
|
||
| API specification: <https://github.com/cowprotocol/services/blob/main/crates/solvers/openapi.yml> | ||
|
|
||
| Solvers that expect real settlement volume should set up [Solver7702Delegate](./solver-7702-delegate.md) early. It keeps the existing solver EOA while adding extra submission nonce lanes for parallel settlement submission. |
There was a problem hiding this comment.
this doesn't belong here, as solvers that are supposed to just connect their solver engine (and not driver) are usually reading this
4 participants
Description
Adds a solver-facing guide for using
Solver7702Delegateto keep the existing solver EOA while using auxiliary EOAs for parallel settlement submission.Changes
Solver7702Delegatetutorial under solver docs.Summary by CodeRabbit