Skip to content

[03/03] DeepSec approvals: ETH-flow Safe bundle and TWAP entrypoints#7839

Draft
fairlighteth wants to merge 2 commits into
deepsec/approval-permit-02-shared-gatefrom
deepsec/approval-permit-03-flow-entrypoints
Draft

[03/03] DeepSec approvals: ETH-flow Safe bundle and TWAP entrypoints#7839
fairlighteth wants to merge 2 commits into
deepsec/approval-permit-02-shared-gatefrom
deepsec/approval-permit-03-flow-entrypoints

Conversation

@fairlighteth

@fairlighteth fairlighteth commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

What changed

  • Route ETH-flow approval through the shared approval gate and handle both transaction and Safe approval responses.
  • Ignore stale ETH-flow partial approval amounts when the stored amount belongs to a different token.
  • Gate both Safe bundle approval implementations before constructing or submitting approval transactions.
  • Make TWAP creation wait until the zero-approval requirement is resolved.

Why

  • ETH-flow and Safe bundle entrypoints constructed approvals outside the classic approval path, so they could bypass the widget host's approval-specific policy.
  • Flow-specific readiness state must be resolved before transaction construction so the reviewed approval operation matches the submitted one.

DeepSec findings addressed

  • Source: DeepSec vulnerability scan report dated 2026-05-05. This waterfall supersedes the closed aggregate PR fix: align approval hooks and permit spender checks #7620.
  • MEDIUM - ETH-flow approvals bypass injected widget approval hooks: wrapped-native approval used the raw approval callback and could prompt the wallet even when the widget host rejected approval policy. ETH-flow now uses the shared gate before approval.
  • MEDIUM - Safe limit-order approval bundle bypasses widget approval hook: a Safe batch could include an ERC-20 approval without invoking the approval-specific host callback. Both Safe bundle implementations now gate the actual token, amount, wallet, and spender before building or sending the approval.
  • Review follow-up: TWAP creation waits for zero-approval readiness, and ETH-flow ignores stale partial approval state belonging to another currency.

Review guide

  • This is PR 3 of 3: develop <- #7837 <- #7838 <- #7839.
  • Review focus:
    1. ETH-flow approval entrypoint and response handling.
    2. Safe bundle approval entrypoints.
    3. TWAP zero-approval readiness.
    4. Stale partial-approval currency handling.
  • Base branch is deepsec/approval-permit-02-shared-gate; review this diff against [02/03] DeepSec approvals: shared gate and classic permit paths #7838, not develop.

QA Testing

Developer verification on 11d3f3862:

  • Targeted approval, permit, and ETH-flow hooks: 6 suites, 43 tests passed.
  • cowswap-frontend, permit-utils, and common-utils TypeScript checks passed.

CI status on the amended head:

  • Passing as of this update: Typecheck, Agent Harness, Setup, i18n extraction, Socket Security, CLA, and completed Vercel deployments.
  • Test, Lint, Cypress, and the remaining preview deployments were still incomplete; use the Checks tab for their live result.

Known QA gaps

  • No fresh manual real-wallet signing pass for ERC-20 approval, EIP-2612 permit, or DAI-like permit signing on the latest stacked head.
  • No manual Safe bundle approve/presign pass on the latest stacked head.
  • No manual TWAP creation pass with a token that requires zero approval; coverage here is unit and typecheck only.

Preview URLs

Surface URL
swap-dev - branch preview URL https://swap-dev-git-deepsec-approval-permit-03-flow-f90d54-cowswap-dev.vercel.app
explorer-dev - branch preview URL https://explorer-dev-git-deepsec-approval-permit-03-1a966c-cowswap-dev.vercel.app
cowfi - branch preview URL https://cowfi-git-deepsec-approval-permit-03-flow-entrypoints-cowswap.vercel.app
storybook - branch preview URL https://storybook-git-deepsec-approval-permit-03-flo-4dad8a-cowswap-dev.vercel.app
widget-configurator - branch preview URL https://widget-configurator-git-deepsec-approval-per-72f172-cowswap-dev.vercel.app
sdk-tools - branch preview URL https://sdk-tools-git-deepsec-approval-permit-03-flo-dfa8f4-cowswap-dev.vercel.app

@vercel

vercel Bot commented Jul 9, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
cowfi Ready Ready Preview Jul 10, 2026 12:18pm
explorer-dev Ready Ready Preview Jul 10, 2026 12:18pm
storybook Ready Ready Preview Jul 10, 2026 12:18pm
swap-dev Ready Ready Preview Jul 10, 2026 12:18pm
widget-configurator Ready Ready Preview Jul 10, 2026 12:18pm
2 Skipped Deployments
Project Deployment Actions Updated (UTC)
cosmos Ignored Ignored Jul 10, 2026 12:18pm
sdk-tools Ignored Ignored Preview Jul 10, 2026 12:18pm

Request Review

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5188921b-1272-46b4-a7fc-62b56d117912

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch deepsec/approval-permit-03-flow-entrypoints

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 9, 2026

Copy link
Copy Markdown

Deploying explorer-dev with  Cloudflare Pages  Cloudflare Pages

Latest commit: 3fa697b
Status: ✅  Deploy successful!
Preview URL: https://001f5420.explorer-dev-dxz.pages.dev
Branch Preview URL: https://deepsec-approval-permit-03-f.explorer-dev-dxz.pages.dev

View logs

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 9, 2026

Copy link
Copy Markdown

Deploying swap-dev with  Cloudflare Pages  Cloudflare Pages

Latest commit: 3fa697b
Status: ✅  Deploy successful!
Preview URL: https://86889f1a.swap-dev-5u6.pages.dev
Branch Preview URL: https://deepsec-approval-permit-03-f.swap-dev-5u6.pages.dev

View logs

@fairlighteth

Copy link
Copy Markdown
Contributor Author

Cross-PR coordination heads-up: this PR inherits the shared approval-gate work from #7838, which directly overlaps #7697's permit-signing fix. #7697 also adds limit-order and lower-level swapFlow coverage.

The review on #7697 identified a cached-permit ordering issue that also applies to the shared gate in #7838. There is no direct file overlap in this PR, but flagging it here because the completed stack will carry that behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant