WhiteHatCoW
Automated fund recovery to secure CoW Protocol's trade hooks infrastructure and improve swap intent UX
Project Description
This project combines CoW Protocol's trade hooks, CoW Hooks, with it's Programmatic Order Framework to improve the security and user experience of swap intents. In a nutshell, WhiteHatCoW contracts automatically detect funds which are stuck or at risk of being drained, secures funds by preemptively transferring funds to a secure address, and finally tries to notify the owner through on-chain messaging as well as Twitter. When users interact with CoW Hooks, their transaction will touch multiple components of CoW Protocol's clever trade hooks infrastructure. One of those components is the Trampoline contract which acts as msg.sender to keep the underlying CoW contracts secured from malicious actors. This trampoline contract will be called when a user specifies a pre- or post-hook and is able to receive funds as well as have spending allowances for user funds. There are two scenarios in which WhiteHatCoW improves security and UX for users that interact with CoW Protocol's swap intents. Firstly and most importantly, we secure users that unintentionally give spending allowances to the trampoline contract with remaining unspent amounts that could then be used to drain user funds from their addresses through the trampoline. The second scenario is the user leaving funds inside the trampoline contract which are then sitting idle in the trampoline address and could be drained by any other user. In both scenarios, funds will be transferred to a secure WhiteHatCoW address via CoW Protocol's CoW Hooks, Tenderly Web3 Actions, and WalletConnect's in-app messaging service.
How it's Made
The off-chain bot that listens for remaining balances as well as residual allowances runs on a Django + Celery stack. When conditions for a WhiteHatCoW action are met (funds at risk - gas > 0), a CoW Hook appData structure is created which specifies the pre-hook necessary to transfer funds from the trampoline to the WhiteHatCoW address. This appData also contains a post-hook which fires an event that is picked up by Tenderly and WalletConnect and used to notify the funds' owner.
