Security Best Practices
Token Approval Safety
Approve only the exact amount needed for your orders rather than unlimited amounts. For TWAP orders specifically, approve precisely n * partSellAmount.
Safe Configuration Requirements
Proper setup demands three critical steps:
- Configure the fallback handler to the
ExtensibleFallbackHandler address
- Set the domain verifier for GPv2Settlement
- Test with a small order before full deployment
Incorrect fallback handler configuration will cause all orders to fail signature verification.
Order Parameter Validation
Ensure:
- Official handler addresses are used (not custom or unverified ones)
- Each order has a unique salt value to prevent hash collisions
- TWAP parameters meet specific constraints (e.g.,
n > 1, span must not exceed t)
Merkle Tree and Proof Management
Secure storage of merkle proofs is essential.
Loss of proofs means you cannot execute orders, even though they’re valid on-chain.
Monitoring and Emergency Response
Post-creation oversight involves:
- Track execution on CoW Explorer
- Verify watchtower pickup of your orders
- If issues arise:
- Cancel problematic orders immediately
- Revoke token approvals if security concerns exist
