Cow-intent-guard — Protecting Programmatic Orders from Frontend Hijacks and Silent Failures

CoW Grants Program
1

Project Name: cow-intent-guard — Protecting Programmatic Orders from Frontend Hijacks and Silent Failures

Author(s): ILE Labs

Introduction:

ILE Labs is an open-source development collective specializing in high-performance blockchain infrastructure and cryptographic tooling. Our core competency lies in deep execution-flow analysis and Rust systems engineering. Our previous work includes:

Additional Links:

Project Description

The Problem

The April 2026 DNS hijacking of cow.fi exposed a critical systemic vulnerability: over-reliance on web-based interfaces for intent verification.

When the frontend was compromised, users were tricked into signing malicious intents because they lacked a local, trusted way to verify exactly what their signatures contained. Furthermore, developers building on the ComposableCoW framework currently suffer from “silent failures”—orders that are cryptographically valid but fail to execute due to parameter-level ambiguities (e.g., incorrect slippage packing or fee calculations) that are only visible after submission.

The Solution: cow-intent-guard

cow-intent-guard is a standalone, Rust-powered CLI and SDK that provides a “Local Trusted Frontier” for CoW Protocol. It allows developers and power users to:

  1. Offline Intent Decoding: Parse raw EIP-712 order data and ComposableCoW calldata locally, without touching any web infrastructure.

  2. Pre-Flight Settlement Simulation: Run intents against a local mainnet fork (Anvil) to simulate the exact settlement outcome, detecting slippage errors and “silent failures” before they ever hit the order book.

  3. Phishing Signature Detection: A local database of known malicious signature patterns and “risk scoring” for intents that look like drains (e.g., swapping for low-liquidity tokens or suspicious receivers).

  4. WASM-Ready Verification: The core engine is built to be compiled to WASM, enabling other wallets and Safe Apps to integrate “Offline Verification” natively.

Why ILE Labs?

Building a local settlement simulator requires more than just calling an API. It requires deep knowledge of the GPv2Settlement contract logic, internal storage layout for ComposableCoW, and the ability to reconstruct state in a local fork. ILE Labs has a proven track record of building these exact types of “lens” tools for other ecosystems (Solana, MultiversX, Arbitrum).

Impact

  1. Security Resilience: Decouples order verification from the cow.fi domain. In the event of a future DNS attack, users can verify their transactions locally using cow-intent-guard.

  2. Developer Onboarding: Directly addresses the 2026 RFP priority for “Order Decoders” and “Offline Development Mode.”

  3. Reduced MEV/Slippage Losses: By simulating orders locally, developers can optimize their minOut parameters and slippage packing, reducing failed trades and value leakage.

Milestone Breakdown

Total Funding Requested: $28,500 (USDC/DAI)

Duration: 3 Months

Milestone 1: The “Decoder” Engine ($9,500)

  • Objective: Implement a robust Rust parser for EIP-712 CoW orders and ComposableCoW programmatic parameters.

  • Deliverable: CLI tool cow-guard decode <RAW_DATA> which outputs a human-readable, verified JSON representation of the intent.

  • Verification: Passes verification against 100+ historical mainnet transactions, including complex TWAP and Stop-Loss orders.

Milestone 2: The “Simulator” (Phase 1) ($10,000)

  • Objective: Local fork simulation.

  • Deliverable: Integration with ethers-rs / alloy and anvil. CLI command cow-guard simulate <INTENT> which forks mainnet state, executes the trade against the CoW Settlement contract, and reports the exact buyAmount or reason for failure.

  • Verification: Successful simulation of a 5-part TWAP order, predicting the execution of the first discrete part within 0.1% accuracy of mainnet outcomes.

Milestone 3: Security Scoring & WASM Release ($9,000)

  • Objective: Risk analysis and ecosystem integration.

  • Deliverable: Implementation of “Risk Tiers” (e.g., Aegis-style protection) and a WASM build of the library for frontend/wallet integration. Final documentation hosted on Mintlify.

  • Verification: Integration guide for Safe Apps showing how to use cow-intent-guard-wasm to provide “Local Simulation” popups before signing.

Project Pulse & Tracking

| Milestone | Duration | Status | Deliverable |

|-----------|----------|--------|-------------|

| M1: Decoder Engine | 4 Weeks | Planned | Local CLI cow-guard decode |

| M2: Simulation Suite | 4 Weeks | Planned | Anvil Integration & Settlement Mocking |

| M3: Security Scoring | 4 Weeks | Planned | WASM Release & Mintlify Integration |

Stewardship & Community Engagement

We recognize the importance of active communication in the CoW DAO. To ensure transparency, ILE Labs commits to:

  1. Bi-Weekly Updates: We will post progress reports in this thread every 14 days, following the structured milestone table above.

  2. Open QA: We invite committee members (@anxolin, @mfw78) to request specific edge-case simulations or decoding patterns they would like to see prioritized.

  3. Public Beta: A functional CLI for Milestone 1 will be available for community testing before the end of the first month.

Additional Information

  • Payment Address: (ILE Labs Gnosis Chain Wallet)

  • Standard Terms: We agree to be bound by the CoW DAO Grant Agreement Terms.

  • Open Source: All code will be licensed under MIT/Apache-2.0 and published to github.com/ILE-Labs/cow-intent-guard.

2

I disagree with the approach of creating another sdk in Rust, while we already have one in Typescript that can be extended and should be the basis of cow cli.

Who will maintain it? Nothing in the proposal mentions how this tool will not become abandoned.

3

Hi @kernelwhisperer,

Thank you for the candid feedback. These are very fair concerns that every DAO grants committee should ask, and we appreciate the opportunity to clarify our approach.

1. Why Rust instead of extending the TypeScript SDK?

While TypeScript is excellent for standard API interactions, the primary value proposition of cow-intent-guard is the pre-flight settlement simulation engine (Milestone 2).

  • Local Fork Performance: To simulate transactions locally against an active mainnet/Gnosis chain fork, we rely heavily on Rust’s low-overhead execution frameworks (like Alloy/Anvil). There is currently no high-performance TypeScript equivalent that can handle sandboxed state-fork execution with local cycle/gas profiling at this speed.
  • Universal WASM Compilation: By writing the core engine in Rust, we compile it directly to WebAssembly (WASM). This allows the exact same simulation and decoding logic to be integrated natively into TS frontends (like Safe Apps or web wallets) as a clean NPM package (cow-intent-guard-wasm), but with near-native execution speeds and strict memory safety.

2. Bandwidth, Team Allocation, and Maintenance

We understand the fear of “abandonware” in DAO grants. To mitigate this:

  • Dedicated Team Allocation: ILE Labs is an active collective of developers, meaning we do not run all projects under the same staff. For cow-intent-guard, we have a separate, dedicated sub-team of 3 developers assigned exclusively to this codebase. They operate independently of our other ecosystem commitments, ensuring focused execution.
  • Post-Delivery Commitment: We commit to a 6-month post-delivery maintenance window to handle upstream CoW contract/API updates. Because the codebase is built as a modular Rust crate and packaged as a standard WASM library, it can be easily wrapped, integrated, or maintained by other developers in the CoW ecosystem if needed.

We believe a Rust/WASM-based simulation primitive is the most future-proof way to bring local security checks to CoW users across both web and native applications.

4

Thanks @ILE_LABS for the writeup and for engaging with the recent cow.fi incident. We’ve discussed internally and won’t be moving forward with this one.

Appreciate the effort you put into the proposal and wish you the best with your other work.