Grant Application: Railgun–CoW Protocol SDK for Private Swaps

Author(s): Auryn Macmillan, Jan-Felix Schwarz, Alex Espinosa

Experiences and qualifications:

Gnosis Guild and CoW Protocol both spun out from Gnosis, and the teams have a long history of collaboration. Zodiac is already widely used by treasury managers interacting with CoWSwap, and Gnosis Guild built a Zodiac helper contract to enable granular access control over CoWSwap orders. The Zodiac team has also built a proof of concept connecting Railgun to CoWSwap, demonstrating the feasibility of private swaps through this integration.

Grant Description:

This grant funds the development of an open-source software development kit (SDK) and supporting libraries that enable programmatic execution of CoW Protocol swaps from Railgun-shielded balances.

The proposed library will wrap existing CoW Protocol SDKs and APIs with Railgun-compatible privacy flows, allowing developers to:

• Initiate swaps from private balances
• Submit and manage orders programmatically
• Preserve privacy throughout the swap lifecycle
• Integrate private swaps into user interfaces and applications

The SDK will be released under the LGPL open-source license from day one, with public repositories, documentation, and test coverage.

As part of validation and demonstration, the team will integrate the SDK into the Zodiac app. This integration work is explicitly outside the scope of the grant and will not be funded through this proposal.

The primary outcome of this grant is a reusable, composable, and community-owned library that lowers the barrier to building privacy-preserving trading applications on CoW Protocol.

Type of Grant:

Milestone-based

Milestones:

Specifics: Milestone 1 – Open-Source Railgun–CoW SDK

Estimated Effort: 8-10 weeks

Deliverables:

1. Core SDK Development

• Open-source library wrapping CoW Protocol SDKs and APIs for Railgun compatibility
• Support for initiating swaps from Railgun-shielded balances
• Abstractions for private order creation, signing, and submission
• Interfaces for interacting with CoW Protocol’s order book and settlement systems

2. Full Swap Lifecycle Support

• Support for major CoWSwap order types (market, limit)
• Handling of partial fills and order cancellations
• Re-shielding of received assets post-settlement

3. Privacy-Preserving Operations

• Shielded balance queries for application integration
• Private approval and signing workflows
• MEV protection combined with Railgun privacy and CoW Protocol settlement mechanisms

4. Testing & Documentation

• Unit and integration test suites covering core flows
• End-to-end real-world validation through integration into the Zodiac app
• Review of privacy guarantees at each lifecycle stage
• Comprehensive API and developer documentation

Success Criteria:

• Public, LGPL-licensed open-source repository available from project start
• SDK enables private CoWSwap transactions from Railgun balances
• Supports major ERC-20 token pairs
• End-to-end private swap lifecycle is functional (submit, fill, cancel, re-shield)
• Comprehensive developer documentation published
• At least one production-grade integration (Zodiac) demonstrating viability
• Successful execution of 30+ private swaps on mainnet using the SDK

Length:

Approximately 2-3 months (8-10 weeks), commencing immediately upon acceptance of the proposal.

Funding Request:

50,000 xDAI total: 25,000 xDAI upon acceptance, 25,000 xDAI upon completion of Milestone 1.

Gnosis Chain Address (to receive the grant):

0x12BEEF35025841EFccb77D6EE40df86400Fdb4bB

Terms and Conditions:

By submitting this grant application, I acknowledge and agree to be bound by the CoW DAO Participation Agreement and the CoW DAO Grant Agreement Terms.

INCLUDE NOTE TO COMMITTEE:
Please notify the Grantee of their reviewer and their steward in the thread and latest upon successful approval of the Grant on Snapshot.

Thanks for the proposal. We’ve had a look through and are generally supportive of the direction here, but have some feedback on scope and direction we’d want to align on before getting into the detail.

ERC-7579, not Zodiac/Safe-locked
IMO the SDK and any contracts should be ERC-7579 based rather than tied to the Zodiac/Safe stack. The deliverable needs to be genuinely composable, with standalone end-to-end examples that work independently of any closed-source app. Zodiac integration is fine as something you do on your end, but it can’t be the reference integration for the grant.

Milestone-based for the SDK, volume-based for downstream integrations
The fixed milestone grant should cover the open-source SDK and end-to-end examples, that’s the deliverable. For downstream integrations that actually drive volume (Railway, Zodiac, or otherwise), we incentivise those through volume-based rewards. That’s how we handle it across the board and it’s the right structure here too.

Railway, not just Zodiac
On that note, for production integrations we’d want to see Railway rather than just Zodiac. Zodiac alone is unlikely to move the needle on volume. Railway feels like the natural fit here and a reasonable expectation given the broader context of this work.

Let us know your thoughts.

Thanks for the feedback, @mfw78.

ERC-7579, not Zodiac/Safe-locked

The intent here is for this SDK to be relatively account agnostic, such that developers can easily use any number of different account options. Our PoC implementation used Mech rather than a safe, because this allowed us to make the Ethereum account inseverable from the Railgun account. But yes, one could alternatively choose to use a Safe, an EOA (via EIP 7702), or even an 7579 account (although I’m not aware of any meaningful traction on 7579). In the past we’ve built on top of Safe because it’s the most practical choice given it is by far the most widely supported contract account.

Milestone-based for the SDK, volume-based for downstream integrations

Fully agree here. The proposal only specifies the milestone-based component. Volume-based rewards downstream are presumably separate.

Railway, not just Zodiac

Integration into Railway, Kohaku, Anon, and others is certainly something we’d love to see and support. However these are external codebases that we do not control. We would prefer not to make the grant completion contingent on external dependencies.

ithacaxyz/account and Zerodev’s kernel support ERC-7579, in addition to Safe having ERC-7579 support via the rhinestone implementation, so I think if we are to be as account agnostic as possible from a smart contract perspective, it seems that ERC-7579 would be the way to go.

We do not hold up grant completion contingent on merging into externally controlled repositories.

Awesome, I think we’re on the same page then.

Hey @auryn glad to see the movement here.

Just wanted to call this out: what moves the needle for us here is native Railgun integration, not just a Zodiac module sitting on top. If private order flow anywhere near the scale that 0x is reportedly routing through Railgun can be directed to CoW instead, that’s meaningful.

Let us know if that can be reflected in a revised proposal. Looking forward to seeing what you come back with.