Skip to main content
ComposableCoW has undergone multiple independent security audits to ensure the safety and reliability of the protocol. All deployed contracts have been thoroughly reviewed by security experts.

Completed Audits

Ackee Blockchain (2023)

Ackee Blockchain conducted a comprehensive security audit of the ComposableCoW and ExtensibleFallbackHandler contracts. Scope:
  • ComposableCoW core contract
  • ExtensibleFallbackHandler integration
  • Conditional order verification logic
  • Merkle proof validation
  • ERC-1271 signature verification
Report: CoW Protocol - ComposableCoW and ExtensibleFallbackHandler
The Ackee Blockchain audit covers all core functionality including single orders, merkle tree-based orders, and the extensible fallback handler integration.

Gnosis Internal Audit (May/July 2023)

Gnosis conducted an internal security review of the ComposableCoW codebase. Scope:
  • Full ComposableCoW contract review
  • Order type implementations (TWAP, GoodAfterTime, etc.)
  • Integration with Safe contracts
  • Domain separator and signature validation
Report: ComposableCoW - May/July 2023

Gnosis Internal Audit - Diff Review (August 2024)

Gnosis conducted a focused review of changes made between the May/July 2023 audit and August 2024. Scope:
  • Differential analysis of code changes
  • New features and modifications
  • Updated order types
  • Security implications of changes
Report: ComposableCoW - Diff between May/July 2023 and August 2024
This diff review ensures that all changes made after the initial audit maintain the same security standards.

Audit Coverage

The audits cover the following deployed contracts:
ContractStatus
ExtensibleFallbackHandlerAudited
ComposableCoWAudited
TWAPAudited
GoodAfterTimeAudited
PerpetualStableSwapAudited
TradeAboveThresholdAudited
StopLossAudited
CurrentBlockTimestampFactoryAudited

Deployed Contract Addresses

All audited contracts are deployed at the same addresses across multiple networks: ComposableCoW: 0xfdaFc9d1902f4e0b84f65F49f244b32b31013b74 ExtensibleFallbackHandler: 0x2f55e8b20D0B9FEFA187AA7d00B6Cbe563605bF5 Supported networks:
  • Ethereum Mainnet
  • Gnosis Chain
  • Arbitrum One
  • Base
  • BSC
  • Avalanche
  • Optimism
  • Polygon
  • Sepolia (testnet)
You can verify these addresses on the respective block explorers. All contracts use deterministic deployment for consistent addresses across networks.

Security Disclosure

If you discover a security vulnerability in ComposableCoW, please report it responsibly:
Do not disclose security vulnerabilities publicly. Follow responsible disclosure practices to protect users.
Contact the CoW Protocol security team through:

Continuous Security

Beyond formal audits, ComposableCoW maintains security through:
  • Extensive test coverage - Unit, fuzz, and fork tests
  • Formal verification - Mathematical proofs of key properties
  • Community review - Open-source codebase for public scrutiny
  • Bug bounty program - Incentivized vulnerability discovery
  • Regular updates - Ongoing security improvements and patches
All test results and coverage reports are available in the GitHub repository.

Build docs developers (and LLMs) love

Get started for freeTalk to us