7Block Labs
Contact Us
Blockchain Development

ByAUJay

How to Build a Solver for Blockchain Intents Without Creating New Attack Vectors

Decision‑makers’ summary: This playbook shows how to design, ship, and operate an intent solver that actually improves execution quality while shrinking your attack surface. It distills what changed in 2024–2025 (UniswapX V3 orders, CoW fair combinatorial auctions, ERC‑7683 cross‑chain intents, Pectra’s EIP‑7702), the real attack vectors we see in production, and the concrete design, testing, and monitoring patterns that keep solvers safe and competitive. (docs.uniswap.org)

Why this matters now

“Intent-based” UX went from theory to practice. Users sign what they want (an outcome), and specialized solvers compete to make it happen. On Ethereum, two architectures dominate:

  • Batch auctions with open solver competition (CoW Protocol). Users submit signed orders; solvers bid to maximize user surplus under strict fairness rules and slashing for misbehavior. (docs.cow.fi)
  • Per‑order Dutch auctions (UniswapX). Users sign a price‑decaying order; fillers compete to fill using their liquidity and private routing. Cosigners, RFQ exclusivity windows on mainnet, and now V3 orders on Arbitrum (block‑based decay) tighten control and performance. (docs.uniswap.org)

Cross‑chain, ERC‑7683 is emerging so apps share a filler network and settlement plumbing instead of rebuilding relayers per protocol. And since May 7, 2025, Ethereum’s Pectra upgrade (EIP‑7702) lets EOAs delegate contract logic per‑tx—cleanly blending AA features into intent flows without new wallets. Your solver must speak all of that, safely. (eips.ethereum.org)

The 2025 intent landscape: what actually changed

  • CoW’s fair combinatorial batch auctions formalized “surplus‑maximizing, fairness‑constrained” selection and Uniform Clearing Prices; schemas, deadlines, and slashing rules are published and actively enforced. (docs.cow.fi)
  • UniswapX matured its filler ecosystem with:
    • RFQ on mainnet (quoter exclusivity windows) and per‑order Dutch auctions elsewhere; API/webhooks for low‑latency order feeds. (docs.uniswap.org)
    • V3 Dutch Orders on Arbitrum: block‑based decay, cosigner‑verified parameters, gas‑aware adjustments, and migration from V2. (docs.uniswap.org)
    • Order obfuscation (inverse requests) to reduce frontrunning and signature misuse; Permit2‑backed nonces in the flow. (docs.uniswap.org)
  • ERC‑7683 (Cross‑Chain Intents) defines common order structs, settlement interfaces, and a resolve() model so fillers can verify heterogeneous “orderData,” with explicit guidance on Permit2 witness signing and deadlines. (eips.ethereum.org)
  • EIP‑7702 is live via Pectra: EOAs can temporarily execute contract code (aligned with ERC‑4337), enabling one‑shot delegated execution, batch actions, and sponsored gas in intent flows. Tooling and bundlers are catching up (EntryPoint v0.8 support). (theblock.co)
  • MEV‑aware orderflow infra hardened: MEV‑Share formalized programmable privacy and rebates; SUAVE clients and BuilderNet advanced private, verifiable ordering across domains. MEV‑Blocker scaled user protection and rebates. Your solver must integrate private relays and OFAs, not leak alpha to the public mempool. (docs.flashbots.net)

Threat model: how solvers (and their hosts) get exploited

Below are the attack vectors we see recur in intent systems and the exact mitigations that work in production.

  1. Surplus manipulation and unfair batching
  • Problem: In batched settings, a solver can shift surplus between orders that share a token (“local token conservation” violations) or penny/overbid to win then try to recoup later.
  • Mitigations:
    • Protocol‑level: Adopt fair combinatorial auction constraints; enable slashing for surplus shifts and overbidding behaviors; publish CIP‑style rules ex‑ante.
    • Solver‑level: Add “no‑worse‑than EBBO” constraints vs on‑chain AMMs, enforce invariant checks in proofs-of-solution submitted on‑chain. (docs.cow.fi)
  1. Order leakage → frontrunning/sandwiching
  • Problem: If your solver pulls orders via public APIs and broadcasts fills via the public mempool, you leak your route to searchers.
  • Mitigations:
    • Always send bundles through private relays (Protect/MEV‑Blocker) or MEV‑Share nodes; on UniswapX, prefer private settlement routes and filler inventory.
    • Ingest through authenticated feeds/webhooks; delay public calldata publication until inclusion. (docs.flashbots.net)
  1. Signature replay or mis‑scoped domain
  • Problem: Off‑chain signed intents (EIP‑712) replayed on other chains/contracts due to weak domain separation.
  • Mitigations:
    • Use EIP‑712 typed messages with explicit chainId and verifying contract; verify ERC‑1271 for smart accounts; pin nonces to Permit2 where applicable (UniswapX, ERC‑7683 witness). (eip.info)
  1. Cross‑chain settlement risks (fill validation, settler trust)
  • Problem: ERC‑7683 is settlement‑system‑agnostic; insecure settlers or oracles can drain deposits or accept invalid fills.
  • Mitigations:
    • Restrict to audited origin/destination settlers; implement filler‑side allowlists for settler contracts; verify resolve() output consistency pre‑fill; require on‑chain proofs or quorum oracles for fills; simulate settlement with forked state. (eips.ethereum.org)
  1. Cosigner and RFQ abuse
  • Problem: RFQ auctioneers could selectively degrade prices inside a user’s signed range; cosigner logic could be hijacked.
  • Mitigations:
    • Verify cosigner signatures and allowed overrides; track “best executable price” enforcement in audits; participate in sanctioned RFQ programs; monitor block‑based decay vs. execution block to detect stale fills. (docs.uniswap.org)
  1. Collusion and information asymmetry among solvers
  • Problem: Sharing batch instance hints or informal “I’ll sit out this round” deals reduces competition.
  • Mitigations:
    • Submit sealed bids (commit‑reveal or TEE‑based ordering like SUAVE); randomize bid timing within deadlines; monitor competitors’ surplus patterns on Dune/CoW dashboards and alert on correlation spikes. (github.com)
  1. Gas griefing and revert bombs
  • Problem: Attackers craft states or hooks that make your path revert late; you still pay gas.
  • Mitigations:
    • Use pre‑sim pipelines with state‑override RPC; hard‑ban brittle pools/tokens; add per‑venue revert fingerprints; on 4337 flows, use paymasters with strict commit conditions and refund caps. (github.com)
  1. Data privacy debt across domains
  • Problem: Cross‑chain intent metadata and partial fills can be correlated to reconstruct user strategies.
  • Mitigations:
    • Use MEV‑Share’s programmable privacy and hinting; where viable, adopt differentially private aggregates for hints; keep per‑chain identifiers bytes32‑encoded (as ERC‑7683 recommends) and avoid reusing off‑chain IDs. (docs.flashbots.net)

A reference architecture for a safe, competitive solver

Think in five planes: intake, policy, search, execution, and telemetry.

  1. Intent intake and normalization
  • Sources:
    • CoW: use the solver instance JSON (id, tokens, orders, deadline, surplusCapturingJitOrderOwners). Parse stringified numerics carefully to avoid precision loss. (docs.cow.fi)
    • UniswapX: poll Orders API or register webhooks (rate‑limited); decode encodedOrder via SDK; track RFQ exclusivity windows (mainnet) and V3 order fields (cosignerData, block‑based decay on Arbitrum). (docs.uniswap.org)
    • Cross‑chain: accept ERC‑7683 orders; implement decode/resolve so your engine can price them without bespoke parsers for each orderData subtype. Bind signers via Permit2 witness. (eips.ethereum.org)
  • Validation:
    • EIP‑712 domain checks (chainId, verifyingContract); ERC‑1271 signature verification for contract wallets; expiry/fillDeadline gates; replay cache on permit nonces. (eip.info)
  1. Policy and safety layer
  • Static allow/deny lists by token, AMM, router; fee caps; min surplus thresholds vs EBBO; MEV policy: all on‑chain legs via private relays; cross‑domain settlers restricted to approved addresses.
  • Batch auction constraints (CoW) and slashing awareness: never submit bids that could be flagged for surplus shift or overbidding; log internal accounting for post‑mortems. (docs.cow.fi)
  1. Route search under deadlines (what actually wins)
  • Objective: maximize user surplus subject to gas, slippage, and risk budgets; for CoW, ensure fairness constraints; for UniswapX, match decay curve and exclusivity.
  • Practical strategy:
    • Hybrid engine: deterministic baseline (multi‑path split‑flow with Bellman‑Ford for negative cycles) + anytime stochastic search (e.g., NSGA‑II) with a hard 0.5–1.0s cap; keep a “never worse than baseline” guard so you don’t regress under load. (arxiv.org)
    • Liquidity adapters prioritized by venue reliability; for Dutch auctions, time your bids to the decay curve while avoiding “last‑look” reorg windows.
    • Cross‑chain: quote both legs with settlement risk priced in; simulate destination fills on forked state; verify resolve() output before paying origin deposits. (eips.ethereum.org)
  1. Execution and settlement
  • CoW: submit sealed bids within deadlines; include exact pre/post hooks; never exploit internal buffers; respect token conservation. Use private relay submission for settlement tx. (docs.cow.fi)
  • UniswapX:
    • Mainnet: integrate RFQ if allowlisted (quoter role), then fall back to Dutch auction.
    • Arbitrum: implement V3 reactor fill flow; verify cosigner signature and block‑based decay; handle exclusivity override bps; use directFill when inventory is faster/cheaper. (docs.uniswap.org)
  • 7702 + 4337 flows: if a user’s EOA uses 7702 delegation, ensure your bundler/paymaster stack (EntryPoint v0.8) recognizes authorizations and calculates gas/refunds correctly. Prefer hosted bundlers that have v0.8 conformance or run your own with the compatibility test suite. (medium.com)
  1. Privacy and MEV routing
  • Route fills via private relays and/or MEV‑Share; set redistribution rules to return backrun value to users/OF providers; avoid public mempool unless strictly necessary. SUAVE‑style ordering will further harden this path as it matures. (docs.flashbots.net)
  1. Observability and SLOs
  • Track: price improvement vs EBBO, surplus captured, gas per fill, failure causes (permit2 nonce, expiry, insufficient funds), latency to inclusion, percent routed via private relays, RFQ win rate, cross‑chain settlement times, and incidents by venue.
  • External truth sources: UniswapX order status API; CoW Dune dashboards; MEV‑Blocker rebate dashboards. Use these to compute user‑visible value (e.g., rebates returned, price improvement). (api-docs.uniswap.org)

Concrete build steps (with gotchas we’ve tripped on)

  1. Set up feeds and schemas
  • CoW: implement the current auction instance schema; handle stringified numerics; clock‑sync your solver to avoid missing deadlines. (docs.cow.fi)
  • UniswapX:
    • Start with polling Orders API at 6 rps; switch to webhooks when approved to cut latency.
    • Support Dutch V3 on Arbitrum now; don’t assume time‑based decay—use block numbers; validate cosignerData and exclusivity params. (docs.uniswap.org)
  • Cross‑chain: annotate your internal order model with ERC‑7683 fields (fillDeadline, orderDataType, orderData); build a resolve() sandbox to pre‑price new subtypes without deploys. (eips.ethereum.org)
  1. Wire private routing by default
  • Ethereum mainnet: Protect RPC/MEV‑Share node; MEV‑Blocker endpoints when you want rebates + protection, choosing fullprivacy/noreverts as needed per trade type. Track the exact endpoint to avoid silent downgrades. (docs.flashbots.net)
  1. Simulate everything
  • For 4337: align with the EntryPoint your stack supports (v0.7 is still common; v0.8 adds 7702‑aware flows). If you aren’t ready for v0.8, ensure your vendor/bundler’s roadmap is clear. (alchemy.com)
  • For Dutch orders: simulate at the exact block (V3) to avoid decay mismatches; handle gas‑aware adjustments or you’ll under‑deliver and fail. (docs.uniswap.org)
  1. Add safety rails to the optimizer
  • Budget‑aware, risk‑aware objectives (surplus, -gas, -slippage, -risk) with a “never worse than baseline” guard; kill switches for venues and tokens; hard caps for split‑flow fan‑out to avoid combinatorial blow‑ups near deadlines. (arxiv.org)
  1. Prove your solver won’t get slashed (CoW)
  • Build unit tests for: local token conservation, fair pricing, hook inclusion, and “no overbidding” rules. Compare your bids against a generated “no‑MEV” reference portfolio to catch illegal surplus shifts. (docs.cow.fi)
  1. Cross‑chain settlement hardening
  • Allowlist settlers; require multiple oracles or optimistic proofs; pre‑compute filler payouts and refund paths; monitor partial fills and guarantee idempotent retries; explicitly price settlement risk into your objective. (eips.ethereum.org)
  1. Telemetry that matters
  • Pipeline health: order ingestion lag, webhook drop rate, signature verification errors, sim pass rate, relay inclusion delay.
  • Outcome health: price improvement vs EBBO, RFQ win rate, private vs public inclusion, rebate share returned to users. Tie ops alerts to SLO breaches (e.g., if >5% of fills leak to public mempool, page on‑call).

Example: minimal UniswapX filler loop that doesn’t leak alpha

  • Intake: poll Orders API or subscribe to webhook; decode encodedOrder; filter for your tokens/pairs; verify cosigner fields; simulate at current block height for V3 decay; check permit2 nonce unused. (docs.uniswap.org)
  • Search: evaluate directFill (inventory) first to eliminate AMM slippage; otherwise route across your preferred AMMs and private RFQs; respect exclusivity override bps. (docs.etcswap.org)
  • Execution: submit via private relay; if transaction sim differs from mempool state (e.g., baseFee spike), recompute with gas‑adjusted amounts before the auction window expires. (docs.uniswap.org)

Example: joining CoW’s solver competition without getting slashed

  • Intake: consume the batch instance; normalize tokens and AMM curves; note the auction deadline. (docs.cow.fi)
  • Search: run a split‑flow solver that proposes both single‑order and batched bids; ensure each batched bid is “fair” (no order worse than the best single‑order alternative). (docs.cow.fi)
  • Policy: enforce EBBO floor vs available AMMs; reject any solution that shifts surplus across orders sharing a token; estimate gas per path and include in surplus accounting. (docs.cow.fi)
  • Execution: submit bids before deadline; settle via private relay to avoid backrun surprises; archive per‑auction proofs for post‑hoc audits.

Cross‑chain intents, safely (ERC‑7683)

  • Implement both Gasless and On‑chain order decoding; use resolve() to produce ResolvedCrossChainOrder before quoting; enforce fillDeadline at destination; bind user authorization via Permit2 witness. (eips.ethereum.org)
  • Treat settlers like counterparties you risk‑score. Don’t assume “standardized order” implies “standardized settlement security.” Your solver should refuse fills where settler verification guarantees (proof system, oracle quorum) don’t meet policy. (eips.ethereum.org)

EIP‑7702 + ERC‑4337: what to change in your pipeline

  • If a wallet uses 7702 delegation, the user’s “EOA” may have per‑tx contract logic. Your signature checks must handle both ECDSA and ERC‑1271.
  • If you use 4337, upgrade bundlers/paymasters to EntryPoint v0.8 to support 7702 authorizations in UserOperations. Validate with the ERC‑4337 bundler compatibility suite; if you rely on a vendor, verify their v0.8 status and shared mempool behavior. (medium.com)

Testing and red‑team drills you should actually run

  • Replay tests: same signed intent across chains/contracts must fail due to EIP‑712 domain separation. (eip.info)
  • RFQ fairness: inject adversarial cosignerData and ensure your filler rejects any price that violates “best executable within signed range.” (docs.uniswap.org)
  • Batch fairness: craft auctions where a batched bid would make an individual order worse than its best single‑order price—your solver must drop that batch. (docs.cow.fi)
  • MEV leakage: route identical fills via public vs private; your monitored price improvement and rebate metrics should diverge materially—alert if public ratio creeps up. (mevblocker.io)
  • Cross‑chain settlement: kill oracles and delay proofs; ensure funds remain safe and your solver prices the risk (or refuses). (eips.ethereum.org)

Operating principles and KPIs for decision‑makers

  • Price improvement vs EBBO (or AMM baseline), P50/P95. (docs.cow.fi)
  • Private‑relay inclusion rate, target >95% for sensitive routes. (docs.flashbots.net)
  • RFQ win rate and fill ratio during exclusivity windows (mainnet). (docs.uniswap.org)
  • Slashing/penalty incidents (should be zero). (docs.cow.fi)
  • Cross‑chain settlement MTTR and failure rate per settler version; abandon settlers that regress. (eips.ethereum.org)
  • User rebates returned (if using MEV‑Blocker/MEV‑Share) and realized surplus per order—these numbers sell your product. (mevblocker.io)

Emerging best practices worth adopting in 2026 roadmaps

  • Sealed‑bid or TEE‑based bidding (SUAVE/BuilderNet) for solver auctions to reduce information leakage and collusion. (flashbots.net)
  • Standardize on ERC‑7683 for cross‑chain orders across your products; build internal subtype registries to decode arbitrary orderData safely. (eips.ethereum.org)
  • Treat 7702 as the “bridge” to AA: keep EOAs, add programmability per‑transaction; run EntryPoint v0.8 and plan migration paths from 0.6/0.7. (theblock.co)
  • Make “privacy budgets” first‑class: on MEV‑Share, adopt programmable hints (consider DP aggregates as the research matures) to maximize user outcomes without leaking strategy. (docs.flashbots.net)

Quick checklist: ship a solver without new attack surfaces

  • Intake: EIP‑712 + ERC‑1271 verification; enforce nonces and deadlines; auth your feeds. (eip.info)
  • Policy: EBBO floor; deny risky tokens/venues; slashing‑aware constraints for batch auctions. (docs.cow.fi)
  • Search: hybrid optimizer with a deterministic baseline and 0.5–1.0s anytime cap; include gas/risk in the objective. (arxiv.org)
  • Execution: private relays or MEV‑Share; no public mempool by default; prove pre/post‑hook correctness. (docs.flashbots.net)
  • Cross‑chain: ERC‑7683 resolve(); settler allowlists; simulate fills on forked destination state. (eips.ethereum.org)
  • AA: support 7702/4337, EntryPoint v0.8 where possible; test bundler compatibility. (medium.com)
  • Telemetry: price improvement, private inclusion, RFQ success, settlement reliability, rebates returned.

Closing thought

Intents won’t fix execution quality by magic—solvers will. If you adopt the mechanisms the ecosystem standardized in 2024–2025 (fair combinatorial batch auctions, Dutch‑auction fillers with cosigners, ERC‑7683 resolve()/settlers, Pectra’s 7702, and private orderflow), you can deliver faster fills, better prices, and fewer incidents—without creating new places for attackers to hide. The teams that operationalize these patterns now will own the best‑execution narrative in 2026. (docs.cow.fi)

Like what you're reading? Let's build together.

Get a free 30‑minute consultation with our engineering team.

Talk to usView services

Related Posts

7BlockLabs

Full-stack blockchain product studio: DeFi, dApps, audits, integrations.

7Block Labs is a trading name of JAYANTH TECHNOLOGIES LIMITED.

Registered in England and Wales (Company No. 16589283).

Registered Office address: Office 13536, 182-184 High Street North, East Ham, London, E6 2JA.

© 2025 7BlockLabs. All rights reserved.