Simulate EIP-1271 orders at creation

crates/configs/src/orderbook/mod.rs

@@ -20,6 +20,7 @@ use {
     std::{
         net::{Ipv4Addr, SocketAddr, SocketAddrV4},
         path::Path,
+        time::Duration,
     },
 };
 
@@ -59,6 +60,31 @@ pub struct OrderSimulationConfig {
     /// URL.
     #[serde(default)]
     pub tenderly: Option<crate::simulator::TenderlyConfig>,
+
+    /// Mode for the EIP-1271 order simulation.
+    #[serde(default)]
+    pub eip1271_simulation_mode: Eip1271SimulationMode,
+
+    /// Per-call timeout for the EIP-1271 order simulation.
+    #[serde(
+        default = "default_eip1271_simulation_timeout",
+        with = "humantime_serde"
+    )]
+    pub eip1271_simulation_timeout: Duration,
+}
+
+/// Mode for the EIP-1271 order simulation at order creation.
+#[derive(Copy, Clone, Debug, Default, Deserialize, Serialize, Eq, PartialEq)]
+#[serde(rename_all = "kebab-case")]
+pub enum Eip1271SimulationMode {
+    Shadow,
+    Enforce,
+    #[default]
+    Disabled,
+}
+
+fn default_eip1271_simulation_timeout() -> Duration {
+    Duration::from_secs(2)
 }
 
 /// Top-level orderbook service configuration.
@@ -228,6 +254,8 @@ pub mod test_util {
                 order_simulation: Some(OrderSimulationConfig {
                     gas_limit: U256::try_from(16777215).expect("u64 can be converted to U256"),
                     tenderly: None,
+                    eip1271_simulation_mode: Default::default(),
+                    eip1271_simulation_timeout: std::time::Duration::from_secs(2),
                 }),
                 hide_competition_before_deadline: false,
             }
@@ -438,4 +466,44 @@ mod tests {
         );
         assert_eq!(config.http_client.timeout, deserialized.http_client.timeout)
     }
+
+    #[test]
+    fn parses_simulation_mode_default() {
+        let toml = r#"gas-limit = "0x1000000""#;
+        let cfg: OrderSimulationConfig = toml::from_str(toml).unwrap();
+        assert_eq!(cfg.eip1271_simulation_mode, Eip1271SimulationMode::Disabled);
+        assert_eq!(cfg.eip1271_simulation_timeout, Duration::from_secs(2));
+    }
+
+    #[test]
+    fn parses_simulation_mode_enforce() {
+        let toml = r#"
+            gas-limit = "0x1000000"
+            eip1271-simulation-mode = "enforce"
+            eip1271-simulation-timeout = "5s"
+        "#;
+        let cfg: OrderSimulationConfig = toml::from_str(toml).unwrap();
+        assert_eq!(cfg.eip1271_simulation_mode, Eip1271SimulationMode::Enforce);
+        assert_eq!(cfg.eip1271_simulation_timeout, Duration::from_secs(5));
+    }
+
+    #[test]
+    fn parses_simulation_mode_shadow() {
+        let toml = r#"
+            gas-limit = "0x1000000"
+            eip1271-simulation-mode = "shadow"
+        "#;
+        let cfg: OrderSimulationConfig = toml::from_str(toml).unwrap();
+        assert_eq!(cfg.eip1271_simulation_mode, Eip1271SimulationMode::Shadow);
+    }
+
+    #[test]
+    fn parses_simulation_mode_disabled() {
+        let toml = r#"
+            gas-limit = "0x1000000"
+            eip1271-simulation-mode = "disabled"
+        "#;
+        let cfg: OrderSimulationConfig = toml::from_str(toml).unwrap();
+        assert_eq!(cfg.eip1271_simulation_mode, Eip1271SimulationMode::Disabled);
+    }
 }

crates/cow-amm/src/amm.rs

@@ -67,13 +67,13 @@ impl Amm {
         // To avoid issues caused by that we check the validity of the signature.
         let hash = hashed_eip712_message(domain_separator, &template.order.hash_struct());
         validator
-            .validate_signature_and_get_additional_gas(SignatureCheck {
-                signer: self.address,
-                hash: hash.0,
-                signature: template.signature.to_bytes(),
-                interactions: template.pre_interactions.clone(),
-                balance_override: None,
-            })
+            .validate_signature_and_get_additional_gas(SignatureCheck::new(
+                self.address,
+                hash.0,
+                template.signature.to_bytes(),
+                template.pre_interactions.clone(),
+                None,
+            ))
             .await
             .context("invalid signature")?;
 

crates/e2e/tests/e2e/eip1271_creation_simulation.rs

@@ -0,0 +1,194 @@
+//! Local-node tests for the EIP-1271 creation-time simulation.
+//!
+//! - Negative: a Safe-signed order whose `app_data.protocol.wrappers` points at
+//!   a custom always-revert wrapper. With the orderbook in
+//!   `Eip1271SimulationMode::Enforce`, the simulation drives `settle()` through
+//!   the wrapper, the wrapper reverts, and the API rejects with HTTP 400
+//!   `Eip1271SimulationFailed`. A wrapper is used rather than a buggy pre-hook
+//!   because `HooksTrampoline.execute` deliberately swallows hook reverts, so a
+//!   buggy hook would not surface as a simulation failure.
+//! - Positive: a Safe-signed order with empty app_data is accepted, proving the
+//!   adapter wiring lets healthy orders through.
+
+use {
+    alloy::{
+        primitives::{Address, Bytes, TxKind, hex},
+        providers::Provider,
+        rpc::types::TransactionRequest,
+    },
+    configs::{orderbook::Eip1271SimulationMode, test_util::TestDefault},
+    e2e::setup::{MintableToken, OnchainComponents, Services, run_test, safe::Safe},
+    model::order::{OrderCreation, OrderCreationAppData, OrderKind},
+    number::units::EthUnit,
+    reqwest::StatusCode,
+    serde_json::json,
+    shared::web3::Web3,
+};
+
+/// Constructor + runtime that always reverts with empty data on any call.
+///
+/// Constructor copies the 5-byte runtime (`PUSH1 0; PUSH1 0; REVERT`) into
+/// memory and returns it. The deployed contract reverts unconditionally
+/// regardless of selector or calldata.
+const ALWAYS_REVERT_INIT_CODE: [u8; 17] = hex!("6005600c60003960056000f360006000fd");
+
+#[tokio::test]
+#[ignore]
+async fn local_node_eip1271_creation_simulation_rejects_when_wrapper_reverts() {
+    run_test(rejects_when_wrapper_reverts).await;
+}
+
+#[tokio::test]
+#[ignore]
+async fn local_node_eip1271_creation_simulation_accepts_valid_order() {
+    run_test(accepts_valid_order).await;
+}
+
+async fn rejects_when_wrapper_reverts(web3: Web3) {
+    let mut onchain = OnchainComponents::deploy(web3.clone()).await;
+    let [solver] = onchain.make_solvers(1u64.eth()).await;
+    let [trader] = onchain.make_accounts(1u64.eth()).await;
+
+    let safe = Safe::deploy(trader.clone(), web3.provider.clone()).await;
+
+    let [token] = onchain
+        .deploy_tokens_with_weth_uni_v2_pools(100_000u64.eth(), 100_000u64.eth())
+        .await;
+    fund_safe(&safe, &token, &onchain).await;
+
+    let services = start_services_in_enforce_mode(&onchain, solver).await;
+
+    let wrapper_addr = deploy_always_revert(&web3, trader.address()).await;
+
+    let order = sign_order(
+        &safe,
+        &onchain,
+        &token,
+        Some(WrapperRef {
+            address: wrapper_addr,
+            data: vec![],
+        }),
+    );
+
+    let (status, body) = services.create_order(&order).await.unwrap_err();
+    assert_eq!(status, StatusCode::BAD_REQUEST, "body: {body}");
+    assert!(
+        body.contains("Eip1271SimulationFailed"),
+        "expected Eip1271SimulationFailed in body, got: {body}",
+    );
+}
+
+async fn accepts_valid_order(web3: Web3) {
+    let mut onchain = OnchainComponents::deploy(web3.clone()).await;
+    let [solver] = onchain.make_solvers(1u64.eth()).await;
+    let [trader] = onchain.make_accounts(1u64.eth()).await;
+
+    let safe = Safe::deploy(trader, web3.provider.clone()).await;
+
+    let [token] = onchain
+        .deploy_tokens_with_weth_uni_v2_pools(100_000u64.eth(), 100_000u64.eth())
+        .await;
+    fund_safe(&safe, &token, &onchain).await;
+
+    let services = start_services_in_enforce_mode(&onchain, solver).await;
+
+    let order = sign_order(&safe, &onchain, &token, None);
+
+    let uid = services
+        .create_order(&order)
+        .await
+        .expect("expected order to be accepted");
+    let stored = services.get_order(&uid).await.unwrap();
+    assert_eq!(stored.metadata.uid, uid);
+}
+
+/// Deploys a contract whose runtime is `PUSH1 0; PUSH1 0; REVERT`.
+async fn deploy_always_revert(web3: &Web3, from: Address) -> Address {
+    let mut tx = TransactionRequest::default()
+        .from(from)
+        .input(Bytes::from(ALWAYS_REVERT_INIT_CODE.to_vec()).into());
+    tx.to = Some(TxKind::Create);
+    let receipt = web3
+        .provider
+        .send_transaction(tx)
+        .await
+        .unwrap()
+        .get_receipt()
+        .await
+        .unwrap();
+    receipt
+        .contract_address
+        .expect("deployment receipt should carry the contract address")
+}
+
+async fn fund_safe(safe: &Safe, token: &MintableToken, onchain: &OnchainComponents) {
+    token.mint(safe.address(), 10u64.eth()).await;
+    safe.exec_alloy_call(
+        token
+            .approve(onchain.contracts().allowance, 10u64.eth())
+            .into_transaction_request(),
+    )
+    .await;
+}
+
+async fn start_services_in_enforce_mode<'a>(
+    onchain: &'a OnchainComponents,
+    solver: e2e::setup::onchain_components::TestAccount,
+) -> Services<'a> {
+    let mut orderbook_config = configs::orderbook::Configuration::test_default();
+    orderbook_config
+        .order_simulation
+        .as_mut()
+        .expect("test_default enables order_simulation")
+        .eip1271_simulation_mode = Eip1271SimulationMode::Enforce;
+
+    let services = Services::new(onchain).await;
+    services
+        .start_protocol_with_args(
+            configs::autopilot::Configuration::test("test_solver", solver.address()),
+            orderbook_config,
+            solver,
+        )
+        .await;
+    services
+}
+
+struct WrapperRef {
+    address: Address,
+    data: Vec<u8>,
+}
+
+fn sign_order(
+    safe: &Safe,
+    onchain: &OnchainComponents,
+    sell_token: &MintableToken,
+    wrapper: Option<WrapperRef>,
+) -> OrderCreation {
+    let app_data = match wrapper {
+        Some(w) => json!({
+            "metadata": {
+                "wrappers": [{
+                    "address": format!("{:?}", w.address),
+                    "data": format!("0x{}", hex::encode(&w.data)),
+                    "isOmittable": false,
+                }],
+            },
+        }),
+        None => json!({}),
+    }
+    .to_string();
+
+    let mut order = OrderCreation {
+        kind: OrderKind::Sell,
+        sell_token: *sell_token.address(),
+        sell_amount: 5u64.eth(),
+        buy_token: *onchain.contracts().weth.address(),
+        buy_amount: 1u64.eth(),
+        valid_to: model::time::now_in_epoch_seconds() + 300,
+        from: Some(safe.address()),
+        app_data: OrderCreationAppData::Full { full: app_data },
+        ..Default::default()
+    };
+    safe.sign_order(&mut order, onchain);
+    order
+}

crates/e2e/tests/e2e/main.rs

@@ -16,6 +16,7 @@ mod cow_amm;
 mod database;
 mod debug_order;
 mod deprecated_endpoints;
+mod eip1271_creation_simulation;
 mod eip4626;
 mod eth_integration;
 mod eth_safe;

crates/e2e/tests/e2e/malformed_requests.rs

@@ -492,6 +492,11 @@ async fn http_validation(web3: Web3) {
             "kind": "sell",
             "owner": VALID_ADDRESS,
             "appData": bad_app_data,
+            "signingScheme": "presign",
+            "signature": "0x",
+            "feeAmount": "0",
+            "validTo": u32::MAX,
+            "partiallyFillable": false,
         }))
         .send()
         .await
@@ -503,15 +508,10 @@ async fn http_validation(web3: Web3) {
     );
     let body: Error = response.json().await.unwrap();
     assert!(
-        body.description.contains("app_data"),
+        body.description.contains("app data"),
         "error description should name the failing field. Got: {}",
         body.description
     );
-    assert!(
-        body.description.contains(bad_app_data),
-        "error description should include the bad value. Got: {}",
-        body.description
-    );
 }
 
 #[tokio::test]
@@ -563,6 +563,12 @@ async fn simulation_not_enabled(web3: Web3) {
             "buyAmount": "1000000000000000000",
             "kind": "sell",
             "owner": VALID_ADDRESS,
+            "appData": "{}",
+            "signingScheme": "presign",
+            "signature": "0x",
+            "feeAmount": "0",
+            "validTo": u32::MAX,
+            "partiallyFillable": false,
         }))
         .send()
         .await

crates/orderbook/src/api/post_order.rs

@@ -188,6 +188,11 @@ impl IntoResponse for ValidationErrorWrapper {
                 ),
             )
                 .into_response(),
+            ValidationError::SimulationFailed(reason) => (
+                StatusCode::BAD_REQUEST,
+                error("Eip1271SimulationFailed", reason),
+            )
+                .into_response(),
             ValidationError::InsufficientBalance => (
                 StatusCode::BAD_REQUEST,
                 error(