research(contracts): solver bond reduction

[mfw78]

Problem

Currently if wishing to run a solver (i.e. standalone driver + solving engine) requires $500K equivalent of a stable asset (e.g. USDC, DAI, sDAI) + 1.5M COW. This is a significant barrier of entry, and has necessitated "bonding pools" whereby a pool of capital is used to vouch for solving engines. There are only 2 of these pools, none of which are run by external / unknown teams.

The value of the bond must be equal to, or exceed the maximum sum of:

1. The anticipated maximum protocol buffer fees accumulated before collection (i.e. tokens held by the settlement contract).
2. The anticipated maximum damage that may be done by not respecting auction rules such as uniform clearing prices / EBBO (i.e. a user's limit price vs the current market price).
3. Any fees owed to CoW Protocol.

To be more inclusive, and promote better competition, the desire is to reduce the bonding requirement as much as possible without jeopardising the security of the protocol.

Acceptance criteria

• Eliminate protocol buffer fees (incidentally along with slippage accounting).
• Reduce maximum damage, or shift damage accountability to another actor (e.g. autopilot).

Details

Possible Solutions

1. Bonding pools / solver engines have their own protocol buffers, using a "trade handler" methodology.
2. Auto-pilot signing of the winning bid, used to assert that the winning bid adheres to the rules of the auction.
3. Introduce an "insurance" value in the order data which consumes a part of the solver's bond up until a challenge window expires.

Research track

• Protocol security
• Decentralisation

[MartinquaXD]

The anticipated maximum damage that may be done by not respecting auction rules such as uniform clearing prices / EBBO (i.e. a user's limit price vs the current market price).

Isn't this technically unlimited? I think a bunch of issues come from the fact that we currently require all your bond to sit idly ready to be slashed at any time which means very competitive solvers must have loads of cash unused. Is there something like an on-chain insurance fund where individual solvers regularly pay a small fee which gives them access to a lot of money in case of a damages claim? Probably requires trust in some way but this sounds like an issue more people than us already faced. 🤷‍♂️

[mfw78]

Isn't this technically unlimited?

Yes, but the risk of EBBO compliance can also be moved (such as the autopilot needs to sign-off). It's true then that the insurance requirements are just moved to the autopilot, however down the track with decentralising the autopilot, if there were some signature aggregation scheme, the stakes from all autopilots who signed the non-compliant EBBO settlement can be slashed, increasing capital efficiency by spreading the risk.

[fleupold]

I really like the idea of users indicating in their order how much bond they expect from solvers (ie hinting on the maximum surplus they think could stolen by an out of protocol settlement). One worry with this is that a user could specify a very large amount, effectively limiting the competition to only a few solvers (with whom they might be conspiring with).

[MartinquaXD]

One worry with this is that a user could specify a very large amount, effectively limiting the competition to only a few solvers (with whom they might be conspiring with).

I don't really understand the concern here. Are you worried about solvers farming settlement rewards? They would still have to provide the surplus necessary to win the competition (assuming there are other non-malicious orders open). Also I would say if this is economically viable then the rewards are way too high per settlement. And lastly with the plan of reducing autopilot side order filtering more and more there are likely plenty of other ways "users" could enforce a specific solver settling their order (e.g. create a smart order that asserts a specific tx.origin).

Or is there a completely different threat I'm not seeing here?