0xProject · gabririgo · Oct 15, 2025 · Oct 15, 2025 · Oct 21, 2025 · Oct 21, 2025
diff --git a/chain_config.json b/chain_config.json
@@ -19,7 +19,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -50,7 +51,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -81,7 +83,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -112,7 +115,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -143,7 +147,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -174,7 +179,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -205,7 +211,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -236,7 +243,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -267,7 +275,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -297,7 +306,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0xBE71A746C7AE0f9D18E6DB4f71d09732B0Ee5b9c"
+      "pause": "0xBE71A746C7AE0f9D18E6DB4f71d09732B0Ee5b9c",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -328,7 +338,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -359,7 +370,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -390,7 +402,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "allowanceHolder": "0x0000000000001fF3684f28c67538d4D072C22734",
@@ -421,7 +434,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -451,7 +465,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -482,7 +497,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -513,7 +529,8 @@
     "governance": {
       "upgradeSafe": "0xC6eE74143546ab222bFB6FDDB5726D0502B39184",
       "deploymentSafe": "0x059bD6D6DDE3769A7467fE21cC5a2C4c30D3dbfb",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "allowanceHolder": "0x0000000000001fF3684f28c67538d4D072C22734",
@@ -543,7 +560,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -573,7 +591,8 @@
     "governance": {
       "upgradeSafe": "0xC6eE74143546ab222bFB6FDDB5726D0502B39184",
       "deploymentSafe": "0x059bD6D6DDE3769A7467fE21cC5a2C4c30D3dbfb",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": null
     },
     "deployment": {
       "deployer": "0x00000000000004533Fe15556B1E086BB1A72cEae",
@@ -604,7 +623,8 @@
     "governance": {
       "upgradeSafe": "0xC6eE74143546ab222bFB6FDDB5726D0502B39184",
       "deploymentSafe": "0x059bD6D6DDE3769A7467fE21cC5a2C4c30D3dbfb",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "allowanceHolder": "0x0000000000001fF3684f28c67538d4D072C22734",
@@ -635,7 +655,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "allowanceHolder": "0x0000000000001fF3684f28c67538d4D072C22734",
@@ -665,7 +686,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "allowanceHolder": "0x0000000000001fF3684f28c67538d4D072C22734",
@@ -696,7 +718,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "allowanceHolder": "0x0000000000001fF3684f28c67538d4D072C22734",
@@ -727,7 +750,8 @@
     "governance": {
       "upgradeSafe": "0xf36b9f50E59870A24F42F9Ba43b2aD0A4b8f2F51",
       "deploymentSafe": "0x8E5DE7118a596E99B0563D3022039c11927f4827",
-      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30"
+      "pause": "0x1CeC01DC0fFEE5eB5aF47DbEc1809F2A7c601C30",
+      "daoSafe": "0x23030a6124E871F4744Cb9bc14D519b1f033FFe3"
     },
     "deployment": {
       "forwardingMultiCall": "0x00000000000000CF9E3c5A26621af382fA17f24f",

@@ -0,0 +1,105 @@
+# 0x Cross-chain Intent Settler
+
+[0x](https://0x.org/)'s settlement contracts for cross-chain intents
+utilising [Permit2](https://github.com/Uniswap/permit2) to perform swaps
+without any passive allowance. Full source code and audits are found at
+[0xProject/0x-settler](https://github.com/0xProject/0x-settler).
+
+## Bug Bounty
+
+If you've found a bug, you may be eligible for a bounty under the 0x [bug bounty
+program](https://0x.org/docs/developer-resources/bounties). Please see that link
+for eligibility requirements as well as the advertised payout tiers. If you have
+any findings, send an email to [mailto:[email protected]]([email protected]) with
+the subject line "BUG BOUNTY". Please describe the bug that you've found **in
+detail** and ideally provide a proof-of-concept exploit.
+
+## Architecture
+
+### Allowances
+
+`CrossChainIntentSettler` does not hold allowances, nor does it hold token
+balances between swaps. This provides an enhanced security posture.
+`CrossChainIntentSettler` relies on the aforementioned `Permit2` contract to
+hold allowances.
+
+`CrossChainIntentSettler` allows arbitrary calls to other contracts.
+Therefore it is of the utmost importance that _**settler does not hold token
+balances or allowances**_.
+
+### `ISignatureTransfer` vs `IAllowanceTransfer`
+
+In order to remove the risk that passive allowances could be exploited, 0x
+Settler **does not** support the typical `Permit2` pattern of time-bound,
+value-bound allowances set via an ECDSA or
+[ERC1271](https://eips.ethereum.org/EIPS/eip-1271) signature. This is the
+`IAllowanceTransfer` half of `Permit2`. Instead, 0x Settler only supports the
+`ISignatureTransfer` interface, which requires a single-use signature (called a
+coupon) be submitted with every transaction.
+
+This provides enhanced security at the cost of some gas and inconvenience.
+
+### Actions
+
+0x Cross Chain Intent Settler settles swaps by performing a sequence of actions
+encoded in calldata. Actions are ABIEncoded with a selector. See
+`ICrossChainIntentSettlerActions` for the available options. Typically, actions
+are parametrized by the `recipient` where tokens are sent after the trade and
+the `bps` specifying a proportion of the `Settler` contract's token balance to
+be liquidated in the action.
+
+## Action encoding
+
+The action encoding is not stable. Do not rely on the action encoding being
+preserved between 0x Settler instances. See [0x's developer
+documentation](https://0x.org/docs/developer-resources/settler) for a detailed
+explanation.
+
+Typically, actions are only added to `ICrossChainIntentSettlerActions` for 2
+reasons: 1) to gas-optimize a high-volume settlement path; 2) to provide
+compatibility with a liquidity source that does not support typical
+`ERC20.approve`...`ERC20.transferFrom` flows.
+
+## Cross-chain Intents
+
+This instance of `Settler` supports swaps where the received token may be
+located on a different network than the sent token. Furthermore, the execution
+path is not dictated in the encoded calldata, and is instead decided by the
+solver. A solver may decide to use other instances of `Settler`, or any other
+way. It also supports swaps where the tokens are located on the same network.
+This instance of `Settler` supports swaps where the submitting address is not
+the taker. This means that we must provide an alternative mechanism for
+authorizing a swap that ensures the signed-over swap is not
+malleable. Settlement of intents is facilitated by the `executeMetaTxn` entry
+point and uses the "witness" functionality of `Permit2` to ensure that the
+taker's signature is over the tokens being sent and the tokens being
+received. In contrast to the "metatransaction" flow, the taker *ONLY* signs the
+tokens to be sent and the tokens to be received. In a way, settling an intent is
+analogous to a short-lived limit order. Settlement of cross-chain intents is
+permissioned, as it requires the action of a new actor, i.e. permissioned
+`relayers`. These relayers have the task of verifying the intent is executable,
+and monitoring onchain (i.e. by monitoring of `CrossChainIntentSettler` events)
+or offchain (i.e. signed intents via API) user-generated intents, and prompting
+an auction to notify the solvers, and are compensated by a relayer-pre-set
+`amount` or `bpsAmount`. The `Settler` instance will initially retain 0% of this
+fee, but may activate a 30% fee share. Integrating frontends may act as a
+`relayer`. Furthermore, they also have the task of moving the source token to the
+destination chain, and are encouraged to use the `BridgeSettler` instance.
+The list of active `relayers` is updated by the 0x DAO, and is adjusted based
+on, in order of importance, 1. delegated ZRX/WZRX stake and 2. speed in relaying
+orders. Intents shall go through an auction for the winning solver to be able
+to fill the order. An intent may specify a selected `solver`, thus giving
+priority to a particular solver to execute the swap (i.e. a prearranged agreement
+between the user and the solver).
+Once an intent is filled on the destination chain, source tokens are sent to the
+`relayers` by submitting a ZK proof. Proofs are submitted in batches, but a
+relayer may decide to self-generate and submit it to unlock the tokens faster.
+The restriction of participants to relayers and the winning solver avoids leakage
+of surplus value to MEV. Obviously, the settlement of the order for *at least*
+the specified amount to be received is guaranteed by the contracts. Cross-chain
+intent settlement is permissioned so that in the case that it is possible, the
+taker receives more than the minimum specified in the signature, up to the value
+that the market supports. `Permit2` allows the combination of the authorization
+of the token transfer as well as confirming the user's intention to receive the
+specified amount of the other token. This results in the taker signing a single
+[EIP712](https://eips.ethereum.org/EIPS/eip-712) struct.