feat: add solver 7702 delegate

[igorroncevic]

Description

This PR adds the new Solver7702Delegate flow for EIP-7702 parallel settlement submission.

• The old forwarder flow required a separately deployed contract address in solver config and separate caller approval handling.
• The new delegate makes setup more self-contained:
  • the driver deploys the delegate deterministically from the configured submission accounts,
  • delegates the solver EOA to it
  • and then routes delegated settlement transactions through the solver EOA.

Solver7702Delegate is also much more efficient and secure that its predecessor, due to a minimal attack surface. The contract itself is vendored from https://github.com/cowprotocol/solver-7702-delegate

Changes

• Add the vendored Solver7702Delegate artifact and generated Rust bindings.
• Wire Solver7702Delegate into contract generation and the contracts facade.
• Update EIP-7702 startup setup to:
  • validate that submission accounts are signers,
  • build delegate init code with approved callers,
  • deploy the delegate with CREATE2 when missing,
  • delegate the solver EOA to the deployed delegate,
  • verify the final EIP-7702 delegation target.
• Replace the old forward(target, data) calldata wrapping with the new delegate calldata format targetAddress || targetCalldata.
• Add focused tests for delegate address derivation, caller limits, config validation, delegation detection, and delegated transaction rewriting.

How to test

1. just generate-contracts
2. just fmt --check
3. just clippy
4. just test-unit
5. just test-e2e parallel_settlement

[gemini-code-assist]

Code Review

This pull request replaces the CowSettlementForwarder contract with Solver7702Delegate to support EIP-7702 parallel settlement submissions. Key changes include the addition of the Solver7702Delegate artifact and its generated Rust bindings, a refactor of the driver's EIP-7702 setup to use deterministic CREATE2 deployment, and updates to the submission logic to handle the new delegate's fallback mechanism. The PR also adds unit tests for these components and reorganizes existing test files. I have no feedback to provide.

[kaze-cow]

wow the changes seem very straightforward, nice work! I haven't finished running the actual code locally so give me some time but if the paralell submission test is already working thats a great sign 👍

[AryanGodara]

looks good mostly, just 2 comments. 1 med, 1 small.
Also replid to the "lets get opinion of backend team" threads 😅

[jmg-duarte]

this is quite big which makes it harder to review, overall it looks ok to me but it's a bit hard to visualize the impact of the change in my head

[jmg-duarte]

x == 1 & "at least one" are not the same

which one is the correct one?

[kaze-cow]

Its definitely worded wierdly but I think its referring to two different vars. if the var max-solutions-to-propose > 1, then submission-account.length > 0

[igorroncevic]

Good point. The check is about two different fields, but the message was confusing. I changed it to say that max-solutions-to-propose > 1 requires non-empty submission-accounts.

[jmg-duarte]

same thing but there's no ! almost hiding

Suggested change

	.all(|account| !matches!(account, Account::Address(_))),
	.any(|account| matches!(account, Account::Address(_))),

[jmg-duarte]

just in case: leave a note explaining NOT to use this as a production key

[kaze-cow]

its anvil well-known mnemonic signer #1 btw

[jmg-duarte]

you can use the value from the driver

[jmg-duarte]

use MAX_ALLOWED_CALLERS (or what was the name of the var)

[jmg-duarte]

the error descriptions disappeared

[jmg-duarte]

thought that this had been removed already

[igorroncevic]

This check is now moved out of EIP-7702 setup and into config validation, where it belongs.

[jmg-duarte]

23 is a magic number

[jmg-duarte]

docs for the variants

[jmg-duarte]

take it or leave it: maybe?

Suggested change

	fn delegation_status(code: &[u8]) -> DelegationStatus {
	impl DelegationStatus {
	fn from_code(code: &[u8]) -> Self {
	...
	}
	}

[igorroncevic]

Take it!

[squadgazzz]

Worth rejecting duplicates and Address::ZERO here. Both change (or alias with the padding for) the CREATE2 target with no signal to the operator. A typo in the TOML would silently produce a working-but-wrong delegate.

anyhow::ensure!(
    callers.iter().all(|a| *a != Address::ZERO),
    "submission accounts cannot include the zero address"
);
let mut seen = std::collections::HashSet::with_capacity(callers.len());
anyhow::ensure!(
    callers.iter().all(|a| seen.insert(*a)),
    "submission accounts must be unique"
);

Also worth a comment noting that reordering submission accounts in the TOML changes the delegate address. The test asserts it, but operators won't read the test.

[igorroncevic]

Agreed, added these checks

[squadgazzz]

The vendor URL is at commit acde4b0c..., but the committed JSON's sourceCommit is 4273853b.... Re-running the vendor command would pull a different artifact and overwrite the checked-in one. Please pin them to the same commit (the post-audit TODO can update both at once).

[igorroncevic]

Thanks, I did not realize out folder needed to be exposed for this to work, so now that it's exposed I've pinned the commit to the latest one.

[squadgazzz]

This recovery path pays gas from the solver EOA. If the operator only funds submission accounts (reasonable setup), startup fails with a confusing OOF error. No auth is needed in DeployOnly mode, so a submission account could send the CREATE2 deploy instead. Non-blocking.

[igorroncevic]

Good point. In DeployOnly mode the deploy tx can be sent from a submission account, so I changed it to use the first submission account when available.

[squadgazzz]

The submission-accounts-must-be-signers check lives in Config::validate, but the main-account-must-be-signer check is over in eip7702::setup. Both are the same kind of EIP-7702 precondition. Moving the main-account check into validate would catch misconfig at construction. Minor.

[igorroncevic]

Agreed. I moved the main-account-must-be-signer check into Config::validate, next to the submission account signer validation.

[kaze-cow]

my feedback was addressed or superseded by other feedbacks. in other news, I was able to test with the playground and verify the wholistic change is working as expected, so looks good to me 👍

[igorroncevic]

Thinking that just generate-contracts might not be handling Foundry artifacts properly.

It says that deployedBytecode isn't present, but it's clearly available in the out/Solver7702Delegate.sol/Solver7702Delegate.json but under deployedBytecode.object.

[squadgazzz]

LGTM