cowprotocol · fedgiac · Oct 23, 2025 · Oct 21, 2025 · Oct 21, 2025 · Oct 21, 2025
@@ -7,8 +7,8 @@
     "solhint-plugin-prettier": "^0.0.5"
   },
   "scripts": {
-    "fmt": "prettier 'src/**/*.sol' -w && prettier 'test/**/*.sol' -w",
-    "lint": "solhint 'src/**/*.sol' 'test/**/*.sol'"
+    "fmt": "prettier 'src/**/*.sol' -w && prettier 'test/**/*.sol' -w && prettier 'script/**/*.sol' -w",
+    "lint": "solhint 'src/**/*.sol' 'test/**/*.sol' 'script/**/*.sol'"
   },
   "version": "1.3.0"
 }
@@ -55,20 +55,37 @@ forge build -o artifacts
 The ETH flow contract has a dedicated deployment script. To simulate a deployment, run:
 
 ```sh
-forge script script/Deploy.sol --rpc-url "$RPC_URL" -vvvv --private-key "$PK"
+forge script script/Deploy.sol --rpc-url "$RPC_URL" -vvvv "$ETHFLOW_OBFUSCATED_PK"
 ```
 
 You can find a list of supported RPC URLs in `foundry.toml` under `[rpc_endpoints]`.
 
-To broadcast the deployment onchain, append `--broadcast` to the command above.
+`ETHFLOW_OBFUSCATED_PK` is an obfuscated version of the private key used in the deployment, _not_ a raw private key.
+The purpose of obfuscating the key is making sure the same key isn't used by accident to deploy other contracts, thereby consuming the nonce of the deployer used for deterministic addresses.
+It's not a security mechanism: the key is trivially recovered from the obfuscated version.
 
 You can verify a contract you deployed with the deployment script on the block explorer of the current chain with:
 
 ```sh
 export ETHERSCAN_API_KEY=<your Etherscan API key> # Only needed for etherscan-based explorers
-forge script script/Deploy.sol --rpc-url "$RPC_URL" -vvvv --private-key "$PK" --verify
+forge script script/Deploy.sol --rpc-url "$RPC_URL" -vvvv --verify "$ETHFLOW_OBFUSCATED_PK"
 ```
 
+To broadcast the deployment onchain and verify it at the same time, append `--broadcast` to the command above.
+
+#### Obfuscate/deobfuscate a private key
+
+For standard deployments on a new chain, there's no need to do this because the standard deployer is already provided with an obfuscated key.
+
+If you need to generate a new obfuscated key from an actual secret key, you can run the following command:
+
+```sh
+PK=<your private key here>
+forge script script/ObfuscateKey.sol "$PK"
+```
+
+To recover the actual key from an obfuscated key, you can run the exact same command: obfuscating twice returns the original key.
+
 ### Code formatting
 
 ```sh

@@ -1,21 +1,36 @@
 // SPDX-License-Identifier: UNLICENSED
 pragma solidity ^0.8.13;
 
-import "forge-std/Script.sol";
-import "./ValidatedAddress.sol";
-import "../src/CoWSwapEthFlow.sol";
+import {Script, console} from "forge-std/Script.sol";
+import {Vm} from "forge-std/Vm.sol";
+
+import {CoWSwapEthFlow, ICoWSwapSettlement, IWrappedNativeToken} from "src/CoWSwapEthFlow.sol";
+
+import {ValidatedAddress} from "./ValidatedAddress.sol";
+import {Obfuscator} from "./ObfuscateKey.sol";
 
 /// @title Deployer Script for the ETH Flow Contract
 /// @author CoW Swap Developers.
 contract Deploy is Script {
-    function run() external {
-        vm.startBroadcast();
-
-        new CoWSwapEthFlow(
-            ICoWSwapSettlement(ValidatedAddress.cowSwapSettlement()),
-            IWrappedNativeToken(ValidatedAddress.wrappedNativeToken())
+    /// @param obfuscatedPk An obfuscated version of the private key used for
+    /// deploying the contract.
+    function run(bytes32 obfuscatedPk) external {
+        ICoWSwapSettlement settlement = ICoWSwapSettlement(
+            ValidatedAddress.cowSwapSettlement()
         );
+        IWrappedNativeToken wrappedNativeToken = IWrappedNativeToken(
+            ValidatedAddress.wrappedNativeToken()
+        );
+
+        uint256 pk = uint256(Obfuscator.deobfuscate(obfuscatedPk));
+        Vm.Wallet memory wallet = vm.createWallet(pk);
+        console.log("Deployer address:    ", wallet.addr);
 
-        vm.stopBroadcast();
+        vm.broadcast(wallet.privateKey);
+        CoWSwapEthFlow ethFlow = new CoWSwapEthFlow(
+            settlement,
+            wrappedNativeToken
+        );
+        console.log("Contract deployed at:", address(ethFlow));
     }
 }
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.13;
+
+import {Script, console} from "forge-std/Script.sol";
+
+library Obfuscator {
+    bytes32 internal constant SHIFT =
+        0x31337def1beef31337def1beef31337def1beef31337def1beef1173def1beef;
+
+    function obfuscate(bytes32 input) internal pure returns (bytes32) {
+        return SHIFT ^ input;
+    }
+
+    function deobfuscate(bytes32 input) internal pure returns (bytes32) {
+        // This function is the inverse of itself.
+        return obfuscate(input);
+    }
+}
+
+/// @title Helper script to obfuscate a key for use in the deployment process.
+/// @dev This obfuscation isn't intended to be secure, it's just here to avoid
+/// reusing the private keys in other contexts by accident.
+/// @author CoW Swap Developers.
+contract ObfuscateKey is Script {
+    function run(bytes32 key) external pure {
+        console.log("Obfuscation parameter:", vm.toString(Obfuscator.SHIFT));
+        console.log(
+            "Obfuscated key:       ",
+            vm.toString(Obfuscator.obfuscate(key))
+        );
+    }
+}
+1 −0		.gitattributes
+1 −0		.github/CODEOWNERS
+6 −0		.github/dependabot.yml
+142 −0		.github/workflows/ci.yml
+36 −0		.github/workflows/sync.yml
+0 −26		.github/workflows/tests.yml
+1 −1		.gitignore
+0 −3		.gitmodules
+193 −0		CONTRIBUTING.md
+1 −1		LICENSE-APACHE
+1 −1		LICENSE-MIT
+28 −8		README.md
+12 −0		RELEASE_CHECKLIST.md
+27 −0		foundry.toml
+0 −1		lib/ds-test
+16 −0		package.json
+646 −0		scripts/vm.py
+48 −0		src/Base.sol
+60 −0		src/Config.sol
+477 −0		src/LibVariable.sol
+24 −10		src/Script.sol
+764 −0		src/StdAssertions.sol
+287 −0		src/StdChains.sol
+829 −0		src/StdCheats.sol
+612 −0		src/StdConfig.sol
+30 −0		src/StdConstants.sol
+15 −0		src/StdError.sol
+122 −0		src/StdInvariant.sol
+283 −0		src/StdJson.sol
+43 −0		src/StdMath.sol
+473 −0		src/StdStorage.sol
+333 −0		src/StdStyle.sol
+283 −0		src/StdToml.sol
+208 −0		src/StdUtils.sol
+33 −732		src/Test.sol
+2,487 −118		src/Vm.sol
+635 −608		src/console.sol
+1 −1,535		src/console2.sol
+105 −0		src/interfaces/IERC1155.sol
+12 −0		src/interfaces/IERC165.sol
+43 −0		src/interfaces/IERC20.sol
+190 −0		src/interfaces/IERC4626.sol
+72 −0		src/interfaces/IERC6909.sol
+164 −0		src/interfaces/IERC721.sol
+150 −0		src/interfaces/IERC7540.sol
+241 −0		src/interfaces/IERC7575.sol
+73 −0		src/interfaces/IMulticall3.sol
+13,937 −0		src/safeconsole.sol
+0 −599		src/test/StdAssertions.t.sol
+0 −193		src/test/StdCheats.t.sol
+0 −200		src/test/StdMath.t.sol
+0 −321		src/test/StdStorage.t.sol
+44 −0		test/CommonBase.t.sol
+352 −0		test/Config.t.sol
+434 −0		test/LibVariable.t.sol
+141 −0		test/StdAssertions.t.sol
+227 −0		test/StdChains.t.sol
+639 −0		test/StdCheats.t.sol
+38 −0		test/StdConstants.t.sol
+15 −19		test/StdError.t.sol
+49 −0		test/StdJson.t.sol
+202 −0		test/StdMath.t.sol
+488 −0		test/StdStorage.t.sol
+110 −0		test/StdStyle.t.sol
+49 −0		test/StdToml.t.sol
+342 −0		test/StdUtils.t.sol
+18 −0		test/Vm.t.sol
+10 −0		test/compilation/CompilationScript.sol
+10 −0		test/compilation/CompilationScriptBase.sol
+10 −0		test/compilation/CompilationTest.sol
+10 −0		test/compilation/CompilationTestBase.sol
+187 −0		test/fixtures/broadcast.log.json
+81 −0		test/fixtures/config.toml
+8 −0		test/fixtures/test.json
+6 −0		test/fixtures/test.toml