During my recent security research into the CoW Protocol (Gnosis Protocol v2), I focused on how the protocol handles fractional settlements. While the protocol is architecturally sound, a classic smart contract pitfall—precision loss—can lead to cumulative fee leakage. In this post, I’ll show how a malicious solver can exploit integer division in GPv2Settlement to execute trades with zero protocol fees. The Vulnerability: Death by a Thousand Cuts The core of the issue lies in how fees are calculated for partiallyFillable orders. In GPv2Order.sol, users can sign orders that allow solvers to fill them in multiple steps. When a solver executes a partial fill, the protocol calculates the proportional fee using the following formula: executedFeeAmount= sellAmount feeAmount⋅executedAmount ​ Since Solidity doesn't support floating-point numbers, it uses integer division, which always rounds down. The Attack Vector A malicious solver can split a large order into thousands of "dust" transactions.…