ClobClient.create_order() returns invalid SignedOrderRequest fields

[M4DF135H]

Description

When using ClobClient.create_order() to sign orders (EOA path), the returned SignedOrderRequest contains incorrect field values that cause API rejection with HTTP 400 errors.

Environment

• polyfill-rs version: 0.2.3
• Rust version: Latest (via Cargo)
• Network: Polygon (chain_id: 137)
• CLOB API: https://clob.polymarket.com

Problem

ClobClient.create_order() Issues:

When calling:

let signed_order = self.client.create_order(
    args,           // &OrderArgs
    Some(nonce),    // Option<u64> - nonce in milliseconds
    None,
    Some(&options)  // &OrderOptions
).await?;

The returned SignedOrderRequest contains:

• nonce: "0" (expected: "1770035966841" - the nonce_ms we passed)
• fee_rate_bps: "0" (expected: "1000" from OrderOptions)
• expiration: "1770035650105" (in milliseconds, expected: "1770036250" in seconds)

This causes Polymarket API to reject all orders with HTTP 400 "Failed to post order".

OrderBuilder.create_order() Works Better:

When using OrderBuilder (Gnosis Safe path) with same parameters:

builder.create_order(
    chain_id,
    args,
    expiration,     // in seconds
    &extras,        // ExtraOrderArgs with proper fee_rate_bps
    &options
)?;

The returned SignedOrderRequest contains correct values:

• nonce: "1770035544133" ✓
• fee_rate_bps: "1000" ✓
• expiration: "1770035470" (seconds) ✓

However, even with correct OrderBuilder output, the API still rejects with HTTP 400, suggesting a deeper authentication or API compatibility issue.

Expected Behavior

1. ClobClient.create_order() should return SignedOrderRequest with:
   - nonce field set to the provided nonce value (in milliseconds as string)
   - fee_rate_bps field set to the value from OrderOptions.fee_rate_bps
   - expiration field in seconds (not milliseconds)
2. The returned order should be accepted by Polymarket API without HTTP 400 errors

Steps to Reproduce

1. Initialize ClobClient with L1 headers
2. Create or derive API key
3. Call client.create_order(args, Some(nonce_ms), None, Some(&options))
4. Log the returned SignedOrderRequest fields
5. Compare with expected values

Workaround Applied

Currently working around by manually fixing the fields after signing:
signed_order.nonce = nonce.to_string();
signed_order.fee_rate_bps = "1000".to_string();
signed_order.expiration = (current_secs + 600).to_string();

Questions

1. Is ClobClient.create_order() the correct method for EOA signing, or should we use a different approach?
2. Does polyfill-rs 0.2.3 support Polymarket's current API format?
3. Are there any authentication headers or additional parameters required for successful order posting?

Additional Context

• All workarounds applied (correct time sync, proper nonce generation, fee_rate_bps matching)
• Both Gnosis Safe and EOA paths tested
• API credentials working (confirmed via log output)
• Order structure validated against Polymarket API spec

[floor-licker]

Its hard to say for sure but it looks like multiple things are wrong here. It looks like you've passed nonce_ms into the expiration parameter (which is expected to be seconds) and then left extras=None. So nonce and fee_rate_bps default to "0" in the signed payload. When you sign an order the signature is computed over the exact order contents as part of the EIP-712 message. You can't just arbitrarily change those fields after a signature is generated. If you change any of those fields after the signature is generated the signature no longer matches the data, so the server recomputes/validates and rejects it as an invalid signature. Let me know if this helps to resolve the 400 error.

[M4DF135H]

@floor-licker
Hi,

Thank you for the feedback! I've fixed the issues you mentioned:

1. Expiration is now in seconds (using .as_secs())
2. ExtraOrderArgs is explicitly set with fee_rate_bps: 1000 and nonce (no longer using Default::default())
3. Order fields are not modified after signing

However, I'm still getting HTTP 400 error. Here's the code and error details:

Code (create_signed_order function):

async fn create_signed_order(&self, args: &OrderArgs, nonce: u64, neg_risk: bool) -> Result<SignedOrderRequest> {
    let options = OrderOptions {
        tick_size: Some(dec!(0.01)),
        neg_risk: Some(neg_risk),
        fee_rate_bps: Some(1000),
    };

    if let Some(builder) = &self.order_builder {
        // Expiration: Current time + 10 minutes (in SECONDS)
        let expiration = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .unwrap()
            .as_secs() + 600;

        let extras = ExtraOrderArgs {
            fee_rate_bps: 1000,
            nonce: U256::from(nonce),
            taker: "0x0000000000000000000000000000000000000000".to_string(),
        };

        builder.create_order(POLYGON_CHAIN_ID, args, expiration, &extras, &options)
            .map_err(|e| anyhow::anyhow!(e))
    } else {
        let expiration = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .unwrap()
            .as_secs() + 600;

        let extras = ExtraOrderArgs {
            fee_rate_bps: 1000,
            nonce: U256::from(nonce),
            taker: "0x0000000000000000000000000000000000000000".to_string(),
        };

        self.client.create_order(args, Some(expiration), Some(extras), Some(&options)).await
            .map_err(|e| anyhow::anyhow!(e))
    }
}

Error with Order Example:

Error: Api {
    status: 400,
    message: "Failed to post order",
    error_code: None,
}

UP Request Details: SignedOrderRequest {
    salt: 1695724800,
    maker: "0x<A9b...8BC6>",      // masked
    signer: "0x<99A...E6fF>",      // masked
    taker: "0x0000000000000000000000000000000000000000",
    token_id: "104810090826586945520096517285965762525443378611315005706957860981172828920923",
    maker_amount: "2150000",
    taker_amount: "5000000",
    expiration: "1770116645",      // seconds ✓
    nonce: "1770116045788",        // milliseconds
    fee_rate_bps: "1000",         // set explicitly ✓
    side: "BUY",
    signature_type: 2,
    signature: "0x263b...",
}

I'm using:

• polyfill-rs v0.2.3
• Gnosis Safe proxy wallet (signature_type: 2)

The order is posted with OrderType::FOK via client.post_order(). Am I missing something else?

[floor-licker]

Good, looks like those fixes are properly implemented. Unforunately polyfill-rs v0.2.3 didn't include API's 400 response bodies, so we can't just see why its rejecting without manually printing. If you want to upgrade to v0.3.0 release it should return the full error if there is one. Without that info I can take some guesses, could be a signature_type mismatch, could be insufficient USDC balance, maybe using OrderType::FOK when the order can't fully fill immediately, though that would seem like an odd case to return a 400. Try a non-FOK order first like OrderType::GTC and see if that changes anything.

[M4DF135H]

@floor-licker You can close the issue. With a normal error code, it was not difficult to correct the error.