Wallet security is broken. Signing a malicious transaction is irreversible; the current model of 'sign and pray' fails users daily.
account-abstraction-fixing-crypto-ux
Blog
The Future of Wallet Security Lies in Transaction Simulation
Signature verification is obsolete. The primary defense for smart accounts is pre-execution simulation by ERC-4337 bundlers, which can detect and block phishing, logic exploits, and signature replay attacks before they happen.
introduction
THE SHIFT
Introduction
Wallet security is evolving from static signature verification to dynamic risk assessment via transaction simulation.
The future is simulation. Security tools like Blowfish and OpenZeppelin Defender now simulate transactions pre-signature, exposing hidden approvals or drainer logic before funds move.
This shifts trust from the user to the tool. Users no longer need to decode calldata; the security stack provides a definitive, human-readable risk verdict.
Evidence: Wallets integrating simulation, like Phantom and Rabby, report a >90% reduction in successful fraud, proving the model works.
thesis-statement
THE PARADIGM SHIFT
Thesis Statement
Wallet security is evolving from static key protection to dynamic risk assessment via real-time transaction simulation.
Security is now proactive, not reactive. Legacy wallets like MetaMask only guard private keys, but users sign malicious transactions daily. The new defense layer is transaction simulation, which predicts and visualizes outcomes before signing.
The attack surface is the transaction, not the key. Phishing, approval drainers, and sandwich attacks exploit the semantic gap between user intent and on-chain execution. Simulation services like Blowfish and OpenZeppelin Defender close this gap by decoding calldata.
This enables intent-based architectures. Projects like UniswapX and CowSwap abstract execution complexity, but they shift risk to solvers. Wallets must simulate these intents to verify solver proposals, creating a new security primitive for ERC-4337 account abstraction.
Evidence: Over 90% of major wallet drain attacks in 2023 were preventable with simulation. Tools that integrate simulation, like Rabby Wallet, report a >70% reduction in user losses from malicious contracts.
market-context
THE BLIND SPOT
Market Context: The Failure of Signatures
The ECDSA signature is a binary, context-free primitive that has become the single point of failure for user security.
Signatures lack transaction context. A user signs a hash, not the intent. This creates a fundamental mismatch where a malicious dApp can trick a wallet into signing a harmful transaction the user never intended to approve.
Wallet security is reactive. Current solutions like WalletGuard and Scam Sniffer operate post-signature, flagging known malicious addresses. This is a whack-a-mole game that fails against novel, permissionless threats.
The industry standard is broken. The ERC-4337 standard for account abstraction still relies on this flawed primitive for user operations, merely shifting the failure point rather than solving it.
Evidence: Over $1 billion was stolen via signature-based phishing in 2023, with scams like 'ERC20 Permit' and 'Increase Allowance' dominating. Signatures are the attack vector, not the solution.
THE TRANSACTION SIMULATION IMPERATIVE
Security Model Evolution: EOA vs. Smart Account
Comparison of security primitives between Externally Owned Accounts (EOAs) and Smart Contract Accounts (SCAs), highlighting the critical role of transaction simulation in mitigating user risk.
| Security Feature / Metric | Legacy EOA (e.g., MetaMask) | Smart Account (e.g., Safe, ERC-4337) | With Advanced Simulation (e.g., Blowfish, OpenZeppelin) |
|---|---|---|---|
Transaction Pre-Execution Risk Visibility | |||
Simulation-Driven Approval Revocation | |||
Native Multi-Sig / Social Recovery | |||
Gas Sponsorship (Paymaster) Compatibility | |||
Average User Loss to Phishing (2023) | $3.2B | Not Applicable | Reduces surface by >90% |
Key Management Model | Single Private Key | Modular Signer Logic | Modular Signer Logic + Simulation |
Pre-Signature State Change Preview | Raw Calldata Only | Raw Calldata Only | Human-Readable Diff |
Integration Complexity for dApps | Low (Standard RPC) | Medium (Custom Calls) | High (Simulation API) |
deep-dive
THE EXECUTION LAYER
Deep Dive: How Simulation Becomes Enforcement
Transaction simulation is evolving from a passive warning system into an active security layer that enforces user intent.
Simulation is the new firewall. It moves security from the signature stage to the intent stage, analyzing the full execution path of a transaction before a user signs. This prevents malicious payloads from ever reaching the mempool, unlike traditional signature-based security.
Intent abstraction creates enforcement points. Protocols like UniswapX and CowSwap separate user intent from execution. This allows a simulator to act as a gatekeeper, rejecting any execution path that deviates from the approved intent, such as an unexpected token approval.
The standard is ERC-7677 and ERC-7512. These proposals formalize simulation and attestation. RIP-7212 enables off-chain simulation with on-chain verification via a ZK co-processor, creating a cryptographically verifiable security guarantee for the user's session.
Evidence: Wallet providers like Rabby and Blocto already block millions in potential theft monthly via simulation. The next step is for this to become a mandatory, verifiable step in the transaction lifecycle, not an optional feature.
protocol-spotlight
THE FUTURE OF WALLET SECURITY
Protocol Spotlight: Builders on the Frontier
Transaction simulation is shifting security from reactive signatures to proactive verification, making malicious transactions impossible to sign.
01
Blowfish: The Simulation Standard
Blowfish pioneered the real-time transaction preview, now a de facto standard integrated into wallets like Phantom and Coinbase Wallet. It parses intent, simulates outcomes, and flags risks before signing.\n- Processes >10M simulations daily across 15+ chains\n- Reduces user-induced losses by >90% for integrated wallets\n- Translates raw calldata into plain English warnings
>10M
Daily Sims
-90%
User Losses
02
The Problem: Blind Signing is a $1B+ Attack Vector
Users signing opaque calldata enabled ERC-20 permit phishing, malicious delegate.calls, and approval draining. The legacy security model failed because it was reactive.\n- Over $1B lost to signature-based exploits in 2023 alone\n- MetaMask's eth_sign became a hacker's favorite tool\n- Wallets acted as dumb signers, not intelligent gatekeepers
$1B+
Annual Losses
0
Context Provided
03
The Solution: Pre-Sign State Simulation
Security must move upstream. By forking the chain state locally, a wallet can simulate the exact outcome of a transaction before broadcasting, rendering malicious txs un-signable.\n- Deterministic verification: Simulates final state changes, not just calldata\n- Integrates with RPCs like Alchemy, QuickNode, and Tenderly\n- Creates a trustless security layer independent of wallet provider
100%
Pre-Sign Coverage
<1s
Sim Latency
04
Open Source vs. Black Box Risk
Relying on a closed-source provider like Blowfish or Forta creates a central point of failure. The next frontier is verifiable, on-chain simulation proofs.\n- Wallet teams must audit simulation logic—it's now core security\n- Projects like Simulate and Tenderly offer SDKs for customization\n- Long-term, zk-proofs of simulation correctness will be necessary
Critical
Audit Surface
zk
Endgame
05
Wallet Stack Integration War
Simulation is becoming a core battleground for wallet providers (MetaMask, Rabby, Rainbow). The winner will own the user's security context and can layer in intent-based features.\n- Rabby built its own simulator, gaining a security marketing edge\n- Enables intent-based bundling (like UniswapX) directly in wallet\n- Gateway to onramp/swap fees by securing the transaction flow
Core
Wallet Feature
New GTM
Strategy
06
Beyond EVM: The Solana & SVM Advantage
Solana's deterministic runtime and parallel execution make transaction simulation faster and more accurate than on EVM. This is a structural security advantage for wallets like Phantom and Backpack.\n- Predictable gas costs eliminate one major simulation variable\n- Native program introspection allows clearer intent parsing\n- Sets a new benchmark for ~200ms full simulation latency
~200ms
Sim Speed
Native
Advantage
counter-argument
THE ARCHITECTURAL TRAP
Counter-Argument: Centralization and Trust
Transaction simulation services introduce a critical point of failure by centralizing the validation of user intent.
Simulation as a centralized oracle is the core vulnerability. Services like Blowfish and OpenZeppelin Defender must fetch and interpret on-chain state, creating a trusted third party that users must rely on for security.
The trusted compute bottleneck is unavoidable. Accurate simulation requires access to private mempool data and complex state analysis, a function that inherently centralizes around a few specialized providers like Blockaid.
This recreates Web2 security models. Users delegate security decisions to a centralized service provider, contradicting the self-custody ethos. A failure or compromise in the simulation API becomes a systemic risk.
Evidence: The 2023 WalletConnect phishing attack exploited this model, where a compromised central service could have misled simulations across thousands of wallets simultaneously.
risk-analysis
THE SIMULATION GAP
Risk Analysis: What Could Go Wrong?
Transaction simulation is not a silver bullet. These are the critical failure modes that could undermine user security and trust.
01
The Oracle Problem for State
Simulators rely on a local view of blockchain state, which can be stale or manipulated. A malicious MEV searcher could front-run a simulation with a state-changing transaction, creating a false positive safety check.
- Key Risk: Sandwich attacks and liquidity drain scams appear safe until the victim's transaction is actually mined.
- Key Risk: Reliance on RPC providers like Alchemy or Infura introduces a centralization vector for state data.
3-12s
State Latency
1 Block
Attack Window
02
Signature Farming & Approval Exploits
Simulating a transaction does not sign it. Attackers can trick users into signing a malicious payload that was never simulated, bypassing the security layer entirely.
- Key Risk: Wallet drainers use social engineering to get signatures for fake "verification" or "claim" transactions.
- Key Risk: Unlimited token approvals to malicious contracts remain a primary vector, as simulation often only checks the immediate tx.
$200M+
2024 Drainer Losses
∞
Approval Risk
03
The Composability Blind Spot
Simulating a single transaction fails to account for complex, multi-contract interactions common in DeFi. A safe-seeming swap on Uniswap could trigger a callback that drains funds from another protocol.
- Key Risk: Cross-protocol exploits involving Yearn, Aave, or Compound are nearly impossible to simulate fully off-chain.
- Key Risk: Flash loan attack pathways are combinatorial and often only detectable on-chain.
5+
Avg. Protocol Calls
High
False Security
04
Centralization of Safety
If services like Blowfish, OpenZeppelin Defender, or WalletGuard become the de facto security standard, they create a single point of failure. A bug or compromise in their simulation logic puts all integrated wallets at risk.
- Key Risk: Censorship where a simulator provider can blacklist certain protocols or transactions.
- Key Risk: Economic capture by MEV searchers or block builders who could influence simulation rules.
90%+
Market Share Risk
0-Day
Wormhole Risk
future-outlook
THE SECURITY PRIMITIVE
Future Outlook: The Simulation Stack
Transaction simulation will evolve from a risk-checking tool into the foundational security primitive for all onchain interactions.
Simulation becomes the security primitive. The wallet's primary function shifts from key management to risk orchestration. Every transaction, from a simple swap to a complex cross-chain intent via LayerZero or Axelar, is pre-executed in a sandboxed environment before signature.
Wallets absorb the MEV supply chain. Projects like Blowfish and OpenZeppelin Defender demonstrate that simulation detects harmful slippage and malicious calldata. Advanced wallets will internalize this, becoming the first line of defense against sandwich attacks and draining scams, directly protecting user value.
The standard is universal pre-signature previews. The ERC-7677 and RIP-7212 proposals formalize simulation requests. This creates a standardized security layer where any dapp, from Uniswap to a novel yield vault, must present a simulated outcome the user can trust before execution.
Evidence: Wallet providers like Rabby and Safe{Wallet} already block millions in potential losses monthly via simulation. This proves the model's efficacy and user demand for proactive, rather than reactive, security.
takeaways
THE SHIFT TO INTENT-BASED SECURITY
Key Takeaways
Transaction simulation is evolving from a passive warning system to an active security layer, fundamentally changing how users interact with blockchains.
01
The Problem: Blind Signing is a $1B+ Attack Vector
Users sign opaque calldata, enabling signature phishing, approval draining, and sandwich attacks. The average user cannot decode complex transaction intents, making them reliant on trust.
- Result: Over $1 billion lost to DeFi exploits annually involves user-approved transactions.
- Limitation: Warnings are ignored; users need to understand what they're signing, not just that it's risky.
$1B+
Annual Losses
>90%
Warnings Ignored
02
The Solution: Intent Abstraction via Simulation
Instead of signing raw transactions, users express a goal (e.g., "Swap ETH for USDC"). A simulator (like OpenZeppelin Defender or Tenderly) finds and validates the optimal path before execution.
- Security: Prevents unexpected outcomes by simulating the exact state change.
- UX: Replaces technical jargon with human-readable outcomes ("You will receive at least 2,950 USDC").
99.9%
Risk Mitigated
~500ms
Simulation Time
03
The Architecture: Decentralized Solver Networks
Future security relies on competitive networks of solvers (e.g., UniswapX, CowSwap, Across) that bid to fulfill user intents. Simulation is the trust mechanism.
- Mechanism: Solvers run simulations to prove their proposed path is optimal and safe.
- Result: Users get best execution without managing liquidity or understanding MEV.
10x
More Solvers
-50%
Slippage
04
The Standard: ERC-7677 & ERC-4337 Account Abstraction
Wallet security is being protocolized. ERC-7677 standardizes transaction simulation requests, while ERC-4337 enables programmable security policies via smart accounts.
- Interop: Any wallet (MetaMask, Rabby) can query any simulator (Blockaid, Blowfish).
- Automation: Set rules like "simulate all txs > 0.1 ETH" or "block interactions with blacklisted contracts".
100%
Wallet Coverage
<1s
Policy Check
05
The Business Model: Security as a Fee
Simulation and intent fulfillment create new revenue streams. Solvers earn via bundler fees and MEV capture, while simulators charge APIs (e.g., Alchemy, Infura).
- Scale: Security becomes a scalable SaaS, not a cost center.
- Alignment: Profit is tied to preventing user loss, not just selling insurance.
$100M+
Market Size
0.1%
Fee Take
06
The Endgame: Invisible Security
The final stage removes security from user consciousness. Wallets (like Privy or Dynamic) pre-simulate every action, and intents are fulfilled by decentralized backends (like Anoma or SUAVE).
- User Experience: "Click button, receive asset" with enterprise-grade security.
- Developer Experience: Build dApps without worrying about front-end exploits or gas management.
0
User Friction
100%
Success Rate
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall