Signatures are pre-execution commitments. Signing a transaction grants a contract unlimited authority over approved assets, a design flaw exploited by malicious dApp frontends and wallet drainers.
the-state-of-web3-education-and-onboarding
Blog
Why On-Chain Transaction Simulation is a Non-Negotiable Security Feature
An analysis of how pre-execution simulation, championed by Blockaid and Blowfish, has become the critical defense against sophisticated phishing and drainer attacks, moving security from reactive to proactive.
introduction
THE EXPLOIT SURFACE
The Signature is the New Attack Vector
The cryptographic signature, once a finality mechanism, is now the primary vulnerability for user funds, demanding pre-execution simulation.
Transaction simulation is non-negotiable. Wallets like Rabby and Fire now simulate every transaction, detecting hidden approvals, unexpected transfers, and sandwich attack vectors before the user signs.
The standard changes. The security baseline shifts from checking contract addresses to analyzing intent. Protocols like UniswapX and CowSwap abstract signatures into intents, but simulation remains the final guardrail.
Evidence: Over $1 billion was lost to signature-based phishing in 2023. Wallets implementing simulation report a >90% reduction in user-reported fraud.
key-insights
THE NEW SECURITY PRIMITIVE
Executive Summary
On-chain simulation has evolved from a developer tool into a critical security layer for end-users, preventing exploits before they are signed.
01
The $10B+ Blind Spot: Unpredictable Transaction Execution
Users sign transactions without knowing final outcomes, leading to MEV extraction, sandwich attacks, and approval exploits. This trust gap has cost DeFi users billions.
- Prevents Failed Transactions: Simulates state changes to avoid wasted gas on doomed txs.
- Exposes Hidden Costs: Reveals slippage, fee drains, and price impact before signing.
- Mitigates Protocol Risk: Flags interactions with known vulnerable or malicious contracts.
$10B+
Exploits Preventable
>90%
Failed TXs Avoided
02
The Solution: Real-Time State Simulation as a Service
Infrastructure like Tenderly, OpenZeppelin Defender, and Blocknative provide APIs that fork the chain, execute the transaction locally, and return a deterministic outcome.
- Deterministic Previews: Shows exact token balances, NFT transfers, and contract state post-execution.
- Integration Layer: Wallets (e.g., Rabby, Frame) and dApps embed this to create a secure UX.
- Composability Engine: Enables complex intent-based systems (e.g., UniswapX, CowSwap) by guaranteeing settlement paths.
<500ms
Simulation Latency
100%
State Accuracy
03
Beyond Security: The Performance & UX Mandate
Simulation isn't just about safety; it's a core performance feature for scalable dApps and advanced trading.
- Enables High-Frequency On-Chain Actions: Required for perpetual dexes and on-chain gaming to estimate PnL and positions.
- Reduces Network Load: Filters invalid transactions off-chain, lowering gas prices and chain congestion.
- Foundation for Account Abstraction: Smart accounts and ERC-4337 bundles rely on simulation for gas sponsorship and atomic multi-ops.
10x
UX Improvement
-40%
RPC Load
04
The Regulatory & Institutional On-Ramp
For TradFi and regulated entities, transaction simulation provides the audit trail and pre-trade compliance checks required for adoption.
- Pre-Trade Transparency: Creates an immutable record of expected vs. actual outcome, crucial for audits.
- Risk Management: Allows institutions to set policies (e.g., max slippage, approved protocols) enforced at the simulation layer.
- Liability Shield: Demonstrates proactive security measures, mitigating regulatory scrutiny for custodians and asset managers.
Audit Trail
Key Feature
Mandatory
For Institutions
thesis-statement
THE NON-NEGOTIABLE
Simulation is the Only Viable Abstraction Layer
On-chain transaction simulation is the foundational security primitive that makes user-centric abstraction possible.
Abstraction without simulation is dangerous. Wallets like Rabby and Fire simulate every transaction before signing, exposing hidden approvals or unexpected slippage. This prevents the signature abstraction of ERC-4337 Account Abstraction from becoming a security liability.
Simulation enables intent-based systems. Protocols like UniswapX and CowSwap rely on off-chain solvers. On-chain simulation is the trust mechanism that lets users verify a solver's proposed solution is optimal before execution, creating a competitive marketplace.
It is the universal pre-execution audit. Every cross-chain message via LayerZero or Axelar, every bridge transaction on Across, and every DeFi interaction must be simulated. The eth_estimateGas RPC call is the primitive, but modern tools like Tenderly and OpenZeppelin Defender provide deeper, state-aware analysis.
The metric is failure prevention. Wallets implementing simulation report a >90% reduction in user-induced asset loss from malicious contracts or failed transactions. This is the data point that makes simulation non-negotiable for any product handling user funds.
market-context
THE THREAT MODEL
The Drainer Economy: A $1B+ Market for Stolen Signatures
On-chain transaction simulation is the only effective defense against a professionalized, billion-dollar industry built on exploiting user signatures.
Signature theft is industrialized. Drainer-as-a-Service kits like Inferno Drainer and MS Drainer have created a scalable, low-skill criminal enterprise. These kits provide phishing infrastructure, token laundering, and customer support, enabling attackers to steal over $1 billion annually.
Approval transactions are the attack vector. The core exploit is a malicious ERC-20 approval or permit signature. Users sign a seemingly legitimate transaction, but the payload contains a hidden call to transfer all approved tokens to the attacker's wallet. Tools like WalletGuard and Blockaid exist to detect these, but they are reactive add-ons.
Simulation is pre-execution validation. A transaction simulation runs the proposed call in a sandboxed environment before the user signs. It reveals the true state changes, including any unexpected token transfers or contract interactions, blocking the signature request entirely.
Wallets without simulation are negligent. Leading wallets like Rabby and MetaMask Snaps have integrated simulation. A wallet that presents a signature request without simulating it first is handing users a loaded gun. The standard has shifted from post-hoc warnings to pre-signature security.
WHY SIMULATION IS MANDATORY
The Simulation Stack: Capabilities & Limitations
A comparison of on-chain transaction simulation solutions, highlighting the non-negotiable security features for wallet and dApp integration.
| Core Capability / Metric | Tenderly | Blowfish | Blocknative | Open Source (e.g., Foundry Anvil) |
|---|---|---|---|---|
Pre-Execution Risk Scoring | ||||
Gas Estimation Accuracy |
|
|
| Varies by fork state |
Simulation Latency (P95) | < 300ms | < 200ms | < 500ms | < 50ms (local) |
Multi-Chain Support (EVM + Non-EVM) | ||||
State Override & Forking | ||||
MEV / Sandwich Attack Detection | ||||
Simulation Call Limit per Sec (Free Tier) | 10 | 100 | 5 | Unlimited (self-hosted) |
Formal Verification Integration |
protocol-spotlight
ON-CHAIN SIMULATION
Architectural Deep Dive: Blockaid vs. Blowfish
Transaction simulation is the final security checkpoint before signing, moving beyond static signatures to dynamic risk assessment.
01
The Problem: Static Signatures Are a Dead End
ERC-4337 and smart contract wallets broke the simple EOA model. A signature now triggers a cascade of contract calls. Static analysis can't see the rug pull hidden three hops down the call stack.
- Blind Signing: Users approve a benign function, unaware of downstream malicious transfers.
- Composability Risk: Interacting with protocols like Uniswap or Aave creates unpredictable state changes.
- $2B+ in losses annually stem from approval exploits that simulation could have flagged.
$2B+
Annual Losses
0
Context
02
Blockaid: The Aggregated Threat Graph
Blockaid builds a security graph by simulating transactions against known malicious patterns and a proprietary database. It's the Fortinet of Web3, prioritizing breadth of threat intelligence.
- Multi-Chain Database: Scans for threats across Ethereum, Solana, Polygon, and Arbitrum.
- Intent Validation: Flags mismatches between user intent (e.g., swap) and simulated outcome (e.g., drain).
- Enterprise Focus: Integrated into wallets like MetaMask and Rainbow for broad, default protection.
10M+
Users Protected
4+
Major Chains
03
Blowfish: The Real-Time Execution Simulator
Blowfish parses and simulates every transaction in real-time, rendering a human-readable preview. It's the Wireshark for EVM and Solana, prioritizing depth and clarity of execution.
- Line-by-Line Preview: Shows exact asset movements, approvals, and NFT transfers before signing.
- Sub-Second Latency: Completes full simulation in ~200ms to not break UX.
- Protocol-Specific Logic: Understands complex interactions within Curve gauges or Lido staking.
~200ms
Simulation Time
100%
Tx Parsed
04
The Non-Negotiable Layer: Why Wallets Must Integrate
Simulation is not a premium feature; it's baseline infrastructure. Without it, wallets are handing users a loaded gun with the safety off.
- Regulatory Foreshock: Future liability will fall on wallet providers for preventable losses.
- User Expectation Shift: The post-FTX generation demands self-custody with safety nets.
- Competitive Moat: Wallets like Phantom (Blowfish) and MetaMask (Blockaid) are already baking it in. Lagging means irrelevance.
0
Acceptable Losses
Mandatory
For Wallets
counter-argument
THE FLAWED PREMISE
The Steelman Case Against Simulation
Transaction simulation is a foundational security primitive, not an optional feature, because the alternative is user exploitation at scale.
Simulation prevents predictable theft. Without it, users sign blind approvals for malicious contracts, a primary vector for wallet-draining attacks. Tools like OpenZeppelin Defender and Tenderly exist because developers need this visibility; users deserve the same.
The UX argument is a false trade-off. Critics claim simulation adds latency, but the cost of a failed transaction is higher than a 200ms pre-check. Protocols like Uniswap and Aave simulate internally; exposing this to the user is the logical endpoint.
On-chain is the only valid context. Off-chain simulation via services like Alchemy or Blowfish can miss critical state dependencies. The definitive execution environment is the EVM state at block inclusion, which only an on-chain, fork-based simulation replicates.
Evidence: The $3 billion lost to DeFi hacks in 2023 stems from unexpected interactions. Simulation frameworks like Foundry's forge simulate are standard for devs because they prevent these losses before deployment.
FREQUENTLY ASKED QUESTIONS
Frequently Challenged Questions
Common questions about why on-chain transaction simulation is a non-negotiable security feature for DeFi and wallet users.
On-chain transaction simulation is a security tool that predicts a transaction's outcome before you sign it. It uses a node to locally execute the transaction and show you the exact state changes, like token balances, approvals, and potential slippage, preventing costly mistakes.
risk-analysis
WHY SIMULATION IS NOW MANDATORY
The Next Frontier of Simulation Risk
Pre-execution simulation has evolved from a nice-to-have to a critical security primitive, protecting users from MEV, protocol exploits, and asset loss.
01
The Blind Signing Problem
Signing a transaction without knowing its exact outcome is the root cause of most user losses. Wallets like MetaMask historically provided zero execution preview.
- Key Benefit 1: Eliminates surprise failures and hidden slippage.
- Key Benefit 2: Prevents signing malicious approvals for drainer contracts.
~$1B+
Annual Losses
100%
Visibility
02
The MEV & Slippage Black Box
Without simulation, users are blind to sandwich attacks and optimal routing. Solvers on CowSwap and UniswapX rely on simulation to guarantee results.
- Key Benefit 1: Reveals exact final token amounts before submission.
- Key Benefit 2: Enables competitive bidding among searchers for best price.
$200M+
Annual MEV
-99%
Slippage Risk
03
Protocol Integration & Safe{Core} API
Standalone simulation is insufficient. The new standard is direct integration into smart accounts and protocols. Safe's simulation API allows dApps to simulate through the wallet.
- Key Benefit 1: Enables complex batched transactions with guaranteed safety.
- Key Benefit 2: Provides a standardized interface for all dApps, reducing integration fragility.
~500ms
Latency
1 API
Universal Std
04
The Cross-Chain Simulation Gap
Bridges and omnichain apps like LayerZero create multi-step execution risk. A simulation must span source chain, bridge logic, and destination chain.
- Key Benefit 1: Prevents partial execution where funds are sent but never received.
- Key Benefit 2: Validates complex conditions across heterogeneous environments.
10+
Chains
$2B+ TVL
At Risk
05
From Simulation to Enforcement (ERC-7512)
Simulation is a prediction; enforcement makes it a guarantee. Audited, on-chain simulation modules, as envisioned by ERC-7512, can revert transactions that deviate from the simulated path.
- Key Benefit 1: Transforms off-chain insight into on-chain security guarantee.
- Key Benefit 2: Creates a verifiable audit trail for protocol compliance.
0
Deviations
On-Chain
Proof
06
The Infrastructure Race: Tenderly vs. Blowfish
Specialized providers are competing on speed, coverage, and abstraction. Tenderly dominates developer tooling, while Blowfish and Blockaid focus on end-user wallet integration.
- Key Benefit 1: Sub-100ms simulation latency for real-time wallets.
- Key Benefit 2: Coverage for 1000+ protocols and obscure DeFi primitives.
<100ms
Speed
1000+
Protocols
future-outlook
THE SECURITY IMPERATIVE
The Inevitable Integration: From Feature to Protocol Primitive
On-chain transaction simulation is transitioning from a developer tool to a core security primitive required for mainstream user adoption.
Simulation is a non-negotiable security primitive for any protocol interfacing with user assets. It is the computational verification of a transaction's outcome before signing, preventing exploits like front-running, sandwich attacks, and failed swaps that waste gas. This moves security from reactive post-mortems to proactive prevention.
The shift is from feature to infrastructure. Early tools like Tenderly and OpenZeppelin Defender offered simulation as a dev-ops feature. Now, protocols like UniswapX and CowSwap build intent-based architectures that require simulation as a core, trustless component for order matching and settlement, making it a protocol-layer concern.
Without simulation, user experience is fundamentally broken. Wallets like Rabby and Safe have integrated simulation to show users exact balance changes and risk warnings before they sign. This eliminates the 'blind signing' problem that has enabled billions in losses from phishing and malicious contracts, setting a new baseline expectation.
Evidence: The proliferation of ERC-4337 Account Abstraction mandates simulation. Bundlers must simulate UserOperation validity to avoid paying for failed transactions, baking this check directly into the protocol stack. This standardizes simulation as a required pre-execution layer across Ethereum and its L2s like Arbitrum and Optimism.
takeaways
ON-CHAIN SIMULATION
TL;DR for Busy Builders
Transaction simulation is the final security checkpoint before execution, preventing exploits and optimizing outcomes.
01
The Problem: Blind Signing is a $1B+ Attack Vector
Signing a transaction without knowing its outcome is the root cause of most user exploits.\n- Prevents approval draining, sandwich attacks, and MEV theft.\n- Protects users from interacting with malicious contracts like those behind phishing sites.\n- Eliminates the need for trust in front-end interfaces.
$1B+
Exploits Preventable
100%
Visibility Gain
02
The Solution: Pre-Flight State Simulation
Tools like Tenderly, OpenZeppelin Defender, and Foundry's forge simulate execute the transaction in a local fork before broadcast.\n- Simulates exact state changes, token balances, and gas costs.\n- Validates complex multi-step DeFi interactions (e.g., Uniswap, Aave loops).\n- Enables automated security checks and regression testing for protocols.
~500ms
Simulation Time
0 Gas
On-Chain Cost
03
The Protocol Mandate: MEV & Slippage Defense
For protocols with $10M+ TVL, simulation is a core infra requirement, not a nice-to-have.\n- Front-run protection by detecting unfavorable price impacts before submission.\n- Integrate with services like Flashbots Protect or MEVBlocker to ensure fair execution.\n- Audit every governance or treasury transaction to prevent catastrophic errors.
>99%
Attack Surface Reduced
$10M+
TVL Protected
04
The Builder's Edge: Intent Validation & Gas Optimization
Simulation allows builders to craft optimal transactions, moving towards intent-based architectures.\n- Verify that a cross-chain bridge call via LayerZero or Axelar will succeed on the destination chain.\n- Optimize gas by testing different paths and contract versions (e.g., Uniswap V3 vs V4).\n- Enable advanced features like transaction batching and conditional execution logic.
-30%
Avg. Gas Cost
10x
Dev Speed
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall