Why Transaction Simulation Fails Without Session Key Context

Simulators like Tenderly and OpenZeppelin Defender treat each transaction as an isolated atomic unit. This fails for session-based intents where a user's final action is the result of multiple off-chain steps (e.g., signing a permit, then a swap). The simulator sees a malicious final payload, not the user's authorized intent flow.

• Blind to Off-Chain Logic: Cannot model approvals, signatures, or state changes that occur in a wallet's UI before the final TX.
• False Positives Galore: Flags legitimate session transactions as dangerous, creating friction and blocking adoption.

A new paradigm where the simulator validates the user's declared intent (e.g., 'Swap X for Y at best price') against the on-chain execution path, not just the raw calldata. This requires deep integration with intent standards (ERC-4337, ERC-7702) and solvers like UniswapX and CowSwap.

• Validates Outcome, Not Bytecode: Ensures the end state matches the user's pre-approved goal, regardless of the solver's internal path.
• Enables Complex Sessions: Safely permits multi-step operations like cross-chain swaps via LayerZero or Across within a single user session.

Building session-aware simulation is a public good problem. Wallets (like Safe or Rabby) need it for safety but can't monetize it directly. Infrastructure providers (like Alchemy, Infura) sell RPC calls, not security semantics. This creates a funding gap for R&D.

• Misaligned Incentives: Profit is in execution, not in proving execution is safe according to a prior session.
• Fragmented Standards: Without a canonical session protocol, every simulator must build custom, fragile integrations.

Some advanced wallets are building proprietary, closed-circuit simulation that incorporates limited session context. Rabby's simulation engine and Safe{Wallet}'s transaction builder hint at this future. However, these are walled gardens, not generalized infrastructure.

• Client-Side Only: Security model breaks if the user switches wallets or uses a new dApp frontend.
• Not a Protocol: Fails to provide a universal safety layer for the ecosystem, locking users into specific wallet vendors.

The correct solution is a decentralized protocol for signing and attesting to user intent sessions. Think EIP-712 on steroids, where a signed session object (goals, constraints, expiry) is the root of trust. Simulators and solvers then prove compliance.

• Creates a Verifiable Root: Every transaction can be traced back to a user-authorized intent schema.
• Unlocks Composable Security: Allows Fireblocks-like policy engines to work across any wallet or dApp.

Until a session attestation standard emerges, mass adoption of session keys is a security gamble. Projects like dYdX (staking) or UniswapX (intents) are pushing the UX frontier but relying on blind trust in their off-chain resolvers. The infrastructure layer has not kept pace.

• Security Debt is Accumulating: Billions in TVL will flow through systems that existing simulators cannot adequately audit.
• The Next Hack Vector: Exploits will target the semantic gap between user intent and on-chain execution.

Simulators see a single, approved token swap. They miss the malicious MEV bot front-running the user's transaction and back-running it to extract value, draining the user's slippage tolerance.\n- Blind Spot: Simulators cannot model the full execution path of a user's intent across blocks.\n- Result: Users approve a 1% slippage swap but suffer >10% effective slippage due to sandwiching.

A dApp's innocuous 'approve' transaction is simulated and passed. The simulator is blind to the user's active session key, which has a separate, unlimited allowance on a different protocol like Aave or Compound.\n- Blind Spot: No view into linked permissions across the user's session.\n- Result: A single approved interaction can trigger a full account drain via a pre-authorized, cross-protocol liquidation.

Simulation checks the transaction at T=0. It passes. The attack leverages a time-dependent state change (e.g., an expiring oracle price, a governance vote conclusion) that occurs before execution.\n- Blind Spot: Inability to model future state or conditional logic based on block time.\n- Result: A transaction that was safe when signed becomes a malicious governance takeover or oracle manipulation at execution.

Simulators like OpenZeppelin Defender or Tenderly validate a standalone ERC-20 approve. They cannot see that this token is the collateral backing a user's $10M debt position on MakerDAO.\n- Blind Spot: Isolated transaction analysis misses portfolio-level risk.\n- Result: Approving a 'small' NFT purchase can inadvertently authorize a liquidation of the user's entire leveraged DeFi position.

Malicious dApps are engineered to return benign results during simulation but execute a different payload on-chain, exploiting the simulation-execution dichotomy. This is the wallet drain equivalent of a time-of-check to time-of-use (TOCTOU) vulnerability.\n- Blind Spot: Assumption that simulation environment matches execution environment.\n- Result: Wallets like MetaMask and Rabby show 'transaction preview: success' while the actual on-chain call drains funds.

The fix requires moving beyond single-transaction analysis. Systems must model the user's declared intent and the full scope of their active session. This is the approach pioneered by UniswapX for swaps and needed for generalized smart accounts.\n- Key Shift: Simulate the session context, not just the transaction.\n- Enablers: ERC-7579 (Modular Smart Accounts), Session Keys, and intent standardization.