Simulation Drift
A security failure mode where the transaction artifact that was simulated differs materially from the artifact later approved, signed, or broadcast.
Simulation Drift is a security failure mode in financial and agentic systems where the artifact that was simulated is not the same artifact that is eventually approved, signed, or executed. The drift may happen because a route is rebuilt, a quote expires, a relayer reconstructs calldata, a queue worker executes later against changed state, or a downstream connector substitutes fields after the original simulation result was shown.
The term matters because many teams over-credit transaction simulation as a complete safety control. Simulation can only describe the effect of the exact payload it receives. It does not, by itself, guarantee that the final transaction still matches that payload. In other words, simulation answers “what would this transaction do?” but not “is this still the same transaction that will actually execute?”
For auditors, Simulation Drift is useful because it turns a vague wallet-safety claim into a concrete review checklist. You need to identify whether the exact simulated artifact is preserved, whether approval is bound to the exact payload rather than a prose summary, whether downstream components can rebuild the transaction from loose intent, and whether the final signer performs independent sink-time validation on destination, spender, calldata, chain, and bounds.
The risk is especially severe in long-lived agents and Agentic DeFi. A treasury or trading agent may simulate a safe rebalance at one point in time, then execute a materially different route later after memory changes, market state moves, or a queue worker regenerates the transaction. That means Simulation Drift often overlaps with approval bypass, delayed execution risk, and memory poisoning.
The strongest controls are straightforward in principle: preserve the raw simulated payload and hash it, bind human or policy approval to that exact artifact, invalidate the simulation when state or route changes materially, and verify at signing time that the final payload still matches the approved object. If those controls are absent, the system may still “simulate every transaction” while leaving the real execution path weak.
Related Terms
Transaction Simulation
Process of predicting the exact on-chain outcome of a blockchain transaction before signing, revealing hidden state changes or malicious behavior.
Sink-Time Validation
Independent validation at the execution sink on the exact action, destination, and parameters an AI system is about to trigger.
Approval Bypass
A failure mode where a human approval step exists but does not constrain the exact parameters that determine the real security impact of an AI agent action.
Delayed Execution Risk
A failure mode where low-trust or attacker-shaped state is persisted first and later reaches a privileged execution sink under a different context or authority level.
Need expert guidance on Simulation Drift?
Our team at Zealynx has deep expertise in blockchain security and DeFi protocols. Whether you need an audit or consultation, we're here to help.
Get a Quote