Transaction Simulation is the process of executing a blockchain transaction in a sandboxed environment before it is signed and broadcast, allowing users and applications to preview the exact state changes, token transfers, approvals, and contract interactions that will occur on-chain. By revealing the true outcome of a transaction before commitment, simulation serves as a critical defense against UI injection attacks, phishing, and blind signing vulnerabilities.

In DeFi, transaction simulation has become essential because the gap between what a user interface displays and what a transaction actually executes can be exploited for massive theft. The Bybit hack demonstrated this perfectly: signers saw legitimate-looking transaction details in the Safe{Wallet} UI, but the actual transaction transferred ownership of a cold wallet holding $1.5 billion in ETH. Transaction simulation tools would have revealed the true delegatecall operation and ownership transfer hidden beneath the manipulated UI.

How Transaction Simulation Works

Transaction simulation uses blockchain node infrastructure to execute a transaction against the current chain state without actually broadcasting it. The simulation:

1. Forks the current state — Creates a snapshot of the blockchain at the current block, including all contract storage, balances, and nonces.
2. Executes the transaction — Runs the transaction against the forked state using the same EVM execution environment as production nodes.
3. Records all state changes — Tracks every storage modification, token transfer, approval change, ETH movement, event emission, and internal call made during execution.
4. Presents results — Displays the complete list of effects in human-readable format so users can verify the transaction does what they expect.

This process is deterministic: given the same chain state and transaction parameters, simulation produces the same result as actual on-chain execution (with minor caveats around block-dependent values like block.timestamp).

Simulation Tools and Services

Several tools provide transaction simulation for DeFi users and developers:

Tenderly offers a comprehensive simulation platform with detailed execution traces, state diffs, gas profiling, and a visual debugger. It supports simulating transactions against any historical state and can simulate entire sequences of transactions to model complex DeFi strategies.

Blockscout and other block explorers provide basic transaction simulation capabilities integrated into their user interfaces.

Wallet-integrated simulation is increasingly common, with wallets like Rabby and browser extensions like Pocket Universe automatically simulating transactions before presenting them for signing. These tools show users the net effect on their balances, new approvals being granted, and any suspicious patterns.

Custom simulation using tools like Foundry's cast call or Hardhat's eth_call allows developers and security teams to simulate transactions programmatically, enabling automated verification in signing workflows.

Security Applications in DeFi

Transaction simulation addresses several critical attack vectors:

UI injection detection — When a frontend is compromised and displays false transaction details, simulation reveals the true on-chain effect. If the UI shows a simple token swap but simulation reveals an unlimited approval to an unknown address, the user can reject the transaction before signing.

Phishing defense — Phishing sites often present transactions that appear harmless but contain hidden operations. Simulation exposes the full execution trace, including nested internal calls, delegate calls, and proxy interactions that phishing sites try to obscure.

Approval auditing — Simulation clearly shows when a transaction includes token approval operations, the spender address, and the approved amount. This is critical because many DeFi exploits begin with tricking users into granting unlimited approvals to malicious contracts.

Multi-sig verification — For organizations using multi-signature wallets, transaction simulation provides an independent verification layer. Each signer can simulate the pending transaction using different tools and compare results before approving, reducing the risk of a single compromised UI misleading all signers.

Limitations

Transaction simulation has important limitations that users should understand:

State dependency — Simulation results are only valid for the current chain state. If the state changes between simulation and execution (due to other transactions, oracle updates, or MEV), the actual result may differ. This is particularly relevant for DeFi transactions that depend on pool prices or oracle feeds.

Simulation evasion — Sophisticated attackers can design contracts that detect simulation environments and behave differently during simulation versus actual execution. For example, a contract could check tx.origin, block number, or use timing-based logic to appear benign during simulation but execute malicious logic on-chain.

Trust in the simulation tool — If the simulation tool itself is compromised or displays misleading results, it provides false assurance. For high-value operations, simulating through multiple independent tools mitigates this risk.

Despite these limitations, transaction simulation remains one of the most effective defenses against frontend-based attacks in DeFi and should be integrated into every signing workflow.