When approving and sending transactions in a Safe multisig wallet, you can first simulate them using Tenderly Transaction Simulator. This way, Safe enables you to run a transaction check, preview the execution, and analyze the expected outcome. To enable this, Safe integrated Tenderly’s simulations into their multisig wallet as the underlying infrastructure.
However, you can also simulate a Safe transaction directly in the Tenderly Dashboard as an additional safety measure. Follow this step-by-step guide to override the signer and owner slots so you can simulate Safe’s multisig transactions with you as a sole owner.
The setup and prerequisites
To simulate a Safe transaction via Tenderly, you first need to locate a Safe Wallet (SafeProxy) contract. When you create a new Safe Wallet, this contract is deployed to hold your assets and tokens. You can find the contract address in the Safe UI.
▶️ Watch this step-by-step explainer video to set up your Safe wallet:
Normally, sending these assets requires multiple signatures from several wallet owners since Safe wallets are multisignature. However, you can bypass this requirement using state overrides when running a Tenderly simulation. This way, you can modify variables such as the signer threshold and the owner slot.
Adding the SafeProxy Contract to Tenderly
After creating your SafeProxy contract, add it to your Tenderly project by following these steps:
1. Navigate to Contracts → Add Contract
2. Paste the contract address
3. Select the network where your Safe is located
By naming your Safe contract, you can easily detect it in your Tenderly project.
Next, link the SafeProxy contract to its implementation by clicking Convert to Proxy.
The Implementation Slot is always the zero slot on the proxy contract:
0x0000000000000000000000000000000000000000000000000000000000000000
Once linked, the proxy will be connected to its implementation, allowing you to use the implementation's ABI.
To double-check the implementation, you can find implementation contract addresses for different networks in the Safe documentation.
Creating a simulation on Tenderly
After adding the SafeProxy contract to Tenderly, you can use it to simulate Safe transactions. Navigate to the Simulator tab in the left navigation menu and click the New Simulation button.
Specify only the To address (pointing to the SafeProxy contract) and call the execTransaction method.
For example, input the following parameters to send 10 ETH:
type value
to 0x0871D63c9FDEa60229acce7589C6709D1d6CDf59
value 10000000000000000000
data 0x
operation 0
safeTxGas 0
baseGas 0
gasPrice 0
gasToken 0x0000000000000000000000000000000000000000
refundReceiver 0x0000000000000000000000000000000000000000
signatures 0x0000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
In this example, you’re using a predetermined address as the From address (0x100000000000000000000000000000000000000), which affects the signatures parameter. For example, if you set the From address to 0x9185ad6d425d22fe777827d3d247433439ecc770, your signatures field will look like this:
0x0000000000000000000000009185ad6d425d22fe777827d3d247433439ecc770000000000000000000000000000000000000000000000000000000000000000001
tenderly_simulateTransaction and tenderly_simulateBundle. Follow this quickstart to get started with the Simulation RPC.Overriding the values of the Safe contract
As mentioned above, Safe multisig wallets typically require multiple signers to approve transactions. To bypass this requirement, you can override specific parameters to set the required signers to one and choose a single address as the sole owner.
If a Safe wallet has only one signer, no state overrides are needed, provided that you use the owner as the from address. Otherwise, in the case that the Safe needs multiple signers, you need to override the fourth storage slot of the contract. This is a threshold variable that determines how many signatures are needed. In this case, you need to set this value to 1 so you only need 1 signature to simulate the transaction.
You also need to override the owner storage slot to make yourself the sole owner of the wallet.
ℹ️ To find the storage layout of a specific contract, use the following command:
cast storage 0x29fcb43b46531bca003ddc8fcb67ffe91900c762 \
--rpc-url https://sepolia.gateway.tenderly.co/` \
--etherscan-api-key <ETHERSCAN_API_KEY> Setting up the overrides
You can override the state and set the required number of signatures to one by using encoded values:
0x0000000000000000000000000000000000000000000000000000000000000004: 0x0000000000000000000000000000000000000000000000000000000000000001
You can also use decoded values thanks to the available ABI:
threshold: 1
Finally, override the owner address by inputting any address:
owners[0x1000000000000000000000000000000000000000]: 0x1000000000000000000000000000000000000000
Finally, hit the Simulate Transaction button to run the simulation. If your simulation is successful, you should get a similar overview as the one below:
What if your simulation fails?
If your Safe simulation fails, you may get one of the following error codes as the most common cause of failure:
GS013: Insufficient balance
This error typically occurs when the SafeProxy doesn't have enough currency or assets. If you're sending ETH or native currency, override the balance of the SafeProxy to resolve this issue.
GS020: Invalid signature format:
This error indicates that the signature input field is improperly formatted or missing signatures for the signatures(bytes) parameter.
Each signature must be exactly 65 bytes:
r: 32 bytes (first part of the signature)s: 32 bytes (second part of the signature)v: 1 byte (recovery ID or type indicator)
In hexadecimal format, one signature equals 130 hex characters.
require(signatures.length >= requiredSignatures.mul(65), "GS020");GS025: Unauthorized sender
This error occurs when the sender (from) doesn't own the SafeProxy or isn't one of the signers. To fix this error, either set the correct from address or override the owner. Check the specific contract (Safe Wallet) being called and identify the deployer/contract creator on the Tenderly Explorer.
require(msg.sender == currentOwner || approvedHashes[currentOwner][dataHash] != 0, "GS025");Preview Safe transactions with Tenderly’s simulations
Transaction simulations are an important check before signing transactions, allowing you to ensure everything executes as expected. While simulations can be a security measure for multisig wallets, you should also do your due diligence and perform additional checks to minimize the risk of exploits.
Simulating a transaction from scratch and carefully inspecting the data is essential for protecting your assets. With Tenderly, you can take control of your transaction signing and even compare the hashes of Safe transactions just as they appear in the Ledger wallets. Simulate, don’t speculate!
