You are a Safe{Wallet} user.
You created your transaction via Safe{Wallet}.
You are about to hit “sign” and confirm via Metamask or Rabby.
This is a guide on how to perform basic checks of the transaction in your wallet.
For a guide on how to verify transaction data on your hardware wallet with a 3rd party tool, refer to this guide.
If you can’t verify it, don’t sign it.
Security Best Practices
🔒 Use separate devices for enhanced security:
Sign transactions using software accounts (MetaMask, Rainbow, Rabby) on a different device than where you're using Safe Wallet
Create multi-factor authentication by combining software accounts with dedicated device accounts (Ethereum Phone, GridPlus, Hito)
A dedicated verification device provides the strongest security
Tool Selection
🛠️ Use multiple verification tools:
Transaction decoders:
@rimeissner's decoder provides readable and detailed information
Etherscan decoder, Dethcrypto tools
Simulators:
Tenderly: Use "Contracts" and "Events" tabs for detailed transaction analysis
Can run on a separate device from Safe for additional security
Hash verification:
OpenZeppelin's Safe Utils: User-friendly UI using original code
@pcaversaccio's safe-tx-hashes-util for command line verification
Contract Verification
📋 Maintain a list of trusted contracts:
Bookmark contracts you regularly interact with for quick verification
Find official contracts on Etherscan directly from project teams
Verify using multiple sources (team websites, CoinGecko, social channels)
Check for social verification signals (mutual followers on X/Warpcast)
Some apps (like CoWSwap) include contract information directly in their interface
⚠️ Key principle: Always verify transaction data across multiple tools and devices before signing. If anything seems suspicious or cannot be verified, do not sign the transaction.
Step 1: Verify transaction data in Safe{Wallet}
Before you hit sign, from the Safe{Wallet} interface, get the following and verify that this is what you expect:
To- set to the recipient for Ether transfers, the ERC20 token contract for token transfers, or the smart contract to interact with for contract interactions.Value- usually 0 for contract interactions and > 0 for Ether transfers.Data(“Raw data”) - Checking this requires technical understanding. Refer to this guide for details.Operation- Usually you should see a simple “call”. You should only see something else such as “create”, or “delegate_call” if you actually know what you are doing.Nonce- index of the next transaction you want to execute
Now you hit “sign” which sends the transaction data to your wallet such as Rabby, Metamask, or the wallet you connected via WalletConnect.
Step 2: Verify data in your wallet
Your wallet should display the following and prompt you to sign typed data. If your wallet does not display this data, we recommend you to switch to another wallet.
toDoes this match
tofrom step 1?If it doesn't, check that this is a contract interaction or straight transfer, in this instance the
tofield indicates a transfer of USDC , so it interacts directly with the USDC contract address.Use https://etherscan.io/ to double check.
valueDoes this match
valuefrom step 1?Is it 0 for contract interactions and the correct amount for Ether transfers?
data(“Raw data”)Does this match
datafrom step 1?
operationIs this set to
0? This means a simplecall1would mean delegatecall which is dangerous and you should check with a technical person.
nonceDoes this match
noncefrom step 1?Is this the index of the next transaction you want to execute?
safeTxGas,baseGasAre both
0for Safes with version 1.3.0 or higher? Otherwise this can be higher.
baseGas,gasPriceAre both
0?
gasToken,refundReceiverAre both
0x0000000000000000000000000000000000000000?
ONLY when ALL of the above checks out, confirm on your wallet.
🚨 If any of these details don't match, double-check the transaction and don't hesitate reach out to support team.