Safe

You created your transaction via Safe{Wallet}.

You are about to hit “sign” and confirm on your hardware wallet.

This is a guide on how to perform a complete check of the transaction on your hardware wallet.

For a basic guide on how to verify transaction data on e.g. Metamask or Rabby, refer to <a href="https://help.safe.global/en/articles/276343-how-to-perform-basic-transactions-checks-on-safe-wallet">this guide</a>.

If you can’t verify it, don’t sign it.

Step 1: Verify transaction data in Safe{Wallet}

Before you hit sign, from the Safe{Wallet} interface, get the following and verify that this is what you expect:

<code>to</code> - set to the recipient for Ether transfers, the ERC20 token contract for token transfers, or the smart contract to interact with for contract interactions.

<code>value</code> - usually 0 for contract interactions and &gt; 0 for Ether transfers.

<code>data</code> (“Raw data”) - Use a call data decoder such as <a href="https://etherscan.io/inputdatadecoder" target="_blank" rel="nofollow noopener noreferrer">this one</a> from Etherscan, <a href="https://rimeissner.dev/transaction-decoder" target="_blank" rel="nofollow noopener noreferrer">this one</a> from <a href="https://x.com/rimeissner" target="_blank" rel="nofollow noopener noreferrer">@rimeissner</a>, or <a href="https://tools.deth.net/calldata-decoder" target="_blank" rel="nofollow noopener noreferrer">this one</a> from <a href="https://x.com/dethcrypto" target="_blank" rel="nofollow noopener noreferrer">@dethtools</a> to actually check the entire call data.

<code>call_type</code> - Usually you should see a simple “call”. You should only see something else such as “create”, or “delegate_call” if you actually know what you are doing.

<code>nonce</code> - index of the next transaction you want to execute

- <code>to</code> - set to the recipient for Ether transfers, the ERC20 token contract for token transfers, or the smart contract to interact with for contract interactions.
- <code>value</code> - usually 0 for contract interactions and &gt; 0 for Ether transfers. 
- <code>data</code> (“Raw data”) - Use a call data decoder such as <a href="https://etherscan.io/inputdatadecoder" target="_blank" rel="nofollow noopener noreferrer">this one</a> from Etherscan, <a href="https://rimeissner.dev/transaction-decoder" target="_blank" rel="nofollow noopener noreferrer">this one</a> from <a href="https://x.com/rimeissner" target="_blank" rel="nofollow noopener noreferrer">@rimeissner</a>, or <a href="https://tools.deth.net/calldata-decoder" target="_blank" rel="nofollow noopener noreferrer">this one</a> from <a href="https://x.com/dethcrypto" target="_blank" rel="nofollow noopener noreferrer">@dethtools</a> to actually check the entire call data. 
- <code>call_type</code> - Usually you should see a simple “call”. You should only see something else such as “create”, or “delegate_call” if you actually know what you are doing.
- <code>nonce</code> - index of the next transaction you want to execute

Now you hit “sign” which sends the transaction data to your hardware wallet. (Depending on how you are connected, you first confirm via Rabby, Metamask, or the wallet you connected via WalletConnect.)

Step 2a: Verify hashed transaction data on hardware wallet

If your hardware wallet supports signing typed data via <a href="https://eips.ethereum.org/EIPS/eip-712" target="_blank" rel="nofollow noopener noreferrer">EIP712</a>, skip to step 2b below.

Get the <a href="https://github.com/Cyfrin/safe-tx-hashes" target="_blank" rel="nofollow noopener noreferrer">safe-tx-hashes</a> command line tool by <a href="https://x.com/patrickalphac" target="_blank" rel="nofollow noopener noreferrer">Patrick Collins</a> which builds on <a href="https://github.com/pcaversaccio/safe-tx-hashes-util" target="_blank" rel="nofollow noopener noreferrer">safe-tx-hashes-util</a> from <a href="https://x.com/pcaversaccio" target="_blank" rel="nofollow noopener noreferrer">@pcaversaccio</a>. Note that the tool requires a few pre-requisites to be installed on your computer.

Use the <a href="https://github.com/Cyfrin/safe-tx-hashes?tab=readme-ov-file#usage---offline" target="_blank" rel="nofollow noopener noreferrer">offline mode</a> via <code>--offline</code> to calculate:

- Safe transaction hash
- Domain hash
- Message hash

Ensure that the Safe transaction hash is the same like <code>safeTxHash</code> from above.

Verify Domain and Message hash on your hardware wallet.

ONLY when ALL of the above checks out, confirm on your hardware wallet.

1. Get the <a href="https://github.com/Cyfrin/safe-tx-hashes" target="_blank" rel="nofollow noopener noreferrer">safe-tx-hashes</a> command line tool by <a href="https://x.com/patrickalphac" target="_blank" rel="nofollow noopener noreferrer">Patrick Collins</a> which builds on <a href="https://github.com/pcaversaccio/safe-tx-hashes-util" target="_blank" rel="nofollow noopener noreferrer">safe-tx-hashes-util</a> from <a href="https://x.com/pcaversaccio" target="_blank" rel="nofollow noopener noreferrer">@pcaversaccio</a>. Note that the tool requires a few pre-requisites to be installed on your computer. 
2. Use the <a href="https://github.com/Cyfrin/safe-tx-hashes?tab=readme-ov-file#usage---offline" target="_blank" rel="nofollow noopener noreferrer">offline mode</a> via <code>--offline</code> to calculate:
 - Safe transaction hash
 - Domain hash
 - Message hash
3. Ensure that the Safe transaction hash is the same like <code>safeTxHash</code> from above.
4. Verify Domain and Message hash on your hardware wallet.
5. ONLY when ALL of the above checks out, confirm on your hardware wallet.

Step 2b: Verify typed data on hardware wallet

Some of the newer hardware wallets from Trezor, Ledger, GridPlus, and others display typed structured data via <a href="https://eips.ethereum.org/EIPS/eip-712" target="_blank" rel="nofollow noopener noreferrer">EIP712</a>, or support some form of clear signing. In that case you can directly verify the transaction data on your hardware wallet:

- Does this match <code>to</code> from step 1?
- Is it set to an address you recognize?

- Does this match <code>value</code> from step 1?
- Is it <code>0</code> for contract interactions and the correct amount for Ether transfers?

- Does this match <code>data</code> from step 1?

- Is this set to <code>0</code>? This means a simple <code>call</code>
- <code>1</code> would mean delegatecall which is dangerous and you should check with a technical person.

- Does this match <code>nonce</code> from step 1? 
- Is this the index of the next transaction you want to execute?

<code>safeTxGas</code>, <code>baseGas</code>

- Are both <code>0</code> for your Safe with version 1.3.0 or higher? Otherwise this can be higher.

<code>baseGas</code>, <code>gasPrice</code>

<code>gasToken</code>, <code>refundReceiver</code>

- Are both <code>0x0000000000000000000000000000000000000000</code>?

ONLY when ALL of the above checks out, confirm on your wallet.

1. <code>to</code>
 - Does this match <code>to</code> from step 1?
 - Is it set to an address you recognize? 
2. <code>value</code>
 - Does this match <code>value</code> from step 1?
 - Is it <code>0</code> for contract interactions and the correct amount for Ether transfers?
3. <code>data</code> (“Raw data”)
 - Does this match <code>data</code> from step 1?
4. <code>operation</code>
 - Is this set to <code>0</code>? This means a simple <code>call</code>
 - <code>1</code> would mean delegatecall which is dangerous and you should check with a technical person.
5. <code>nonce</code>
 - Does this match <code>nonce</code> from step 1? 
 - Is this the index of the next transaction you want to execute?
6. <code>safeTxGas</code>, <code>baseGas</code>
 - Are both <code>0</code> for your Safe with version 1.3.0 or higher? Otherwise this can be higher.
7. <code>baseGas</code>, <code>gasPrice</code>
 - Are both <code>0</code>?
8. <code>gasToken</code>, <code>refundReceiver</code>
 - Are both <code>0x0000000000000000000000000000000000000000</code>?
9. ONLY when ALL of the above checks out, confirm on your wallet.