Skip to content
Kausa Docs
Security

Transaction simulation and explorer deeplinks

Why every Kausa donation is simulated before signing and how donors verify it on Solscan after.

What changed

Kausa simulates every SOL donation transaction before asking the donor to sign it. After the transaction confirms on-chain, the UI links directly to Solscan so donors can verify the transfer independently.

Why

Without a preview, clicking Donate opens the wallet prompt immediately. The donor sees a raw transaction with no context about where their SOL is going. That's not acceptable for a platform where trust is the whole point.

The simulation step shows the recipient address, transfer amount, and estimated network fee before the wallet ever asks for a signature. The Solscan link after confirmation lets donors verify the transaction landed where they expected, using a block explorer rather than trusting the app's own success message.

How it works

Pre-sign simulation

  1. The donor enters an amount and clicks Send donation.
  2. The app builds the transfer transaction and calls connection.simulateTransaction with replaceRecentBlockhash: true (so no valid blockhash is needed at preview time).
  3. The simulation result is parsed into a preview screen showing the recipient (truncated public key with a copy button), the SOL value, and the estimated network fee.
  4. The donor reviews the preview and clicks Approve in wallet to proceed to the wallet signing prompt.

Simulation failure handling

If the simulation fails (RPC timeout, insufficient funds, or any other error):

  • The preview screen still appears, with a yellow warning banner explaining what went wrong.
  • The donor must check an explicit "I know what I am doing" checkbox before the Approve in wallet button becomes active.
  • The donation is never blocked entirely. A temporary RPC issue should not prevent legitimate donations.

Post-confirmation explorer link

After the transaction confirms and the server records the donation, the success screen shows a View on Solscan link. The URL is cluster-aware:

  • Devnet: https://solscan.io/tx/<signature>?cluster=devnet
  • Mainnet: https://solscan.io/tx/<signature> (no query parameter)

The Solana Actions specification (ActionGetResponse) does not support simulation metadata fields. The GET endpoint returns action descriptions, labels, and linked transaction URLs, not transaction-level data. The spec doesn't define a simulation field in the POST response either.

We skip adding a simulated field to the Blinks GET response. If the Actions spec adds preview metadata support later, we can revisit.

Threat model

Before: donors click Donate and immediately hit a wallet sign prompt with no preview. After sending, the only confirmation is the app's own success message. No independent verification.

After: donors see what they're signing (recipient, amount, fee) before the wallet prompt, and can verify the transaction on Solscan afterward. Simulation failure degrades gracefully with an explicit opt-in rather than silently proceeding or hard-blocking.

Mobile wallet security

Threat model and mitigations for connecting Solana wallets to Kausa from a mobile device.

On this page

What changedWhyHow it worksPre-sign simulationSimulation failure handlingPost-confirmation explorer linkBlinks (Solana Actions)Threat model