I kept coming back to one detail about simulateTask() that nobody explains clearly: what exactly does the returned attestation cover.
It's easy to assume it covers the whole transaction, start to finish. It doesn't. It covers one moment — the point where operators check the intent against a policy and agree it passes.
That agreement happens over a stripped-down version of the data. Each operator's individual signature gets excluded from what they collectively sign, so the group lands on one shared BLS attestation instead of stitching separate proofs together. The fuller record, the one keeping each operator's signature intact, sits elsewhere on-chain, mainly for disputes.
So there are two records. One is what got agreed on. The other gets pulled up if someone challenges the decision later.
That split didn't bother me until I thought about timing. The attestation clears first, and only after does the actual call go out to whatever contract the intent was targeting. Whatever happens there — a revert, a price that already moved, a state that shifted in the gap — isn't something the attestation ever accounted for.
It isn't a bug exactly.
"Approved" and "settled correctly" are two separate claims wearing the same word. The policy engine answers whether the intent matched the rules at the moment it was checked. It was never built to answer whether the world still looked the same by the time the call landed.
Treating a failed destination call as a different failure category than a failed attestation suggests the protocol already treats these as separate risks. What I can't tell is whether the people building on top of it treat them as separate too.
If integrations quietly collapse "attestation passed" into "outcome was fine," does that stay a footnote developers absorb naturally, or does it become the exact failure people discover only after money is already lost on a reverted call?
@NewtonProtocol #Newt $NEWT