# Safe Guard ## Introduction Venn Safe Guard is a decentralized security-validation layer for Safe (Gnosis Safe) multisig accounts. By integrating seamlessly into your Safe transaction workflow, Venn ensures that every transaction undergoes rigorous decentralized security validation, thereby reducing the risk associated with malicious or unauthorized multisig operations. *** ### Why Choose Venn Safe Guard? * Zero UI Trust: Independent validation - immune to compromised front-ends. * Decentralized and vendor-neutral: no single points of failure or risky dependencies on third parties. * End-to-End Validation: Continuous validation before, during, and after execution. *** ### What Venn Safe Guard Protects Against? * Compromised Signers * Compromised Interfaces (UI Hijack) * Privilege Escalation * Silent Backdoor Installation * Malicious Admin Batching * Fallback handlers Hijacking *** ## **How it Works** Venn Safe Guard is designed as a modular Safe Guard, seamlessly integrated into your existing Safe multisig account. Safe Guard is a specialized smart contract officially supported by Safe, created to add customized validation logic for the lifecycle of Safe transactions (see [Safe Guard documentation](https://docs.safe.global/advanced/smart-account-guards)). ### **Step 1: Build Your Transaction** * Safe owners or admins build transactions using two options: * **Venn API (for local/programmatic builds)** * **Venn Transaction Builder UI**. {% hint style="info" %} *Transaction format matches Safe's native structure and supports multicalls/batches, which mirrors Safe’s native transaction-building and t*ransaction Servic**e** *flow.* {% endhint %} ### **Step 2: Decentralized Security Validation** * The built transaction is automatically sent to the [**Venn Decentralized Validation Network**](https://docs.venn.build/introduction-to-venn#what-is-venn). * Independent **Tier-1 security operators** evaluate transactions against your security policy. * Venn’s [consensus](https://docs.venn.build/consensus-model#introduction-to-the-venn-consensus-model) aggregates operators' votes to decide if the transaction is secure and allowed to proceed or malicious and blocked from execution. {% hint style="info" %} *You can consume Venn Security Validation either using the Venn Safe Guard API (for programmatic or local use), or through the dedicated Venn UI, which handles the validation process automatically behind the scenes.* {% endhint %} ### **Step 3: Submission to Safe Queue** * Approved transactions (including Venn's validation signature) are submitted to the Safe multisig transaction queue. * Safe signers proceed to approve transactions normally, just like **regular Safe transactions.** ### **Step 4: On-Chain Guard Validation** * When signers trigger on-chain execution, the **Venn Safe Guard** contract performs: * **Pre-Execution Check:** The Guard extracts and stores the transaction’s original bytecode for comparison. * **Execution-Time Validation:** On-chain verification of Venn’s aggregated signature and operator consensus, validating transaction authenticity and integrity. * **Post-Execution Check:** Confirms executed transaction bytecode matches pre-approved bytecode. {% embed url="" fullWidth="true" %} Venn Safe Guard {% endembed %} *** ## Venn Guard Smart Contract The **Venn Guard smart contract** is the core on-chain component of Venn’s Safe integration. Implemented as a Safe Guard contract, it acts as a **firewall** enforcing transaction validations directly at the smart contract execution layer. The Guard interacts with Venn's decentralized network, ensuring only transactions explicitly approved by [operator consensus](https://docs.venn.build/venn-network/consensus-model) can be successfully executed. Source Code available at: [VennGuard.sol](https://github.com/ironblocks/onchain-firewall-v2/blob/main/contracts/gnosis-safe/VennGuard.sol)