Bypass Mechanism

Bypass Mechanism Purpose

The bypass functionality enables you to execute transactions that don't meet the normal Venn Guard validation requirements when:

  • Emergency situations require actions that don't conform to standard rules

  • Technical issues prevent normal transaction patterns

  • Unanticipated scenarios arise that were unknown during the initial guard setup

How It Works

The bypass mechanism uses a timelock approach:

  1. Safe owners propose and sign a transaction

  2. A bypass request is submitted with signatures meeting the Safe threshold

  3. After a waiting period (set once when the guard is deployed and configurable for up to 7 days), the transaction can be executed

This provides a security balance - allowing flexibility while preventing the immediate execution of potentially high-risk transactions.

Select a Bypass Path

Bypass via Venn UI (Recommended)

Prefer a no-code path? You can complete the bypass flow using a dedicated UI - no scripts or Etherscan interaction needed.

Prerequisites

  • Venn Guard is installed on your Safe.

  • You’re connected with a Safe owner wallet to the Venn UI.

Steps:

  1. Open the Venn platform and navigate to the Guard Dashboard.

  2. Create or import the transaction: • Build the transaction in Venn’s Tx Builder, or • Upload an existing transaction to Venn, or • Use the Send Tokens page for simple transfers.

  3. Select transaction type = Bypass In the Venn UI (before you sign the transaction), select the transaction type as Bypass.

  4. Navigate to the Bypass page, and complete these steps:

  • Signers confirmations: Other owners sign the transaction as they normally would in the Safe interface.

  • Send Bypass Transaction: Once the threshold is met, you can send the Bypass Transaction.

  • Wait for the timelock countdown to finish.

  • Execute the Transaction once the timelock finishes.

Bypass via Direct Contract Calls (Programmatic)

Step 1: Create and Sign the Transaction

Create the transaction you want to bypass through the Safe UI:

  • Specify the transaction details (recipient, value, data, etc.)

  • Have the required number of owners sign it

Important: Don't execute the transaction yet - keep it in the transaction queue by selecting: No, later option, and then you can sign the transaction.

Step 2: Collect Required Signatures

  • Ensure enough Safe owners have signed the transaction to meet the Safe's threshold requirement.

  • Signers can add their signature just as they normally would - through the Safe UI, or via API integration with the Safe Transaction Service.

Step 3: Submit Bypass Request

  • Call the ⁠bypassGuard() function on the VennGuard contract with the following parameters copied from the queued transaction:

Tip: You can find the address of the guard from the Safe UI under Settings --> Modules

Parameter

Description

Where to Find It

to

Destination address

Transaction details in Safe UI

value

ETH amount (in wei)

Transaction details in Safe UI

data

Transaction calldata

Transaction details in Safe UI (0x for no data)

operation

Call type (0=Call, 1=DelegateCall)

Usually 0 (Call)

safeTxGas

Gas for the Safe transaction

Transaction details in Safe UI

baseGas

Base gas amount

Transaction details in Safe UI

gasPrice

Gas price for the transaction

Transaction details in Safe UI

gasToken

Token used for gas payment

Transaction details in Safe UI (0x0 for ETH)

refundReceiver

Address to receive gas refund

Transaction details in Safe UI

signatures

Collected owner signatures

Transaction details in Safe UI

  • To send this bypassGuard()transaction, you could either use Etherscan's Write Contract functionality or write a custom script interacting with the guard contract.

Step 4: Wait for the Time-Lock Period

After submitting the bypass request, you must wait for the configured ⁠bypassGuardWaitTime to pass. This period is set during guard initialization, cannot be changed afterward, and cannot exceed 7 days.

Step 5: Execute the Transaction

Once the waiting period has elapsed:

  1. Return to the Safe UI

  2. Find the queued transaction

  3. Execute it normally

The guard will now recognize it as a bypassed transaction and allow execution.

Troubleshooting

Issue

Solution

Error: bypassGuard already called

A bypass request has already been submitted for this transaction. You may proceed to execute the transaction as normal

Transaction still fails after waiting

Verify the wait time has fully elapsed and the bypass request transaction parameters exactly match the proposed transaction parameters

Signatures rejected

Ensure signatures meet the Safe's threshold and are properly formatted

Emitted Events

The bypass mechanism emits the following events:

Event
Signature
Description

Bypass Guard

BypassGuard(
   bytes32 safeTxHash,
   uint256 initTime
)

Emitted when a Bypass Request transaction was submitted to the guard (see Step 3 above)

Transaction Bypassed

TransactionBypassed(
    bytes32 safeTxHash
)

Emitted when a Bypass Transaction was Executed on chain (see Step 5 above)

Technical Details

The bypass mechanism works through these key processes:

Transaction Identification The guard calculates a unique hash for each transaction based on its parameters

Bypass Registry Stores the timestamp when a bypass was initiated for each transaction hash

Time Verification During transaction execution, the guard checks if:

  1. The transaction has a registered bypass request

  2. The required wait time has elapsed since the bypass was initiated

Security Considerations

  • The bypass mechanism requires signatures meeting the Safe's threshold

  • The mandatory waiting period provides time to detect and react to unauthorized bypass attempts

  • Safe owners should be notified when bypass requests are submitted

  • Monitor bypass requests carefully - they circumvent normal security controls

  • Consider setting a longer wait time for higher-value Safes

PreviousTransaction Validation APINextDisarm Guard Mechanism

Last updated

Was this helpful?