Disarm Guard Mechanism

Disarm Guard Purpose

In rare emergency situations, you might need to remove the guard from your wallet and execute a transaction immediately. While the bypass mechanism offers a time‑locked way to skip Venn validation, it still requires a waiting period.

The Disarm Guard is an immediate admin operation that disables and deletes the Guard from your safe, allowing you to reset your configuration to its original state without the Venn Guard connected to it.


Understanding Disarm Guard Mechanism

  • The 'Disarm Guard' is an optional capability you can set up when deploying the Venn Guard.

  • When deploying the guard, you will need to set a dedicated and separate wallet (ideally a separate multisig or cold wallet) that has the authority to disarm the guard.

  • When activated, the 'Disarm Guard' signer calls the guard’s disarm function (a call to a setEnabled(false) method, only callable by the Guard's Admin Role). This call temporarily disables the guard from on your Safe

  • You can always rearm the guard by calling the setEnabled(true)

How to find your guard address: In the Safe web interface, open your Safe and go to Settings → Modules (or Advanced Settings in version 3.13.0 and later). There you’ll see the transaction guard listed with its contract address and a copy button.


How to Use Disarm Guard

Using a Cold Wallet

When using a cold wallet, you could either use Etherscan's Write Contract functionality or write a custom script interacting with the guard contract.

Step 1: Create a new transaction that calls the ⁠setEnabled(false) function on the guard

Step 2: Send the transaction (via Etherscan, or custom scripts)

Step 3: Verify that the guard is disarmed by reading the enabled property, which will now be set to false

You can now execute your emergency transactions through your Safe, without Venn verification. Once you're done, call the same function to rearm the guard with setEnabled(true).

Using a Multisig Account

When using a multisig account, you first build the transaction that calls setEnabled(false) so that all of your multisig account signers can sign the transaction, before executing it.

Step 1: Create a new transaction that calls the ⁠setEnabled(false) function on the guard

Step 2: Sign the transaction, and have all other required signers review and sign the transaction

Step 3: Execute the transaction on your multisig account

Step 4: Verify that the guard is disarmed by reading the enabled property, which will now be set to false

You can now execute your emergency transactions through your Safe, without Venn verification. Once you're done, call the same function to rearm the guard with setEnabled(true).


Security considerations

  • Use only in emergencies – Disarming the guard removes all security validation and exposes your Safe to the full risks Venn is designed to mitigate. Do not use this mechanism for routine operations.

  • Separate signing keys – Keep the Disarm Guard wallet separate from everyday Safe signers. Ideally, it should be a higher‑threshold multisig or a cold wallet stored offline so that it cannot be accessed casually.

  • Monitor usage – Set up alerts so that all Safe owners are notified whenever the guard is disarmed.

  • Restore protection – After using the Disarm Guard, reinstall the guard as soon as possible. Avoid leaving the Safe unguarded by Venn.

Last updated

Was this helpful?