Venn Safe Guard

Introduction

Venn Safe Guard is a decentralized security-validation layer for Safe (Gnosis Safe) multisig accounts. By integrating seamlessly into your Safe transaction workflow, Venn ensures that every transaction undergoes rigorous decentralized security validation, thereby reducing the risk associated with malicious or unauthorized multisig operations.

Why Choose Venn Safe Guard?

  • Zero UI Trust: Independent validation - immune to compromised front-ends.

  • Decentralized and vendor-neutral: no single points of failure or risky dependencies on third parties.

  • End-to-End Validation: Continuous validation before, during, and after execution.

What Venn Safe Guard Protects Against?

  • Compromised Signers

  • Compromised Interfaces (UI Hijack)

  • Privilege Escalation

  • Silent Backdoor Installation

  • Malicious Admin Batching

  • Fallback handlers Hijacking

How it Works

Venn Safe Guard is designed as a modular Safe Guard, seamlessly integrated into your existing Safe multisig account. Safe Guards are specialized smart contracts officially supported by Safe, created to add customized validation logic for the lifecycle of Safe transactions (see Safe Guard documentation).

Step 1: Build Your Transaction

  • Safe owners or admins build transactions using two options:

    • Venn API (for local/programmatic builds)

    • Venn Transaction Builder UI.

Transaction format matches Safe's native structure and supports multicalls/batches, which mirrors Safe’s native transaction-building and transaction Service flow.

Step 2: Decentralized Security Validation

  • The built transaction is automatically sent to the Venn Decentralized Validation Network.

  • Independent Tier-1 security operators evaluate transactions against your security policy.

  • Venn’s consensus aggregates operators' votes to decide if the transaction is secure and allowed to proceed or malicious and blocked from execution.

You can consume Venn Security Validation either using the Venn Safe Guard API (for programmatic or local use), or through the dedicated Venn UI, which handles the validation process automatically behind the scenes.

Step 3: Submission to Safe Queue

  • Approved transactions (including Venn's validation signature) are submitted to the Safe multisig transaction queue.

  • Safe signers proceed to approve transactions normally, just like regular Safe transactions.

Step 4: On-Chain Guard Validation

  • When signers trigger on-chain execution, the Venn Safe Guard contract performs:

    • Pre-Execution Check: The Guard extracts and stores the transaction’s original bytecode for comparison.

    • Execution-Time Validation: On-chain verification of Venn’s aggregated signature and operator consensus, validating transaction authenticity and integrity.

    • Post-Execution Check: Confirms executed transaction bytecode matches pre-approved bytecode.

Venn Safe Guard

Venn Guard Smart Contract

The Venn Guard smart contract is the core on-chain component of Venn’s Safe integration. Implemented as a Safe Guard contract, it acts as a firewall enforcing transaction validations directly at the smart contract execution layer. The Guard interacts with Venn's decentralized network, ensuring only transactions explicitly approved by operator consensus can be successfully executed.

Source Code available at: VennGuard.sol

PreviousBuild Custom DetectorNextInstallation

Last updated

Was this helpful?