Safe Multisig wallets starting with version 1.1.1 allow specifying a fallback handler. This guide explains their purpose.
_(Note: This article is intended for a general audience and simplifies certain technical details. Solidity developers or smart contract specialists should review the contract code directly.)_
Purpose of Fallback Handlers
A Safe Multisig is designed to function as an Ethereum account capable of handling arbitrary function calls and tokens. Users should be able to use their Safe Multisig exactly as they would a private key-based account (an "externally owned account" or EOA).
However, unlike private key-based accounts, access control to assets in a Safe Multisig is defined in the smart contract code.
Since Safe Multisig needs maximum flexibility for any user scenario, we would need to define every possible function in the contract code—which is impossible. This is why we use the Solidity feature called "fallback functions," which essentially says "if something is unknown, redirect to this function." Specifically, Safe Multisig handles unknown calls by letting the fallback handler deal with them.
Because the fallback handler can be changed, users can add required functionality later by switching to a different fallback handler, even if it wasn't known when the Safe Multisig was created.
If even the fallback handler doesn't recognize a function call, the call is either disregarded or returns an error.
Example Use Case: ERC721
The ERC721 token standard provides a practical example. Among other requirements, the standard defines a method to verify if the recipient can actually handle ERC721 tokens. This involves calling a function like doesSupportERC721 on the receiving Safe Multisig. A pure Safe Multisig (without a fallback handler) doesn't have this function and would error. However, the fallback handler implements it.
Safe Multisig wallets created through official interfaces use the TokenCallbackHandler as their fallback handler. A fallback handler can be replaced or extended anytime through a standard Safe Multisig transaction (respecting the threshold and owners).
If a new token standard like ERC772211 emerged with a similar function doesSupportERC772211, we could simply write a new fallback handler implementing this method. Existing Safe Multisig wallets would switch to the new handler—no need to deploy completely new Safe Multisig wallets with new addresses. Existing Safe Multisig wallets can be reused.