📕
DAOs on Upstream | Documentation
  • Getting Started
    • About Upstream
    • Understanding DAOs
    • Creating an Account
      • Linking Wallet Addresses
  • DAOs
    • Overview
    • DAO Roles
    • DAO Wallets
    • DAO Vault
    • DAO Forum
    • Connecting ENS Domain
  • DAO Creators
    • Collective Settings
  • DAO Members
    • Inviting Members
    • Joining a DAO
      • "Request to Join" a DAO
    • Contributing Funds
    • Withdrawing Funds
    • Creating Proposals
      • Proposal Commands
      • Call Remote Contract
      • Unable to Create a Proposal
    • Voting on a Proposal
      • Vote Delegation
      • Common Voting Issues
    • Creating a Poll
    • Creating an Event
  • Signators
    • Understanding Signators
    • Executing a Proposal
    • Posting Announcements
    • Exporting Members Data
  • Resources
    • Glossary
    • Security
    • Technical Architecture
    • Deleting Your Account
  • Offboarding DAO
Powered by GitBook
On this page
  • Your DAO's Smart Contracts
  • Smart Contract Security Audits
  • Wallet Connection and Verification
  • Use of OpenZeppelin and Security Audits
  1. Resources

Security

Maintaining the security of your DAO's treasury and operations is a primary concern for Upstream. We understand the critical nature of these assets, and we have implemented multiple measures to ensure their safety. This article will delve into the various security features that are built into the Upstream platform.

Your DAO's Smart Contracts

Upon creating a DAO on Upstream, three smart contracts are also established: a Gnosis multi-signature wallet, a DAO contract, and a vote delegation contract. These contracts play a crucial role in your DAO's operations.

Immediately following the creation of a DAO, ownership of these smart contracts is transferred to a Gnosis multi-signature wallet. This wallet is owned by the initial signators of the DAO. As a result, your DAO is not "owned" by Upstream but is instead governed by the community's chosen signators.

Smart Contract Security Audits

To provide additional assurance of the safety of these smart contracts, we have had them audited by a trusted third-party firm, Upshield. This comprehensive audit concluded that the Upstream smart contracts have "No Critical Issues", certifying their secure design and implementation.

Wallet Connection and Verification

When a user connects a wallet to an Upstream DAO, we perform a verification process to confirm ownership and permissions associated with that wallet. This process, however, does not grant Upstream any access or permissions over the wallet. In technical terms, users sign a payload (a string), and we verify that the signature matches the public view of the wallet. This ensures a secure connection while maintaining your wallet's privacy.

Use of OpenZeppelin and Security Audits

To further bolster our security, Upstream contracts utilize OpenZeppelin, a well-established and audited library known for its robust security features. The source code of our contracts, which have undergone a thorough security audit, is available on Etherscan for verification. This transparency allows for further scrutiny by the community and security experts alike.

In conclusion, Upstream prioritizes the security of your DAO's operations and treasury. Through secure smart contract creation, independent audits, secure wallet verification, and utilization of secure libraries, we aim to provide a reliable platform for the operation of your DAO. Rest assured that with Upstream, the security of your DAO is our top priority.

PreviousGlossaryNextTechnical Architecture

Last updated 1 year ago