Maintaining the security of your DAO's treasury and operations is a primary concern for Upstream. We understand the critical nature of these assets, and we have implemented multiple measures to ensure their safety. This article will delve into the various security features that are built into the Upstream platform.

Your DAO's Smart Contracts

Upon creating a DAO on Upstream, three smart contracts are also established: a Gnosis multi-signature wallet, a DAO contract, and a vote delegation contract. These contracts play a crucial role in your DAO's operations.
Immediately following the creation of a DAO, ownership of these smart contracts is transferred to a Gnosis multi-signature wallet. This wallet is owned by the initial signators of the DAO. As a result, your DAO is not "owned" by Upstream but is instead governed by the community's chosen signators.

Smart Contract Security Audits

To provide additional assurance of the safety of these smart contracts, we have had them audited by a trusted third-party firm, Upshield. This comprehensive audit concluded that the Upstream smart contracts have "No Critical Issues", certifying their secure design and implementation.

Wallet Connection and Verification

When a user connects a wallet to an Upstream DAO, we perform a verification process to confirm ownership and permissions associated with that wallet. This process, however, does not grant Upstream any access or permissions over the wallet. In technical terms, users sign a payload (a string), and we verify that the signature matches the public view of the wallet. This ensures a secure connection while maintaining your wallet's privacy.

Use of OpenZeppelin and Security Audits

To further bolster our security, Upstream contracts utilize OpenZeppelin, a well-established and audited library known for its robust security features. The source code of our contracts, which have undergone a thorough security audit, is available on Etherscan for verification. This transparency allows for further scrutiny by the community and security experts alike.
In conclusion, Upstream prioritizes the security of your DAO's operations and treasury. Through secure smart contract creation, independent audits, secure wallet verification, and utilization of secure libraries, we aim to provide a reliable platform for the operation of your DAO. Rest assured that with Upstream, the security of your DAO is our top priority.