Gardens v2 is a modular governance framework that enables communities to create and manage multiple governance pools with customizable parameters and voting mechanisms. We take security seriously and are committed to protecting our users and their communities.

Gardens v2 is currently deployed on the following networks:

We provide security support for all currently deployed networks.

If you discover a security vulnerability in Gardens v2, we encourage responsible disclosure. Please follow these steps:

Please do not create public GitHub issues for security vulnerabilities. This helps protect users while we work on a fix.

Report security vulnerabilities through one of these secure channels:

• GitHub Security: Use GitHub's private vulnerability reporting feature (recommended)
• Discord: Join our Discord Community and reach out to moderators or team members privately
• Email: Contact our team through our community channels for direct email contact

When reporting a vulnerability, please include:

• Description: Clear description of the vulnerability
• Impact: Potential impact and severity assessment
• Steps to Reproduce: Detailed steps to reproduce the issue
• Network: Which network(s) are affected
• Contracts: Specific contracts or components involved
• Proof of Concept: Code or screenshots demonstrating the issue (if applicable)

We aim to respond to security reports according to the following timeline:

• Initial Response: Within 48 hours
• Confirmation: Within 1 week of initial report
• Fix Development: Timeline depends on severity and complexity
• Public Disclosure: After fix is deployed and users have time to update

When using Gardens v2, we recommend following these security practices:

• Start with small amounts to test functionality
• Carefully review all governance parameters before going live
• Educate community members on governance mechanisms
• Ensure council members are trusted community participants
• Regularly monitor community activity and proposals

• Only connect wallets you control and trust
• Verify you're using the official Gardens v2 app at app.gardens.fund
• Start with small stakes while learning the platform
• Understand the governance mechanisms before participating
• Keep your wallet software updated

• Review our documentation before integrating
• Test thoroughly on testnets before mainnet deployment
• Follow smart contract security best practices
• Stay updated with our releases and security announcements

Gardens v2 relies on several audited and battle-tested protocols:

• Allo Protocol v2: Gitcoin's allocation protocol
• The Graph: Decentralized indexing protocol
• Safe: Multi-signature wallet infrastructure

While these dependencies have their own security measures, users should be aware that Gardens v2's security depends on the security of these underlying protocols.

We are currently evaluating the implementation of a bug bounty program. Updates will be announced through our community channels:

• Discord Community
• Twitter
• Documentation

Security updates and announcements will be communicated through:

1. Twitter: Follow us at @gardens_fund for real-time updates
2. Discord Community: Real-time updates and discussions

We welcome contributions that improve Gardens v2's security:

• Code Reviews: Participate in pull request reviews
• Testing: Help test new features and identify potential issues
• Documentation: Improve security documentation and guides
• Community: Help educate other users about security best practices

See our Contributing Guide for more information.

This security policy is part of the Gardens v2 project, which is licensed under GPL-3.0.

By using Gardens v2, you acknowledge and accept the risks associated with experimental blockchain technology and agree to use the platform at your own risk.

Questions about security? Join our Discord Community or check our Documentation.