feat(docs): add security notices where missing (#22)

OpenZeppelin · Apr 1, 2024 · a9fe526 · a9fe526
1 parent 3653bd2
commit a9fe526
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,7 @@
 # OpenZeppelin Contracts for Stylus
 
-**A library for secure smart contract development** written in Rust for [Arbitrum Stylus](https://docs.arbitrum.io/stylus/stylus-gentle-introduction).
+**A library for secure smart contract development** written in Rust for
+[Arbitrum Stylus](https://docs.arbitrum.io/stylus/stylus-gentle-introduction).
 
 ## Features
 
@@ -10,9 +11,19 @@
 
 ## Contribute
 
-OpenZeppelin Contracts for Stylus exists thanks to its contributors. There are many ways you can participate and help build high-quality software. Check out the [contribution guide](CONTRIBUTING.md)!
+OpenZeppelin Contracts for Stylus exists thanks to its contributors. There are
+many ways you can participate and help build high-quality software. Check out
+the [contribution guide](CONTRIBUTING.md)!
+
+## Security
+
+> [!WARNING]
+> This project is still in a very early and experimental phase. It has never
+> been audited nor thoroughly reviewed for security vulnerabilities. Do not use
+> in production.
+
+Refer to our [Security Policy](SECURITY.md) for more details.
 
 ## License
 
 OpenZeppelin Contracts for Stylus is released under the [MIT License](LICENSE).
-
diff --git a/contracts/README.md b/contracts/README.md
@@ -1 +1,17 @@
-# Contracts
+# OpenZeppelin Contracts for Arbitrum Stylus
+
+Robust, reliable, and secure smart contracts for the Arbitrum Stylus upgrade.
+
+> [!WARNING]
+> Note that `contracts` is still `0.*.*`, so breaking changes
+> [may occur at any time](https://semver.org/#spec-item-4). If you must depend
+> on `contracts`, we recommend pinning to a specific version, i.e., `=0.y.z`.
+
+## Security
+
+> [!WARNING]
+> This project is still in a very early and experimental phase. It has never
+> been audited nor thoroughly reviewed for security vulnerabilities. Do not use
+> in production.
+
+Refer to our [Security Policy](../SECURITY.md) for more details.
diff --git a/lib/crypto/README.md b/lib/crypto/README.md
@@ -9,7 +9,7 @@ Common cryptographic procedures for a blockchain environment.
 
 ## Verifying Merkle Proofs
 
-[`merkle.rs`](lib/crypto/src/merkle.rs) provides:
+[`merkle.rs`](./src/merkle.rs) provides:
 
 - A `verify` function which can prove that some value is part of a
   [Merkle tree].
@@ -23,3 +23,12 @@ Common cryptographic procedures for a blockchain environment.
 This crate exposes its modules behind feature gates to ensure the bare minimum
 is included in consumer codebases. You can check the current feature flags in
 the [Cargo.toml](./Cargo.toml) file.
+
+## Security
+
+> [!WARNING]
+> This project is still in a very early and experimental phase. It has never
+> been audited nor thoroughly reviewed for security vulnerabilities. Do not use
+> in production.
+
+Refer to our [Security Policy](../../SECURITY.md) for more details.
diff --git a/lib/wavm-shims/README.md b/lib/wavm-shims/README.md
@@ -76,3 +76,12 @@ our [code of conduct] and [contribution guidelines].
 
 [code of conduct]: ../../CODE_OF_CONDUCT.md
 [contribution guidelines]: ../../CONTRIBUTING.md
+
+## Security
+
+> [!WARNING]
+> This project is still in a very early and experimental phase. It has never
+> been audited nor thoroughly reviewed for security vulnerabilities. Do not use
+> in production.
+
+Refer to our [Security Policy](../../SECURITY.md) for more details.