Merge pull request #457 from reown-com/overdue-changes

Docs Update: Creating a Security page for the docs

Author: rohit-710

advanced/security/security-information.mdx

@@ -0,0 +1,50 @@
+---
+title: Security Information
+---
+
+Security is not just a feature but a fundamental aspect of Reown's architecture. The infrastructure has undergone multiple rounds of third-party security reviews, audits, penetration testing, and threat modeling to ensure the highest standards of protection. Security is viewed as a continuously evolving discipline, with regular system audits to identify and address potential vulnerabilities.
+
+## AppKit - Embedded Wallet Key Management
+
+### Architecture and Custody
+AppKit Embedded wallets enable applications to provide end-users with a quick onboarding experience by provisioning a non-custodial wallet through social login or email wallets. While the implementation varies per network, Reown relies on a SOC 2 Type 2 compliant third-party vendor for key management. The vendor's [security overview](https://magic.link/docs/home/security/product-security) and [list of audits](https://magic.link/docs/home/security/security-compliance) are available in their documentation.
+
+For a subset of EVM Networks, gas abstraction functionality requires deploying a Smart Account on behalf of the end-user. In this case, the key management provider acts as a signer for this Smart Account. Reown relies on a third-party vendor for the Smart Account implementation. The [Smart Account implementation audits](https://docs.safe.global/smart-account-audits) are available in their documentation.
+
+### Key Export
+Reown enables end-users to export their keys when needed.
+
+### Audits
+Both the key management vendors and Smart Account vendors have undergone multiple audits (see links above). The integration of the key management provider into AppKit has been audited by Halborn. The complete audit report is available [here](https://drive.google.com/file/d/1LQ6BkcI4PHs_FKAzpCRMqwD--rq6uOy6/view).
+
+## WalletKit
+
+### Architecture
+WalletKit provides an end-to-end encrypted solution for wallets to connect to applications and sign messages/transactions. As an open-source SDK, it supports multiple transport methods, from WebSockets to Universal Links.
+
+### Handshake & End-to-End Encryption
+For a detailed overview of the handshake and end-to-end encryption protocol, refer to the [technical specification](https://specs.walletconnect.com/2.0/specs/clients/sign/session-proposal).
+
+### Audits
+WalletKit, including its encryption stack, was audited by Trail of Bits. The audit report is available [here](https://github.com/trailofbits/publications/blob/master/reviews/2023-03-walletconnectv2-securityreview.pdf). This comprehensive security review covered the source code and included a lightweight Threat Model covering upstream and downstream dependencies. The broader WalletConnect system underwent Threat Modeling by Spearbit. The threat model is available [here](https://drive.google.com/file/d/1QpPSLvCEMunaYHHBPN0g6kYd39uFxpPk/view).
+
+### Dependencies
+WalletKit's design philosophy prioritizes minimizing third-party dependencies to reduce the attack surface area.
+
+## Third-Party Reviews
+
+The security infrastructure of Reown has undergone multiple rounds of audits by independent security auditing firms, including Trail of Bits, Halborn, and Spearbit. These audits cover both AppKit and WalletKit, along with a comprehensive company-wide Threat Model.
+
+| Audit Scope | Auditor | Report |
+| --- | --- | --- |
+| WalletConnect Comprehensive Threat Model | Spearbit | [View Report](https://drive.google.com/file/d/1QpPSLvCEMunaYHHBPN0g6kYd39uFxpPk/view) |
+| AppKit Embedded Wallet Integration Pentest | Halborn | [View Report](https://drive.google.com/file/d/1LQ6BkcI4PHs_FKAzpCRMqwD--rq6uOy6/view) |
+| WalletKit Security Review & Lightweight Threat Model | Trail of Bits | [View Report](https://github.com/trailofbits/publications/blob/master/reviews/2023-03-walletconnectv2-securityreview.pdf) |
+
+## Bug Bounty Program
+
+Reown maintains an active bug bounty program to encourage security researchers to responsibly disclose vulnerabilities and help strengthen the systems. For more information, visit the [security text file](https://reown.com/.well-known/security.txt) or the [security page](https://reown.com/security).
+
+## Get in Touch
+
+For security-related inquiries, please visit the [security contact page](https://reown.com/security).

appkit/payments/pay-with-exchange.mdx

@@ -50,6 +50,10 @@ Currently, AppKit Pay with Exchange and Self-Custodial Wallets supports the foll
 - USDT -> Ethereum, Optimism, Arbitrum, Polygon, Solana
 - Native Solana
 
+<Note>
+  Currently, USDC and USDT on Solana is only available via Pay with Exchange. It will soon be available via Pay with Self-Custodial Wallets.
+</Note>
+
 **Both EVM and Solana networks and their assets can be added, subject to exchange compatibility.**
 
 For access to additional networks or assets, please contact sales@reown.com.

docs.json

@@ -182,7 +182,10 @@
               },
               {
                 "group": "Security",
-                "pages": ["advanced/security/content-security-policy"]
+                "pages": [
+                  "advanced/security/security-information",
+                  "advanced/security/content-security-policy"
+                ]
               },
               "advanced/push-server",
               "advanced/walletconnect-deprecations"