This page is a reference for users, app developers, and other partners/participants in the Web3 ecosystem. Before integrating an infrastructure layer, staking on a protocol, moving assets across a bridge, or even just using any Web3 application – we recommend seeking answers to the following questions. Given that Web3's core value proposition is reducing imposed trust via decentralization, the current 'state of trust' should be accessible and easy to understand. Not every imperfection can can be ironed out prior to launch, but if some component of a Web3 product isn't practically and meaningfully decentralized, there should be a reasonable explanation, and a clear path towards addressing the limitation.
For a proactive disclosure of the TACo application from a trust, risk and security perspective, see the TACo Provider Answers page.
Ask your provider:
-> About the network-level distribution of trust
How many node operators (stakers) serve the network?
How are node operators (stakers) incentivized to follow the protocol? How are they recruited, mobilized and coordinated?
How is the independence between node operators discerned?
How is control of the token supply distributed? How are centralizing forces mitigated?
How are nodes sampled and selected in order to populate active service groups or cohorts?
-> About entities with disproportionate power
What damage can the DAO theoretically inflict on the network or its users?
What can commercial entities associated with the network do behind closed doors? What can they only do publicly and/or with a guaranteed delay? What are the internal governance procedures at the associated commercial entities? Are reputation preservation and/or legal repercussions the primary disincentives for malicious or negligent behavior?
What other entities have disproportionate power? What control is ceded by delegators to professional stakers and/or Staking-as-a-Service providers, and how does this affect the trust assumptions?
-> About infrastructural and software-related centralization
How does the user-facing client connect to the provider’s network? How does it connect to other layers?
How does the provider connect to the Ethereum network (or alternative base layer)?
How and from where is the client downloaded/installed? How open source is the project – both the user-facing client, and the node operator-facing client? How transparent is ongoing research, design & implementation? How clear-cut and coherent is the advertised path towards decentralization?