Skip to main content

Web3 scores

The 2 Trustlessity and Security scores are the best tools to give users fast knowledge about what they are using and are a core part of Orivon to drastically improve safety and trust into Web3 ecosystem

Who gives the evaluations?

Actually any App can be choosen as a Web3 Score Provider
The selected one that Orivon will choose as default score provider will be the one with the higest Trustless and Security score + Privacy

We got to understand that Trustlessity and Security score aren't completely matematically predictable concepts, they are relative and needs an human or intelligent evaluation: it needs to read trough the code, research the actual decentralization backing it, think about the realistic risks etc...

The ideal Web3 Score provider would be a reputable enough decentralized DAO which is extremly secure and accurate on it's work of scoring

If noone comes before us, we will create our own provider, eventually backed by our DAO
Any suitable provider will be integrated too, and if it happens to be better than Orivon, will replace it at all

How evaluations system works?

As Orivon, we made this evaluation model which we believe it can be refined to become a standardized way of classifing Web3 Scores

As for Trustlessity score, it splits into 3 different evaluations: Websites, Operations, Connections
Each of them has different Trustlessity score levels

Security score instead exhist only for operations, evaluating the safety of the entire sequence of the process

Trustlessity levels

The higher level means that it is reasonably completely trustless, the lowest means you are putting complete trust on a single or more actors

Trustlessity Levels for Websites

Level 1: It’s a standard website, without DDOC (Automatically detected)

Level 2: The site supports DDOC (Automatically detected)

Level 3: The site root is open source and won’t execute any external code without the user willwant and knowledge of it’s risk/trustlessness

Level 4: The site is enough trustless into all of its operations (Level 4 operations) and external connections (Level 2 connections) (even if passive, for example, getting an IBAN from a bank isn’t accepted for this level, it’s a passive Operation Level 1)
Exceptions are for operations which the user is clearly made aware of the trustlessness, as long as everything else is managed in a trustless way (Example: Bisq which provides Fiat Exchange but in the most trustless manner)

Level 4 + Privacy: Every single activity on the Web3site including Connections and Operations are reasonably privacy preserving and keeping the user aware of privacy risks on specific risky actions

Trustlessity Levels for Operations (sending money, smart contract, transaction, signing etc...)

Level 1: The operation or some parts of it’s source code aren’t avaiable / It’s not possible to know what’s really going on

Level 2: The operation source code is avaiable and does what promised / Can be verified that it’s logic does what promised

Level 3: All the Network contexts the operations relies on, are considerated trustless enough (Like Bitcoin, Ethereum etc…)

Level 4: The operation does not allows centralized or untrusted decentralized parties to act against the user interests, compared to the operation promise. (decentralized actors like DAO’s are still allowed, but should be considered safe and decentralized enough)

Level 5: The operation is immutable and does what promised in a completely trustless manner, a third party can have special powers on it for security reasons, but these can’t never go against user interests by design (Ex. an Ethereum L2 may have a security stop in case of vulnerability rolling back at few hours before, but user should be always able to exit within a reasonable amount of time)

Level 4/5 + Privacy: The operation is reasonably untrackable and indecipherable without user consent

Trustlessity Levels for Connection to network (trustlessity of your connection)

Level 1: Connection relies on centralized parties, received data verification to a trustless system is not possible

Level 2: Connection allows to verify received data to a trustless system, so it won’t put user at any particular risk

Level 3: Connection is completely decentralized and/or does not put trust on centralized parties for data avaiability

Level 3 + Privacy: The connection gives reasonable anonimity

Security levels

Work in progress...