# Trust Assumptions The question this note answers: what, exactly, am I trusting? "Trustless" makes for good marketing, but every system trusts something. The useful engineering habit isn't to reject the word — it's to always name what's being trusted, and then decide whether removing that trust is worth what it costs. ## The spectrum Roughly, from least trust required to most: | **You verify...** | **You trust...** | **Example** | |---|---|---| | Everything yourself | Math and your own node | Running a full node | | Proofs against headers | Consensus honesty | Light client | | A validity proof | The proof system's soundness | ZK rollup | | That fraud would be challenged | At least one honest watcher | Optimistic rollup | | A committee's signatures | m-of-n named parties | Multisig bridge, validium | | A server's response | One company | RPC provider, centralized exchange | Each step down the table is cheaper and faster than the one above it. Each step down is also a new way to be lied to. Most real systems live somewhere in the middle, and the interesting design work is choosing the row deliberately rather than by accident. ## The reflex When you meet any new system, run the eight questions: ```text Who orders transactions? Who verifies execution? Who stores data? Who can censor? Who can reorder? Who can upgrade? Who has admin keys? What happens during partial failure? ``` The answers *are* the trust assumptions. Throughput, fees, UX — all real, all negotiable, all layered on top of those answers. Two observations that clear up a surprising amount of confusion: - Calling an RPC provider is not verifying the chain. If your app trusts a third-party RPC, that provider can lie, censor, lag, or fail. More in [[08 Nodes, RPCs, and Indexers]]. - A bridge is, at bottom, a statement about which chain's [[Finality]] another chain is willing to believe. More in [[10 Bridges and Interoperability]]. ## Where this matters Everywhere, honestly — but concentrated in: - [[08 Nodes, RPCs, and Indexers]] — the RPC trust boundary - [[09 Scaling - Rollups and Data Availability]] — every scaling design is a trust trade - [[10 Bridges and Interoperability]] — trust assumptions compound across chains - [[12 Security and Incentive Design]] — attacks live in the gap between assumed and actual