Our vision is a world where humans can coordinate by the rule of code, reducing the need for enforcement through the threat of violence. DAOs rely on the resilience of the underlying technology they are built on to bring this vision to life. Without an unstoppable tech stack, DAOs themselves cannot be unstoppable.
We are dedicated to building robust and secure infrastructure for DAOs today and well into the future. The Aragon X Scorecard is an effort to bring transparency to our progress. This is a continuous journey, and we will be engaging and updating our community of builders along the way.
Categories
Aragon OSx = DAO Framework
SDK = Software Development Kit for Aragon OSx
Aragon App = No-Code User Interface
Your DAO = Your DAO deployed with Aragon OSx/App
Our code is fully open-source and forkable. It is AGPL/GPL 3.0 licensed.
Your DAO is fully self-sovereign and owned by your members. Aragon has no ownership or control over your DAO or the plugins you build. Your governance token is immutable and fully owned by your DAO and its members.
Aragon doesn’t use external parties to host data. We run our own IPFS nodes for others to access, including third party nodes. The rest of the data is stored onchain.
Aragon conducts top-level external code audits after every code change on OSx, and conducted an audit on the frontend, the Aragon App. Aragon OSx uses the widely-used OpenZeppelin primitives wherever possible. Aragon also offers bug bounties and has mechanisms in place to react quickly in the case of unexpected vulnerabilities. Aragon has had no hacks on any product since its inception in 2017, securing billions of dollars in TVL.
You have full control over your DAO’s upgradeability through OpenZeppelin’s upgradeability pattern. Plugins can be upgradeable or non-upgradeable: you choose when you develop them. You can permanently disable upgradeability for both DAOs and plugins at any time. Aragon offers opt-in updates providing patches, security fixes, and new product features.
If you can access the blockchain, you can deploy a DAO on Aragon OSx. There are no additional requirements and we are committed to ensuring anyone can access the technology onchain.
For speed and efficiency, Aragon uses subgraph indexers through centralized services rather than the open subgraph network. All data is stored onchain.
Your DAO is fully self-sovereign and as censorship-resistant as your governance allows it to be. Aragon cannot interfere with the smart contracts of your DAO in any way. The Aragon OSx protocol multisig could deploy a new factory prohibiting specific addresses from creating new DAOs or plugins. However, this could be circumvented by using another address. We deploy the Aragon App to IPFS, allowing anyone with the CID to access the frontend through IPFS if they are blocked by an ISP or DNS provider. However, a user needs to know the CID to access the frontend through IPFS. All code is hosted on Github which has a history of deleting code if necessary per US law. However, the code is fully open-source and forkable. Anyone can clone the repo and move it to another service.
Aragon analyzes DAO behaviors using public onchain data, indexed and visualized with Dune Analytics. Aragon also collects anonymized web event data through the Aragon App, which is sent to Google Analytics. This information is not sold or shared with third parties.
The Aragon OSx protocol is governed by a 3/5 Aragon OSx multisig. The multisig controls our DAO deployer contracts and plugin repositories through our factories, ENS name registration under the dao.eth domain, and upgradeable registries.The multisig can upgrade the protocol but not existing DAOs. These upgrades are always optional. There’s no backdoor: your DAO, your rules.