Blog

The Ins And Outs Of Proof-of-Reserves

Proof of Reserve

Table of Contents

Read Time: 7 minutes

The staggering implosion of FTX, one of the big leagues in the industry, created a tremor that reverberated last week. The market crisis is so deep that the prices of digital currencies were plummeting, with the impact being felt by the world’s biggest cryptocurrencies, such as Bitcoin and Ethereum. 

With the crypto investors taken aback by the situation, what directions do the centralized exchanges pursue to win back the public trust? 

That gets us to know why centralized exchanges are committing to proof of reserve. Considering that proof of reserves lifts the transparency of crypto exchanges by showcasing their asset holdings matches with the liabilities, does that make them trustworthy?

This article comments on the views about proof of reserve and how good a solution it is to regain trust in centralized exchanges

Introduction To Proof of Reserves

A custodial service provider holding customers’ funds in crypto offers proof of reserve program. Through this, the crypto exchanges exhibit that the deposit on the reserves matches the liabilities. 

It convinces users that the exchange’s deposit holdings are enough to prove their solvency to the customers. 

Proof of reserve gives the balances of all the crypto holdings listed in the platform, and user’s can also collectively verify their balances. 

Deducing it into a simple equation,

Proof of Reserves + Proof of Liability = Proof of Solvency

Ref: Proof of Reserves – Nic Carter

Getting Into The Details…

Several crypto exchanges pledge to stay transparent by establishing their proof of reserves. While in reality, what’s the whole picture of it?

The cryptocurrency exchange uses proof of reserve as a medium to prove that its exchange has enough liquidity to initiate customer withdrawals. Also, customers can parallelly have a watch on their funds lying in the exchange. 

But how is this implemented? It involves using the Merkle tree, which produces an efficient data structure. Customers can point to their funds in this Merkle tree by giving the respective hash.

Does this mean the customer can be completely assured of their funds in the exchange? What if the exchange borrows funds to show accountability for liabilities?

That highlights the importance of hiring a third-party auditor to attest the on-chain or off-chain holdings match the money that the exchange claims to hold. A third-party auditor verification of the liabilities and the balances makes the proof of reserve trustworthy to some extent. 

More on proof of reserve audits in the upcoming passage. 

Workflow Of Proof of Reserve Audits

Exchanges can hide certain liabilities to match them up with the reserve holdings and portray themselves as faithful to users. 

That’s why it requires a third-party auditor to do the reality check on these by fully assessing the platform. 

The auditing process is as follows:

  • During an audit, the company submits records of all the holdings of the reserves and the user deposits. 
  • The auditor checks the holdings in on-chain and off-chain equals the claims of the total company’s reserve 
  • The auditor verifies user balances by hashing with their unique ID and validates the address by transacting random amounts to accounts.
  • A cryptographic Merkle tree is the integration of data structure. The hashes are aggregated to the Merkle tree, which creates a Merkle root. 
  • The accuracy of the user balances can be cross-examined by pointing to the specific hash of the user in the Merkle tree
  • And finally, if all the balances with the associated addresses from the Merkle tree match with the custodian claims, the auditor verifies the platform. 

The Underpinning Concerns On proof of reserve Audits

Exchanges can cheat by hiding certain liabilities from view. So, individuals can collectively verify their balances by verifying their hash position in the Merkle tree. This way, they can ensure the company reserves are enough to back their funds.

Proving control over the on-chain holdings of funds is tricky as the exchanges can forge by borrowing funds on a short-term basis. Also, the exchange reserves put to view on the Nansan.ai dashboard are subjected to a specific moment in time and are not based on real-time.

And what if the auditors stand in favour of the reserve, it might give a false sense of security. That brings the user placing trust in audits to verify the reserve balance to a question.

These are some of the other concerns in completely placing trust in the proof-of-reserve disclosed by the company. 

CEXs Revealing Their Proof Of Reserve – From Where It All Started?

FTX Downfall Triggering CEXs To Disclose Proof of reserves For Better Transparency.

Let’s touch upon the history of FTX- the reason behind all the rage!

Timeline of Happenings In The FTX collapse

2017 – Sam Bankman-Fried(SBF) founded Alameda Research, a cryptocurrency trading firm. 

2019 – Sam Bankman-Fried founded FTX, a Cryptocurrency exchange which issues its own FTT token. FTX is the fourth-largest cryptocurrency exchange.

2021 – SBF promoted the traders of Alameda research to co-CEOs and turned his focus towards the FTX platform.

Up until the publication of the CoinDesk report on Nov 2nd, 2022, FTX was believed to be doing just fine. Let’s have a look at the series of events following that. 

Nov 2nd’22: CoinDesk report on Alameda’s troubled balance sheet that gave in to speculations as it exposed Alameda’s huge reliance on FTX exchange’s FTT token.

Nov 6th’22: Changpeng Zhao(CZ), CEO of Binance, tweeted on their plan to sell off Binance’s holding of FTT tokens, referring to the CoinDesk article on FTX and Alameda’s blurred funds. 

Meanwhile, the suspicion of a lack of liquidity to back user transactions on FTX started growing after the CZ tweet, and users started withdrawing funds. SBF posted a tweet the same day saying the platform saw a $5B withdrawals on 6th Nov. 

Nov 8th’22: Binance and FTX CEOs struck a deal signing a non-binding letter of intent to buy the failing FTX exchange and ease the market panic. 

FTX halted the non-fiat customer withdrawals. SBF tweets on FTX liquidity issues with apologies. 

Nov 9th’22: Having said that, it completed its “corporate due diligence,” Binance withdrew the plan of acquiring FTX exchange.

Nov 11th’22: FTX filed for voluntary chapter 11 bankruptcy proceedings for FTX, FTX.US and Alameda.

Nov 11th’22: On the evening of Nov 11th Friday, FTX and FTX.US wallets were drained of more than $600M in an apparent hack. FTX circulated a message on Telegram stating FTX apps are malware and asked users to stop any interactions with the platform.

Centralized Exchanges Response In The Wake Of FTX crash

Following the FTX implosion, Binance CEO CZ proposed publishing Merle-tree proof of reserves by crypto exchanges to curb the widespread panic prevailing around the industry. 

Top exchanges like Kraken and Gate.io released auditor-assisted proof of reserve paired with Merkle tree for user validation.  

While others, like Coinfloor and HBTC, provide self-assessed proof of reserve with the Merkle tree approach for users to verify their balance.

Several other crypto exchanges, including Huobi, Poloneix, and Crypto.com, have also announced to engage in publishing their reserves to the public view. 

The world’s top cryptocurrency exchange – Binance leading the path to greater transparency!

Following Binance’s commitment to transparency, it disclosed its cold wallet addresses and holdings of the cryptos listed on the platform.

Binance reserves hold 475,000 BTC, 4.8M Ether, 17.6B USDT, 601M USDC, 58M BNB and 21.7B of its native stablecoin, BUSD.

Furthermore, CZ tweeted about creating Merkle Tree proof of funds to be shared with the community in the coming weeks. 

Pondering On Company’s Reserve – A Sigh of Relief Though! 

While it is clear that producing proof of reserve is no match to the transparency that decentralization provides, it is still better than nothing for the following reasons.

  • Ensures exchanges are vigilant to depositor funds about solvency. Customers can be convinced of their funds in reserve, which ensures their project’s continuity with the exchange. 
  • It works as a strong self-regulatory measure. Thereby exchanges regularly expose the reserve holdings to the public, promoting openness about the rules played by the exchange.
  • Routine PoR attestations make it virtually impossible to hide Fractional reserves.

PoR Auditing For Improved Transparency And Trustworthiness

On a concluding note, Merkle tree Proof of reserve might be an improvement but not a complete solution. It is a good verifier for customers to have information about their funds without complete control over them. 

And for ease of access, QuillAudits pitches in “Web3 suggest” to bring communities together to acquire collective information on documented proof-of-reserves by exchanges. 

https://web3suggest.xyz/

To learn more about PoR audits, our security experts at QuillAudits are just a click away: https://t.me/quillaudits_official

FAQs

What is PoR attestation?

Proof of reserve gives the balances of all the crypto holdings listed in the platform, and user’s can also collectively verify their balances. Third-party auditors do the PoR attestation for a periodic review of balances in the reserves.

What are considered to be reserve assets?

Assets with a strong-liquidity profile, such as Bitcoin(BTC), Ether(ETH) and stablecoins such as Binance(BUSD), dai(DAI), and USD Coin(USDC). 

Is auditing a must to verify a company’s reserves?

Third-party attestations affirm the transparency of the company’s reserves much better than self-attested. At the same time, it is also important that the custodian provides cryptographic hashes to the users to verify their balances in the reserves.

Will PoR regain trust in centralised exchanges? 

While it is clear that producing proof of reserve is no match to the transparency that decentralization provides, it is still better than nothing. Read the article to know more about this.

138 Views

Related Articles

View All

Leave a Comment

Your email address will not be published. Required fields are marked *

Trending

#WAGSI🛡️
So far, in 2022, investors have lost more than $3 billion to hackers.

👉Here are the Top 10 Hacks of 2022

Like❤️, RT🔁 & Follow @QuillAudits for more updates.

#Web3 #Blockchain #blockchainsecurity #samrtcontractaudit #Hacks

#WAGSI🛡️
🤔Do you know about access control in Defi?

📝Access control refers to "who is authorized to perform a specific duty." In smart contracts, access controls define the limitations on user roles and privileges.

Like❤️ & RT🔁

Thraed⬇️⬇️

📢We’re thrilled to announce that we have concluded the #smartcontract audit for "CR Square".

Our team has not only secured @Cr2_Finance but also added value to safeguard it from any upcoming threats 👨‍💻.

More about "CR Square" > https://crsquare.finance/

#RealBlock is the Outstanding #BNBChain Token audited by #Quillaudit🛡️✅

https://github.com/Quillhash/QuillAudit_Reports/blob/master/Realblock%20Smart%20Contract%20Audit%20Report%20-%20QuillAudits.pdf

Before we loose you with the depth of work we have done under this series,
we would like to invite to our Community3.0_IRL_Blr meetup happening this Sunday, 4th Dec at 12 PM.

NO ONE DIG DEEP THE COMMUNITY LIKE WE DO💪

RSVP now- https://lu.ma/Community3.0_IRL_Bangalore_CFK

Load More

Amidst FTX Saga, Hacker Swept More Than $25 Million in 2nd week of November

The contract reinvested (the earn function was not called) before the user pledged (depositAll function) without settling the reward, which means that when the user pledged, the contract did not settle the previous reward and instead conducted a new investment.

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:

1

Refer QuillAudits to Web3 projects for audits.

2

Earn rewards as we conclude the audits.

3

Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $190K+