fbpx

58. What is Proof of Reserves (PoR)? How does it work?

In today’s lesson, we’ll go over exactly what Proof of Reserves are and how they work in cryptocurrency audits. As we know, cryptographic evidence, based entirely on blockchain technology, facilitates transparency of cryptocurrency transactions. Proof of Reserves (PoR) is intended to further enhance this transparency and is of particular relevance to cryptocurrency exchanges. Why? Why is it moving cryptocurrency audits? We also remind you of lessons about asset safety and rules on the cryptocurrency market.

What is Proof of Reserved (PoR) – definition

Before we get to the main topic of the lesson, let’s answer the question of what reserves actually are. In the financial world, they refer to the financial assets held by a given company. They are intended to serve a variety of purposes, including the full coverage of its clients’ deposits.

Deadline Proof of Reserves appeared relatively recently. It was brought to the fore after the collapse of FTX and describes an independent audit conducted to check the number of reserves held by the audited party, in this case cryptocurrency trustees.

What does this mean for cryptocurrency exchanges? In case of PoR crypto exchanges, an independent auditor is tasked with verifying whether a given asset has enough on-chain assets that match customer assets. The main task of Proof of Reserved is to reassure customers and ensure that a given company and/or exchange is sufficiently liquid and solvent, especially in the event of a collapse or withdrawal of funds by customers. To put it simply – customers are to be sure that they will get their lost funds.

In light of recent cryptocurrency events, such an audit is of great importance to users. It provides them with transparency regarding the availability of funds. Increases confidence in the data exchanges, enabling each of the customers to verify that their accounts are included in PoR.

Proof of Reserved is a very transparent practice. It provides an impartial report on the assets of companies and exchanges. Third-party auditors, unrelated to the company, are provided access to cryptographic signatures that represent client asset balances.

PoR audit helps to prevent a potential liquidity crisis in the case of so-called run on the bank and mass withdrawals by customers. What’s more – users have black and white where their funds are located.

Proof of Reserved uses in its operation, blockchain technology. It offers a completely secure way to audit companies and cryptocurrency exchanges. It does not compromise users’ private data in any way.

PoR, and the fall of FTX

Cryptocurrency audit gained popularity after the collapse of the exchange FTX in November 2022. Comments by Binance, on the high importance of transparency on cryptocurrency exchanges, also contributed to this. Proof of Reserved is also important, in the context of regulators. Proof of reserves is transparent and independent proof that customers’ funds are safe.

How is Proof of Reserved carried out?

Cryptocurrency audit has several stages:

  1. The auditor must verify that the audited company owns the assets it holds on behalf of its clients.
  2. In the next step, the data of the assets held by the company is verified. The auditor must examine the assets against the exact amount of total client funds exchanges and/or companies. (By aggregated account balances for each asset).
  3. The verification tool used to perform such an audit allows each user to verify that their account balance has been included in the PoR.

Fun fact: The most common way used to verify that customer balances are safe is to construct a data structure called Merkle tree. All thanks to security and privacy.Merkle’s trees are often used in DLT (Distributed Ledger Technology) projects and even in Bitcoin network. How does it work in practice?

The auditor takes a snapshot of all account balances, hashes each user’s balance data into a “list”. Then the “leaves” are hashed in such a way as to create “branches”. “Branches”, on the other hand, are intended to form “roots”.

How is a Merkle tree constructed, and how exactly does it work?

Merkle’s tree is a data structure, constructed by hashing a set of data (at least two) multiple times. With each subsequent hashing, the data (leaves) are exponentially reduced (e.g. by half). This continues until a single hash (root) remains at the top of the Merkle tree.

Hashing is a mathematical calculation that transforms a given value into another that is difficult to reverse. For example, to make it easier for you to understand: given a value, it’s easy to calculate its hash. However, given the hash of a value, it is impossible to calculate what its original value is. Hashing is often referred to as a one-way function. However, thanks to this, it protects privacy and does not reveal the value of the underlying data.

At an angle Proof of Reserved, the Merkle tree allows the auditor to analyse customer balances without revealing their account balances.

An example of a Merkle tree based on Proof of Reserved

Layer 0: A snapshot of each user’s account status is taken from here exchanges. Downloaded data is not publicly disclosed. In this way, the privacy of users is protected.

Layer 1: The downloaded account balance of each customer is concatenated by other information, e.g. by modifier numbers that protect privacy. At this stage, the “leaves” of the tree are formed.

Layer 2 to Layer N: Each hash pair is hashed multiple times. The number of “leaves” in each layer of the tree decreases exponentially.

Root: here a single hash is created, placed at the top of the tree.

How is Proof of Reserved carried out on exchanges?

Audited exchange must cryptographically sign messages using private keys provided by the auditor. Then, examined stock market is to perform the instructed flow of funds. In this step, the management of the exchange transfers a certain amount from the public address at a certain time. As a result, he obtains a transaction hash to verify the transaction on the appropriate one blockchain.

The auditor also is entitled to search e.g. ETH addresses to ensure that they have been properly marked as belonging to the exchange.

The stock exchange “passed” PoR if the balances match the detection forms. It then shows that it has all fully deposited assets.

Proof of Reserved – is it really that good…?

Opinions on this matter are divided. Although thanks PoR we are certain that a certain cryptocurrency company/exchange has assets to cover its liabilities, we must remember that this is not current accounting. PoR, it only shows the on-chain assets of the custodian. We are uncertain whether the assets in question have not been loaned out for audit purposes.

It is worth considering that companies can conduct such an audit, not entirely honestly. Companies may have off-chain liabilities or simply collude with the audit team.

Which assets do we consider reserves?

To cryptocurrencies or all other assets that ensure the company’s liquidity. They may also include cash or other assets that provide a steady income.

Regulations and Proof of Reserved

There are currently no regulations that would require exchanges and/or cryptocurrency companies proof of reserves. However, in the light of 2022 and the collapse of giant players from the crypto market – this may happen soon. It is recommended that each cryptocurrency company, which is the de facto custodian of client funds, conducted such an audit. PoR is verifiable proof that client funds are safe.

Chainlink with its own PoR protocol!

Chainlink Labs, the well-known company that created the Oracle decentralized network, offers its version of the proof of reserve system. The company emphasizes that the designed protocol helps projects throughout Web2 i Web3 and proves reserves through automatic verification.

The project was launched in 2020, and the first asset under study was the TrueUSD stablecoin. How does the proposed PoR Chainlink Labs work? Connects Chainlink protocol nodes to the exchange’s API, vault addresses, and smart contracts. Any other account on the network can “poll” the system and determine if cryptocurrency reserves are equal to its obligations.

The system introduced into the blockchain-agnostic project provides data on how much funds are deposited, borrowed and staked in a given protocol, at any given moment.

Exchanges that use the system suggested by Chainlink also guarantee that they cannot issue more tokens than they have assets in their reserves.

Which exchanges have Proof of Reserved?

Kraken, Nexo, BitMex, Gate.io almost stormed to prove their reserves after the incident with FTX. However, the events that took place in November 2022 made not only exchanges, but most cryptocurrency platforms she was working on PoR. Some of them wanted their reserves audit, which differed slightly in detail.

For example –Binance. It released a system based on the Merkle tree for Bitcoin i Ethereum. OKX, Crypto.com and ByBit followed suit.

Coinbase, as a company listed on the stock exchange, proves its worth reserves using audited SEC files. Exchange noticed in this way that on-chain accounting is the future. In effect, cryptocurrency exchange is now exploring innovative ways to prove your reserves using more native cryptocurrency methods. Part of this is running by Coinbase $500,000 development grant program.

PoR and the controversy around Binance

So that it would not be so beautiful and transparent, after the audit in Binance, there have been some inaccuracies and controversies regarding her financial condition. To silence these fears, the exchange hired a South African auditing, tax and advisory firm –Mazar prepared an additional reserve report.

Report, which was supposed to silence rumours and reassure users, however, aroused even more controversy. Experts stressed that the report prepared by company Mazars does not really mean much without any information regarding the quality of internal control Binance (bookkeeping and record keeping systems).

Moreover, as the WSJ report points out,  Mazar`s audit it was really…a five-page letter, not an audit report. It made no reference to the internal control of the exchange’s financial reporting at all.Mazars has not expressed any opinion or assurance that user funds are safe. Interestingly, the figures in the report in question stated that Bitcoin Binance it is only 97% secure. According to the spokesperson exchanges, this 3% gap was due to… a customer loan.

Not long after Mazars, who has done similar credentials for Crypto.com and KuCoin in his career, has publicly announced that he is stopping all work with cryptocurrency exchanges.

Concerns towards PoR

While Proof of Reserved is supposed to reassure users of cryptocurrency exchanges and companies, at the same time it raises concerns among some. The reason? As you have carefully studied our lesson, it is known to you. Only assets are audited, held at addresses associated with the platform under investigation. They do not reveal the company’s liabilities to customers, which at the same time means that users of the exchanges must trust the auditors on the assets in question.

We can potentially consider a scenario – the exchange uses PoR to appear transparent and liquid without revealing the true solvency risk.

He drew attention to this issue, Kraken CEO Jesse Powel. According to him, an auditor’s certificate must have three components:

  1. The customer’s total liabilities (excluding negative balances).
  2. Must have user-verifiable cryptographic proof (information that each account has been included in this total).
  3. Signature showing that the trustee has control over the portfolios held.

You will probably not be surprised that Powell referred to in his statement Binance and Mazar`s audit. He described the situation as “ignorance or deliberate misrepresentation.” Was he right? Answer yourself.

Summary

Proof of Reserved is a step in the right direction. It still needs improvements, though. Nevertheless, at this stage, it reassures clients that their funds are safe and cryptographically proves that the company and/or exchange has sufficient liquidity.

With the passage of time, and in fact with each subsequent regulation, Proof of Reserved will be required of every company, being a trustee of cryptocurrencies. Of course, like any process, it has its downsides. However, we believe that it will be refined over time.

Key conclusions

  • Provisions refer to the assets held by the company.
  • Proof of Reserved (PoR) is a way of verifying that a given cryptocurrency institution has sufficient reserves to secure customer balances.
  • Proof of reserves allows users of a company and/or cryptocurrency exchange to assess the solvency and liquidity of a given company that is the custodian of their assets.
  • PoR improves transparency for cryptocurrency custodians and builds user trust.
  • Currently, Proof of Reserved includes a snapshot of customer balances.
  • In his research, he uses the Merkle tree structure.

Sign up for the newsletter!

Receive the latest cryptocurrency news in your email every week.