Does Proof of Reserves guarantee your funds are safe?

To increase transparency, exchanges are adopting Proof of Reserves (PoR) standards. Despite its security, PoR shows only assets held, not liabilities, so it is not a complete measure of solvency risk. Is it reliable?

In light of ongoing issues surrounding the security of users' funds, we believe it is important for the industry to assess its successes and shortcomings. To this end, the adoption of the Proof of Reserves (PoR) standard is seen as a vital step forward. PoR is a cryptographic method used by exchanges to demonstrate the amount of on-chain funds they hold. This allows users to independently verify an exchange's solvency, without needing to rely on third-party auditors or accounting reports.

It is important for both institutional and retail investors to have access to assets that they cannot self-custody. Some people believe that having more transparency is better than having none at all, even if proof of reserves doesn't offer the same level of transparency as blockchain-based platforms that don't require custody. While users may feel more secure seeing proof of reserves, this only provides an overview of the assets held at the platform's addresses without revealing any of the company's liabilities. In fact, proof of reserves only shows the number of assets held by the platform, which is not enough to determine the true level of solvency risk.

To ensure solvency, having Proof of Reserve is not enough. We also require a Proof of Liability (PoL) to guarantee the total amount of all account balances. For any crypto exchange, a comprehensive auditing process can benefit from the transparent properties of blockchain, which cryptographically prove that they have enough funds on-chain to match their liability. Once Proof of Reserve is established, an exchange can reveal its wallet addresses, giving us a clear indication of its holdings and proof of ownership. Binance's latest Commitment to Transparency is a perfect example of this.

The Real Challenge

The challenge of proving liability can be difficult. However, there is a solution that was proposed prior to the Mt. Gox bankruptcy in 2014 that is still relevant today. The solution involves a Merkle tree construction which allows users to verify that their account balance is included in the liability published by the exchange. When more users confirm their proof, the likelihood of the total liability being correct increases. To prove that your account balance is included in the Merkle proof, you must hash two nodes at each level of the tree. Initially, you only have one hashed account balance plus ID. The other hashes must be provided to enable users to reach the root.

An Example

In this liquidity proof, Merkle summation trees are utilized. To avoid complicating matters with technical terms, let's examine an instance where there are four account IDs, each holding a certain amount of ETH- Alice (50), Bob (100), Charlie (150), and David (200).

In the Merkle tree, the lowest level consists of leaves that represent the hashes of each account's balance. The intermediate nodes contain the hash of the child nodes along with the account balances in them. The Merkle tree's root is the hash of the child nodes and their account balance sum. If Alice wants to show that her balance is included in the exchange's liability, she needs to know the hash h_6, Bob's balance (without knowing it's Bob's), the hash h_2, and David and Charlie's balance sum of 350 from the second layer. The exchange provides this information marked in green, enabling Alice to compute a Merkle proof, which is a path up to the root. If the final hash matches the published Merkle root, Alice's balance is indeed included in the total liability.

The shortcomings of PoR and PoL

Proof of Reserve and Proof of Liability can help improve the transparency of balance sheets, but they cannot guarantee the accuracy of exchanges' reported numbers. The presented reserve sizes are only momentary snapshots and can be manipulated by short-term borrowing. It would be ideal to have real-time proof of reserve and solvency, but this is a challenge for exchanges that store their funds in cold storage. Furthermore, these numbers can never be completely reliable since keys can be lost or accounts can be seized or hacked.

When it comes to liabilities, it's not possible to ensure 100% coverage without each user running their own proof. This means there's a possibility that important liabilities may be excluded from the Merkle tree. To boost confidence, an external auditor can be brought in, but this still relies on trust, which we've learned isn't always the most reliable option in trading. So, it's important to consider all options carefully.

Future of solvency risk: Non-custodial Exchanges

The future of cryptocurrency exchanges will require a design that completely prohibits them from mishandling user funds by enabling users to self-custody their assets while using the exchange. In a permissionless, non-custodial exchange, all deposits remain under the full control of the end user. Users have, by default, a 100% guarantee that their funds are available at all times since they are stored in smart contracts, which can only be handled with the user's full authorization; not even the exchange itself can access the funds. In short, in this model, there is no need for Proof of Reserve and Proof of Liabilities. Because users don't have to give custody of their assets to an exchange (or third party), non-custodial exchanges like DexToro can completely eliminate solvency risks.

About DexToro

DexToro’s mission is to democratize access to financial opportunity. 

Join the discussion on Discord or follow us on Twitter.

Learn more at DexToro.com