Proof of reserves is becoming more effective, but not all its challenges are technical
Proof of reserves (PoR) has gone from a buzzword to a roar in recent weeks as the crypto world tries to recover from the shock and losses of the current crypto winter. After a flurry of discussion and work, criteria and rankings for adequate PoR are beginning to appear, but the fine points of how to conduct proof of reserves, or even who should do it, remain open questions.
The difference between proof of assets and proof of reserves was pointed out quickly, along with their deficiencies by themselves. Traditional auditors’ attempts at providing PoR were soon frustrated, with major firms stepping up and quickly retreating.
I'm sorry but no. This is not PoR. This is either ignorance or intentional misrepresentation.
The merkle tree is just hand wavey bullshit without an auditor to make sure you didn't include accounts with negative balances. The statement of assets is pointless without liabilities. https://t.co/b5KSr2XKLB
— Jesse Powell (@jespow) November 25, 2022Auditors may never provide the assurance users seek from PoR, Doug Schwenk, CEO of Digital Asset Research (DAR) told Cointelegraph. Audits are done periodically, while crypto trades around the clock “Ideally you would have a way to measure those liabilities and the assets in some kind of real time,” he said.
DAR provides information and vetting services to major firms in traditional finance and produces the FTSE Russell index in conjunction with the London Stock Exchange. “We like to see proof of reserve. […] It’s not enough for us to say we feel satisfied, but it is certainly better than nothing.” He added:
“In the world that we’re navigating right now, better than nothing is sometimes a good starting place.”To complicate matter further, centralized (CeFi) and decentralized (DeFi) platforms present radically different challenges. Thanks to its transparency, “proof of reserve is worthy of calling [itself] proof of reserve” in DeFi, according to Amit Chaurhary, head of DeFi research for Polygon, a scalable blockchain ecosystem compatible with Ethereum.
Related: Proof-of-reserves: Can reserve audits avoid another FTX-like moment?
Chaudhary told Cointelegraph that the zero-knowledge Ethereum Virtual Machine (zkEVM) being developed by the company brings “battled-tested security” to PoR. That software uses Merkle trees to see both positive (asset) and negative (liability) balances and allows a user to verify their accounts while maintaining a high level of privacy. In addition, zero knowledge protocols can offer dual collateral control for securer settlement and Anti-Money Laundering and Know Your Customer controls while preserving anonymity.
The immutable nature of the blockchain record would allow verification of the audit process. Chaudhary added:
“You can deploy an accounting system on your zkEVM. You can design your own accounting system.”CeFi presents much greater challenges. “Since liabilities could be incurred off-chain, there is no method to show proof-of-liabilities and that a company can honor all customer deposits,” founder of the Aleph Zero blockchain Matthew Niemerg told Cointelegraph in a statement.
Centralized cryptocurrency exchanges are taking a variety of steps to provide PoR that meets users’ needs. Exchange OKX, which has recently committed to providing fresh PoR monthly, uses PoR based on an open-source Merkle tree protocol along with a Nansen dashboard. Nansen provides real-time, third-party transaction tracking.
#OKX released 2nd Proof-of-Reserves Report, Promises Monthly Publication
Reserve ratio: #BTC 101%, #ETH 103%, #USDT 101% pic.twitter.com/spcLT6M1VF
— Satoshi Club (@esatoshiclub) December 23, 2022OKX told Cointelegraph in a statement that the exchange verifies its holdings of its top three assets, BTC, ETH and USDT, using a Merkle tree, which allows users to verify their holdings, check that their balance is included in the exchange's total liabilities and compare OKX assets and liabilities.
“OKX discloses its wallet addresses via the Nansen dashboard,” OKX explained further. This allows users to check OKX holdings in real time “to ensure that OKX has enough reserves on-chain for users to withdraw.”
Despite the efforts of OKX and other exchanges to provide transparency, “no amount of math or cryptography can solve the human problem of deceit and fraud, even if the books are audited by respected, independent third parties. Garbage in, garbage out!" said Niemerg.
Part of the challenge of providing transparent services is cultural. Tradition finance has “benefit of living in 2022, where we have almost 100 years of highly regulated capital markets,” Schwenk said.
The DAR seeks to “apply the same rigors as regulators” for “the kind of firms that are used to having a high degree of confidence in their counterparty.” Nonetheless, “It is impossible to get perfect information about any of these counterparties today, because many of them are still getting through some maturity questions and they struggle to be as buttoned up as you see in traditional finance,” Schwenk said.