Subscribe to wiki
Share wiki
Bookmark
Proof of Reserves (PoR)
The Agent Tokenization Platform (ATP):Build autonomous agents with the Agent Development Kit (ADK)
0%
Proof of Reserves (PoR)
Proof of Reserves (PoR) is a verifiable auditing procedure used primarily by cryptocurrency-centric institutions, such as exchanges and custodians, to publicly demonstrate that they hold sufficient assets to cover all of their customer deposits. The process is designed to enhance transparency, build user trust, and prove solvency by confirming that the institution holds customer funds on a 1:1 basis. It leverages the inherent transparency of public blockchains to allow for independent verification of an institution's financial health. [1] [2]
Overview
The primary goal of a Proof of Reserves audit is to provide assurance to clients that their funds are held on a full-reserve basis, meaning the custodian holds reserves equal to or greater than 100% of all customer liabilities. This model ensures that all withdrawal requests can be met, even in the event of a bank run. This stands in contrast to the fractional-reserve banking model, common in traditional finance, where institutions hold only a fraction of customer deposits as reserves and lend out the rest. [1]
By providing verifiable proof of solvency, PoR directly mitigates counterparty risk for users, assuring them that their assets are not being rehypothecated, misused, or lent out without their consent. This mechanism is crucial for preventing fraudulent practices and increasing the overall market credibility of centralized crypto platforms. [1] The practice of PoR is increasingly seen as a vital component for financial stability within the digital asset industry, aiming to solve the issue of custodial services holding funds in opaque "black boxes." [3]
History
The widespread adoption of Proof of Reserves was significantly catalyzed by the collapse of the cryptocurrency exchange FTX in November 2022. The exchange's bankruptcy revealed that it had been misusing customer funds and was operating on an insufficient, fractional-reserve basis, leading to its inability to process customer withdrawals and its eventual insolvency. This event highlighted the critical need for transparent and verifiable solvency proofs within the industry. [1]
In the wake of the FTX failure, PoR adoption surged, with over a dozen of the world's largest exchanges implementing the practice to regain user trust. By late 2022, reports indicated that over half of all Bitcoin (BTC) held on exchanges had become subject to verification through a Proof of Reserves system. [1]
Technical Mechanism
A traditional Proof of Reserves audit is a multi-step process typically conducted by an independent, third-party firm to ensure integrity and impartiality. The process is designed to cryptographically verify an institution's assets while using privacy-preserving techniques to confirm its liabilities. [2]
Step 1: Proof of Assets
The first stage involves the custodian proving its control over a sufficient quantity of on-chain assets.
- Publication of Addresses: The institution publishes a comprehensive list of the on-chain wallet addresses where it holds customer funds. Third parties can then use a public blockchain explorer to independently verify the balances of these addresses.
- Ownership Attestation: To prove ownership and control over the wallets, the institution must perform a cryptographic action. This is typically done by using the private key associated with a wallet to sign a specific, predetermined message (e.g., "This wallet is part of the assets of Custodian X") or by executing a small, pre-announced transaction from one of the published addresses. An independent auditor oversees this process to confirm that the institution has exclusive control over the private keys for the wallets holding the reserve assets. [1] [2]
Step 2: Proof of Liabilities
The second stage involves calculating the institution's total outstanding liability to its customers without compromising individual user privacy.
- Snapshot and Aggregation: The auditor takes an anonymized snapshot of all customer account balances at a specific point in time. The primary challenge is to sum these balances to arrive at a total liability figure while protecting the personal data of each user. [2]
- The Merkle Tree: To achieve this, a cryptographic data structure known as a Merkle Tree (or Merkle Sum Tree) is used. In this structure, each individual customer's balance is cryptographically hashed and becomes a "leaf" at the bottom of the tree. These leaves are then paired, hashed together, and combined progressively up the tree until a single hash, the "Merkle Root," is produced at the top. This Merkle Root represents the cryptographically secured sum of all individual customer balances—the institution's total liabilities. [1]
Step 3: Final Verification
The final step is for the auditor to compare the total proven assets with the total proven liabilities to calculate the institution's solvency.
- Reserve Ratio Calculation: The reserve ratio is determined using the following formula:
Reserve Ratio = Total Proven Assets / Total Proven Liabilities[1] - Interpretation: A reserve ratio of 100% or greater (≥100%) indicates that the institution is solvent and operating on a full-reserve basis. A ratio greater than 100% signifies that the institution is overcollateralized, holding more in reserves than it owes to customers, which is a strong indicator of financial health. A ratio below 100% would indicate insolvency. [1]
User Self-Verification
A key feature of the Merkle Tree method is that it allows individual users to independently and cryptographically verify that their balance was included in the total liability calculation. This distributed verification model ensures the institution cannot selectively omit certain accounts to understate its liabilities.
The process for a user typically involves:
- Logging into their account on the custodial platform.
- Retrieving their unique "Merkle leaf," a hash that represents their account data from the time of the audit.
- Using a verification tool, often hosted on the independent auditor's website, to check if their specific Merkle leaf was part of the Merkle Tree used in the official audit. [2]
The effectiveness of this liability proof is enhanced by widespread user participation, as it makes it more difficult for a custodian to manipulate the final liability figure. [1]
Automated Proof of Reserves
While traditional PoR audits provide a snapshot in time, automated systems have been developed, primarily in Decentralized Finance (DeFi), to offer real-time, on-chain verification. These systems replace slow and manual audits with continuous, automated monitoring. [3]
A prominent example of this technology is Chainlink Proof of Reserve, which uses a decentralized network of oracles and smart contracts to bring reserve data on-chain. The workflow consists of three main stages:
- Data Sourcing: A decentralized oracle network fetches data regarding asset reserves. For off-chain assets like fiat-backed stablecoins, oracles source attestation data from professional auditors who verify assets held in escrowed bank accounts. For cross-chain assets like wrapped tokens, oracles fetch data directly from the asset's native blockchain. [3]
- On-Chain Reporting: The oracles consolidate the data and push it onto a blockchain, where it is stored in a smart contract known as a "Proof of Reserve reference feed." This feed is updated in near real-time or whenever reserves deviate beyond a predetermined threshold. [3]
- Verification and Action: Other DeFi applications and smart contracts can read the on-chain data from the reference feed on demand. This allows them to autonomously verify an asset's collateralization. If undercollateralization is detected, protocols can be programmed to automatically trigger protective actions. [3]
Innovations in Automated PoR
Automated systems have enabled new risk management features in DeFi.
- DeFi Circuit Breaker: PoR feeds can act as an automated safety mechanism to mitigate systemic risk. If a reserve feed reports that an asset (e.g., a wrapped token from a hacked cross-chain bridge) is undercollateralized, other DeFi protocols integrated with the feed can automatically halt functionalities related to that asset, such as borrowing, lending, or trading. This isolates the problematic asset and prevents a contagion effect. [3]
- Proof of Reserve Secure Mint: This security feature cryptographically ensures that new tokens can only be minted if the underlying reserves are fully collateralized. This provides a strong defense against "infinite mint attacks," where an attacker exploits a vulnerability to create a large number of unbacked tokens, devaluing the asset. [3]
Use Cases and Applications
Proof of Reserves technology has a wide range of applications across both centralized and decentralized digital asset ecosystems.
- Centralized Exchanges and Custodians: This remains the primary use case, where audits are performed to prove solvency to customers and regulators.
- Stablecoin and Off-Chain Asset Verification: Automated PoR is used to prove that tokens representing off-chain assets are fully backed. For example, Chainlink oracles fetch attestation data from the audit firm The Network Firm, which reviews TrustToken’s escrowed U.S. dollar accounts, to verify the backing of the TUSD stablecoin on-chain. Similarly, the tokenized gold products from Paxos (PAXG) and CACHE Gold use PoR to allow on-chain verification of their physical gold reserves.
- Cross-Chain Assets and Wrapped Tokens: PoR systems monitor the collateral of a bridged asset on its native chain and compare it to the circulating supply on the destination chain. An integration developed by BGD Labs for the Aave protocol on Avalanche uses PoR to monitor wrapped tokens, allowing the protocol to trigger emergency actions if an asset becomes undercollateralized. The cross-chain bridge Swingby also uses PoR to block users from minting or swapping wrapped tokens if backing reserves are shown to be insufficient.
- Liquid Staking Derivatives (LSDs): PoR feeds can increase the transparency of LSDs by verifying that each liquid staking token is fully backed by an equivalent amount of staked native tokens on the underlying network.
- Tokenized Real-World Assets (RWAs): For tokenized assets such as real estate or commodities, PoR can bring asset ownership and cash flow data on-chain for auditing and verification purposes.
- Traditional Finance (TradFi): In a conceptual use case, traditional financial institutions could leverage oracles to publish audit reports on-chain, creating an immutable and tamper-proof record of their assets for customers and counterparties.
This range of applications demonstrates the versatility of PoR in enhancing transparency and security across the financial landscape. [3]
Case Study: Crypto.com Audit (December 2022)
A real-world example of a PoR audit was conducted for the platform Crypto.com by the international audit, tax, and advisory firm Mazars Group. The auditor performed the engagement under the International Standard on Related Services (ISRS) 4400. [2]
The audit snapshot was taken on December 7, 2022, at 00:00:00 UTC. The methodology involved comparing assets held in on-chain addresses, which were cryptographically proven to be controlled by Crypto.com, against customer balances obtained from a live query of the platform's production database.
The results of the audit demonstrated that Crypto.com held reserves exceeding 100% for several major crypto assets, indicating overcollateralization at the time of the audit.
| Asset | Reserve Ratio |
|---|---|
| BTC | 102% |
| ETH | 101% |
| USDC | 102% |
| USDT | 102% |
| XRP | 101% |
| DOGE | 101% |
| SHIB | 101% |
| LINK | 101% |
| MANA | 100% |
This case study illustrates the application of the PoR process by a major exchange and the type of transparent data it can provide to the public. [2]
Limitations and Criticisms
Despite its benefits, Proof of Reserves has several limitations that are important to consider.
- Point-in-Time Snapshot: A traditional PoR audit only confirms solvency at the specific moment the audit is conducted. It does not provide continuous assurance, meaning an institution could become insolvent between audit periods by moving or leveraging funds. [1] [2]
- Limited Scope: A standard PoR audit typically verifies on-chain digital assets against customer deposits but may not account for a company's other liabilities, such as outstanding loans or corporate debts. Therefore, a successful PoR audit proves asset backing for customer funds but not the overall financial solvency of the entire company. Audits might also have scope limitations regarding the specific assets or networks covered. [1] [2]
- Reliance on User Participation: The effectiveness of the Merkle Tree method for proving liabilities is contingent on users actively taking the step to verify their own balances were included. If participation is low, a fraudulent entity might be able to get away with omitting some liabilities from the calculation. [1]
Future Outlook
Proof of Reserves is increasingly regarded as a "gold standard" for responsible custodianship within the cryptocurrency industry. It is expected to become a baseline requirement for centralized platforms seeking to demonstrate transparency and secure customer trust. Furthermore, regulatory bodies have shown interest in the concept, exploring frameworks that could mandate PoR for crypto asset service providers, much in the same way that traditional financial audits are required for banks. [1]
See something wrong?
The Agent Tokenization Platform (ATP):Build autonomous agents with the Agent Development Kit (ADK)