Proof of Reserve introduction

https://niccarter.info/proof-of-reserves/

If there’s a single thing I could do to better this industry, it would be to convince every custodial service provider in the cryptocurrency space to adopt a routine Proof of Reserve program.

Proof of Reserves is the idea that custodial businesses holding cryptocurrency should create public facing attestations as to their reserves, matched up with a proof of user balances (liabilities). The equation is simple (in theory):

Proof of Reserves + Proof of Liability = Proof of Solvency

The idea is to prove to the general public, and in particular your depositors, that your cryptocurrency held on deposit matches up with user balances. Of course, in practice, this isn’t quite so simple. Proving that you control some funds on chain is trivial, but you could always borrow those funds on a short term basis. This is why point-in-time attestations mean relatively little. And additionally, exchanges can have hidden liabilities or have creditors claim seniority to depositors, especially if they don’t legally segregate client assets on the platform. This is why policy like Wyoming’s SPDI law clarifying the legal status of depositors relative to custodial institutions is so important.

Proving liabilities is tricky, and generally requires an auditor to engage in a full assessment. For instance, exchanges can omit certain liabilities to ‘cheat’ a PoR attestation. This is why I recommend both a user-facing PoR protocol, allowing users to obtain ‘herd immunity’ by collectively verifying their individual balances, and an auditor-facing PoR protocol, to prove that the claimed liabilities are faithful to reality.

Another issue is that exchanges could have unaccounted-for liabilities that a mere cash flow analysis might not capture. For instance, given that many exchanges exist under muddy regulatory regimes and legal contexts, it’s not guaranteed that depositors would be senior to creditors in the case of bankruptcy. This means that it’s possible that large debts could consist of a hidden liability that would weaken depositor claims on reserves in a worst case scenario. This is why I recommend including an auditor in a PoR process, so these more complex liabilities (and an assessment of the seniority of depositors) can be understood. More generally, exchanges should adopt a legal policy in which depositors are absolutely privileged and senior to all creditors.

So a Proof of Reserve program isn’t entirely trustless. However, it’s still worth doing, for several reasons:

• It’s good housekeeping. A periodic PoR attestation demonstrates to your end users that you have your house in order, and that you are being vigilant with regards to solvency
• It’s a strong self-regulatory measure. If exchanges collectively adopted PoR, regulators might be more inclined to adopt a light touch approach. Much better to operate in relative freedom with voluntary self-regulatory measures rather than suffering onerous regulatory impositions later on
• It helps safeguard against toxic operators by making fractional reserves virtually impossible to hide. These exchange failures reflect badly on the whole industry, so it’s in everyone’s interest to avoid them

To those who reject PoR because it’s not perfectly trustless in its current implementation, I would respond that the perfect is the enemy of the good. At present, the industry standard is virtually no transparency. Those exchanges that are more stringently regulated, under the NY Trust License for instance, can credibly claim to be fair stewards of user funds. Some exchanges conduct audits to obtain bank partners. But these audits are generally not consumer facing, and many exchanges are loosely regulated. A far more potent trust signal would entail allowing depositors to individually verify that their deposits genuinely exist under the control of the exchange. If we let a commitment to perfection stall the adoption of processes like PoR, we will likely end up with a much worse situation where onerous, top-down regulation is imposed on exchanges. I always prefer proactive industry-driven self-regulation to state regulation, and I think you should, too.

A brief note on nomenclature

In my view, ‘Proof of Reserve’ refers to a specific procedure in which a custodian transparently attests to the existence of on-chain reserves, and then provides an equivalent proof (typically with the help of an auditor) that the liabilities outstanding do not exceed those reserves.

I am aware that the term is used generally to refer to related procedures. For instance, stablecoin attestations are sometimes referred to as PoR. But in this case, it is the liabilities which are on chain and the reserves which are in the banking system. Additionally, the term is sometimes used to refer to a setting in which a wrapped token is compared to equivalent tokens on a different blockchain. This would more accurately be described as a proof of on chain equivalence, or something related. There is no proof of underlying reserves in that situation. I would discourage the usage of PoR for these alternative uses to avoid muddying the meaning of the term. In my view, proving reserves specifically refers to the procedure whereby an entity demonstrates the existence of crypto reserves matching some notes that they have issued.

FAQ

Why ‘Proof of Reserve’ if you really mean ‘Proof of Solvency’?
Proof of Reserve sounds better, and Solvency is a much higher bar to clear. Ideally a PoR would be paired with a full accounting of liabilities, known and hidden, and stronger solvency assurances would be obtained.

Is PoR “one sided” – does it avoid liabilities?
No. PoR is a term of art that refers to the attestation whereby both the assets held on deposit and the user liabilities are compared. Under standard PoR, liability holders have the ability to determine that they were included in the liability set (that’s what the merkle tree is for). The “hard part” is the liabilities – proof of assets on chain is normally trivial. So PoR is not “underpowered” or “incomplete”. A proper PoR really does give you assurances that the exchange is solvent at least in the narrow context of on-platform balances.

What about exchange/user privacy?
As long as exchanges are ok with people knowing how the total value of assets on deposit, they don’t have to divulge any additional information. In practice, it’s trivial to determine how many coins an exchange has, and many third party providers actively publish this data. So trying to hide the number of coins on deposit is a lost cause anyway. Through the proof of liability tool, user information is anonymized and hashed. This allows only users with a knowledge of their account ID and their balance to verify that they are included in the merkle proof without spying on other users.

What about DEXes?
The growth of DEXes is exciting and great for the industry. However, cryptocurrency users have a revealed preference for custodial ownership, at least for a portion of their coins. Self-custody is hard and it isn’t for everyone. Approximately 20-25% of BTC and ETH is held in a custodial setting. By encouraging custodial exchanges to adopt PoR, I am hoping that user assurances at custodial exchanges can be bettered. However, it goes without saying – not your keys, not your coins. You are ALWAYS vulnerable if you choose to use a custodial exchange.

Do you need an auditor?
In BitMEX’ case, I believe users are getting sufficient assurances without the input of a 3rd party auditor. Effectively, by running the process, users can determine that BitMEX controlled a specific number of BTC, and that their account balance is included in the final merkle tree of balances, such that if enough users ran the analysis, you’d have sound assurances that BitMEX was not selectively excluding any liabilities, thus overstating their solvency. In this case it’s only BTC being attested to in a relatively simple full-reserve setup. However in more complex setups where it may be a fractional reserve model or more bank-like context, or with multiple assets and even non-blockchain assets and potentially fiat, you will want to incorporate an auditor. Armanino LLP have been undertaking PoR procedures for years and are the subject matter experts here.

I want to adopt PoR. What do you recommend?
 1.   I recommend updating your legal ToS to clarify a) the segregation of client deposits and operating capital, b) the seniority of client deposits in liquidation, and c) the responsibilities you have towards depositors under your regulatory regime, if any.

 2.  As for adopting a PoR strategy, I suggest an ongoing, auditor-enhanced, user-verifiable proof of solvency using the merkle approach. Point in time attestations are not sufficient. I recommend using an auditor to assist and attest to the liabilities side. Currently Armanino, Mazars, and KPMG are audit/accounting firms known to be offering these services. I strongly recommend allowing depositors to verify that their balances are included in the proof of liabilities using the Maxwell/Todd merkle method.

Why do I need an auditor or external third party assistance?
The liabilities side of the equation is tricky, and for users to have confidence that the accounting is complete, it’s worth engaging a trusted auditor willing to contribute their professional reputation to an assessment of liabilities.

Can you cheat a PoR by borrowing funds from other exchanges?
You could, yes. But it would also be the most obvious thing ever (as evidenced by the immediate outrage over Crypto.com and Gate’s questionable transaction). As I’ve said before, a point in time attestation proves very little. Even a quarterly cadence isn’t optimal. Higher frequency assessments – paired with either audit firm oversight or simply the on-chain transparency that comes with a periodic asset attestation – means that it is much harder to cheat a PoR. Either way, if you are publicly revealing your addresses, it would be come very clear very quickly if you were borrowing large amounts of funds every month to ‘pass’ a PoR and then sending them back. It’s not like this is an unknown, dastardly new concept. It’s known in the accounting space as “window dressing” – manipulating accounts on a short term basis to make them look better for a specific filing period, say at the end of the quarter. Audit firms are quite familiar with the concept and know how to look for it. The fact that blockchains are innately transparent helps too – anyone can be on the lookout for this kind of misbehavior.

Who is the market leader in the PoR / real time attest space?
Armanino is the market leader in my view. They have by far the most expertise doing the procedure and variants thereof, and the most active clients in the space. I don’t have a financial relationship with them of any sort – just want to give credit where credit is due.