Proof of Reserves

The FTX downfall taught us a few lessons. Like, do businesses that hold crypto assets back their funds? If so, do these funds cover all their holdings? There’s a need and demand for better transparency. The businesses in question are, for example, crypto exchanges. However, stablecoin providers also fall under this. The Proof of Reserves or PoR is the first step towards this transparency.

So, let’s take a deep dive into what these Proof of Reserves are.

What Are Proof of Reserves?

Proof of Reserves shows how many assets a crypto company has in reserves. The companies should provide this by means of an unbiased audit by third parties. This provides transparency.

To clarify, here’s a sample. The Proof of Reserves should show that a company, like a crypto exchange, can handle a bank run. Their reserves should be enough to deal with massive, simultaneous withdrawals. 

This is important, as we saw with FTX. This exchange couldn’t handle their users’ withdrawal requests. And why was that? Because their customer withdrawals were greater than their reserves. They just didn’t have the money they said they had.

Furthermore, Proof of Reserves installs confidence in users. It provides transparency about your funds’ location. Since all information is on-chain, private user data is not exposed.  It shows that your funds on an exchange are safe. 

As a result of the FTX collapse, we see more and more exchanges going the PoR route. Many stablecoin providers also follow suit. For example, TUSD, which we will cover later.

The PoR also has importance in other areas. For instance, from a regulatory perspective. It shows regulators that the industry works in a secure and also transparent way. The following video is a roundtable discussion during Smartcon 2022. Initiated by Chainlink PoR with Armanino, CACHE, and TrueFi also taking part.

How Does Proof of Reserves work?

Proof of Reserves needs an unbiased auditor. There are 3rd party audits and non-3rd party trustless audits. They prove what kind of reserves the company has. The 3rd party auditors do this by taking a snapshot of all the assets of a company.

The outcome of this snapshot is of importance. For instance, it shows if the company has more assets compared to their liabilities. This shows us, their customers, that they are liquid. That they can withstand a bank run and that we, their users, can get a hold of our funds at any time. They can be effective, yet bad actors can move money around to satisfy the audit and not really have your money later.

The Merkle Tree

For the non-3rd party trustless audit, the auditor uses a Merkle tree. This is nothing else but a data structure. It may sound complicated, but it isn’t. Imagine a tree that has branches growing all over itself. A Merkle tree is similar, although it’s binary. It’s like seeing someone else’s files in read-only mode. You can see it, but you can’t alter it in any way.

However, a Merkle is even better. That’s because in our read-only example, you know who the ‘someone else’ who shows you the file is. In a Merkle tree, you don’t know anyone else who’s involved in the creation of the hashes. 

So, this structure bases itself on hashes. These hashes create a hierarchy of previously used hash transactions. Small groups of individual hashes culminate in bigger hashes. This continues until they reach the root. All the hashes culminate in the root, the Merkle root. 

So, the root has a name like Hash 0. It’s the accumulation of lots of individual transaction hashes. Similar, to what you can search by in a block explorer to find a transaction. Now, Hash 1 is the next grouping, and so on. Basically, a Merkle tree allows you to check if a transaction is included in a block.

In the end, this is how all balances accumulate. There’s no exchange of private information. However, ZK technology is a new and recent addition. This adds even more privacy. Although it’s not essential, some projects may like the added privacy. The picture below shows the structure of a Merkle tree.

Proof of Reserves

Source: Javatpoint

Can You Trust Proof of Reserves?

So, the PoR sounds like the next best thing to sliced bread. But can you trust it? The answer to this may not be as reassuring as the exchanges want you to belief. Because the snapshot for the audit is just a single moment. There’s no accounting in real time.

This leads to the main issue here. It shows the custodians’ assets, at that moment. However, it doesn’t tell us where the assets originate from. For example, an exchange can borrow the assets, only for the duration of the snapshot. Furthermore, the snapshot doesn’t tell us what kind of liabilities a company has. These can be off-chain liabilities that we are not aware of.

So, besides a PoR, it would be best if there was also a Proof of Liability. This combination will prove the solvency of a company or exchange.

With a 3rd party audit, it’s also possible for the company to collude with the audit firm. On the other hand, with a non-3rd party trustless audit, you don’t have this issue. Another reason to prefer a non-3rd party trustless audit over a 3rd party audit.

However, it’s likely that PoR will become a minimum standard. That also includes from a regulatory perspective. It seems to be one of the few options of transparency that companies can currently offer. Unfortunately, we also notice that not all companies take this opportunity. Only a handful of bigger exchanges offer their PoR. The following picture shows some exchanges that use a PoR. And some don’t.

Proof of Reserves

Source: CoinGecko


In this first part of Proof of Reserves, we looked at a few questions. For example, what is PoR, how does it work, and can you trust it? In Part 2, we will look further into this topic, with new questions.

⬆️ For more cryptocurrency news, check out the Altcoin Buzz YouTube channel.

⬆️ Our popular Altcoin Buzz Access group generates tons of alpha for our subscribers. And for a limited time, it’s Free. Click the link and join the conversation today.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.