Proof of Reserves is an audit aiming to prove that a company is truly holding the assets on behalf of its clients. The audit is usually performed by an independent, third-party entity to guarantee the safety of users’ funds in hands of another company.
Crypto companies can integrate cryptographic-based on-chain Proof of Reserve solutions into their systems that are reliable, secure, and more transparent than traditional audits. However, this report has its own limitations at the moment and needs to be improved.
In this article, we will explain Proof of Reserves and its benefits and limitations.
Proof of Reserves (PoR) is an audit that proves a company is holding its users’ assets in full as it claims. Crypto custodians, such as centralized crypto exchanges, can publish their Proof of Reserves to assure their customers that their funds are safe and secure.
The companies usually ask a third-party organization to complete the audit to ensure the authenticity of the attestation. Businesses can publish their Proof of Reserves regularly to show the legitimacy of their operations and increase transparency within the ecosystem.
Proof of Reserves became a trend after the dramatic crash of multiple well-known cryptocurrency companies. The sudden wave of withdrawals revealed that these companies were not holding their users’ funds completely and were using them for their personal affairs or lending them out without their users’ knowledge and consent.
Merkle tree proof of reserves is one of the methods of publishing a PoR report. As the name indicates, the proof is based on Merkle trees, a data structure that allows you to easily verify specific data in a huge database.
As you can see in the image, the pieces of data (in this case, the users’ balances) will be hashed separately and stored in the “Leaves” of the Merkle tree. After that, every 2 leaves will be hashed together, forming the “Branches” of the tree. This process will continue until there’s only one hash left: the “Root”.
Any changes in any of the leaves will lead to a different hash, making the proof tamperproof. The tree allows you to confirm the reliability of the whole structure without the necessity of checking the whole data set.
Let’s say Balance 2 (B2) belongs to you and you want to see if it’s included in the Merkle tree proof of reserves. The tree will provide you with H(B1), H(B3B4), and H(B5B6B7B8). All you have to do is to hash your balance, hash it again with H(B3B4), and finally H(B5B6B7B8) to get the hash of the root. If it’s similar to the published Merkle Root hash, your balance is included in the proof, meaning that the respective platform is truly holding your assets in its reserve.
With Merkle tree proof of reserves, companies construct the Merkle tree of their users’ balances and publish a snapshot of it. An independent auditor can verify the authenticity of the report by checking random addresses and making sure their balances are included in the proof.
Users can also review the proof to see whether their accounts are included or not.
Proof of reserves is increasing the transparency and trust within the space which is quite positive for both customers and businesses. Customers can trust crypto companies better as they have a relatively reliable attestation of the authenticity of their operations.
This indeed leads to more customers for businesses while preventing them from getting involved in any type of fraudulent activity which eventually leads to a healthier space for all members.
On the other hand, the report has room for improvement. Proof of reserves is an ongoing process, meaning companies need to publish the proof of their holdings on regular basis. The better option is an online and real-time report which allows users to review the reserves instantly and at all times.
Aside from that, the report is highly dependent on a third-party entity to confirm its authenticity. This third party may not be completely reliable as they may let their decisions be influenced by outside interests. Companies can opt for highly reputable auditing firms to reduce the chances of manipulation to a minimum.
The most important limitation of a proof of reserves report is that it doesn’t include a company’s debts or liabilities. A business may have all its customers’ funds in its reserves, however, it may also have to pay back loans of outstanding amounts. They may also have big insured investors, meaning in case of any loss, these investors would preserve the right to any company assets. And on top of all, exchanges can always move their funds.
These are some of the limitations of proof of reserves that need to be addressed either by improving the process or releasing more reports alongside it.