What Is Proof of Reserves and How it Works on Backpack

• PoR embodies crypto’s “Don’t trust, verify” ethos: Transparent crypto exchanges use PoR to show that they are responsibly safeguarding users’ funds.

• Existing Exchange’s PoR methods are inadequate: While PoR is making the crypto space more transparent and trustworthy, there are significant ways to make it much more robust. 

• Backpack’s PoR audits are independently verifiable: Backpack regularly conducts third-party PoR audits and publishes all the details, so you can verify that all your funds are being securely held. In the future we will be implementing near real-time user-level PoR using zero knowledge proofs.

PoR is a practice used by crypto exchanges to show that they hold enough assets to cover all user balances. This process usually requires exchanges to hold the specific tokens that users have deposited, rather than just an equivalent dollar value. This ensures that the exchange can cover all customer balances with the exact assets deposited, in order to meet any and all withdrawal demands. 

Think about it as a simple equation:

Total Assets held by Exchange ≧ Total Assets Owed to Customers (on an asset-by-asset basis)

PoR is crucial for a number of reasons. First, it allows you to verify that the balances you hold on a crypto exchange are fully backed by the same assets within the exchange (ie. your assets have not been lent out). Second, it pushes exchanges to adhere to strict transparency standards, which makes it harder for them to engage in shady or illegal practices. 

For instance, PoR prevents exchanges from using customer deposits in the same way banks do, which is to loan out deposited assets to third parties (unless this is part of a product the user has signed up for - for example, staking for yield). Additionally, it ensures that exchanges cannot use your assets for their own proprietary purposes, such as investing your assets in other protocols or businesses. In other words, exchanges cannot use (and risk) your assets to generate returns for themselves. 

Conducting robust PoR audits is a no brainer - it benefits both crypto exchanges and their users. For users, it reduces insolvency risks and provides comfort that your assets are safeguarded against malicious actors. Similarly, exchanges rely on PoR for transparency and auditability, and to fulfill their mission of safeguarding user assets.

Therefore, if you use a crypto exchange, it’s important to check whether it provides clear, verifiable Proof of Reserves audits!

Not all PoR audits are created equal. It’s important to note that crypto exchanges deploy PoR in several different ways, which means verification processes and their outcomes can vary. 

Third-party PoR Audits are conducted by reputable third-party firms who review the exchange’s assets and liabilities. These audits are published periodically, allowing you to see the exchange’s financial health over time.

Most PoR audits involve:

• Taking a Snapshot of Balances: The auditor is given a snapshot of all account balances (usually on a video call with pre-reviewed code so the data cannot be manipulated).

• Merkle Tree Conversion: The balance data is converted into a Merkle tree, structuring large data sets for easier processing. Each user’s balance is hashed into a "leaf," which is combined into "branches" and then into a "root." 

• Ownership Verification: the exchange then provides the list of wallets that contain the customer assets, and the auditor asks that ownership of these can be verified, usually using one of two approaches:

  • Cryptographic Message Signing: The auditor provides a unique message for the exchange to sign with their private key.

  • Instructed Movement of Funds: The exchange performs a specific transaction at a designated time, and the auditor verifies the transaction on the blockchain.

• Wallet vs. Customer Balance Comparison: the auditor will compare the wallet balances to the exchange balance data as per the known snapshot time. If on a per asset basis the balances in the wallet are equal to or greater than the customer balances,the exchange will have successfully verified its PoR.

This process helps ensure that an exchange is not misusing customer assets or only storing fractional reserves – which could put your funds at risk. 

We do! Here’s a link to our official Hacken Audit showcasing that we have assets covering over > 100% of our liabilities. https://por.hacken.io/en-US/backpack

While PoR is a significant step towards transparency and accountability, it has some limitations.

Snapshot in time:

One major issue with PoR is that an exchange’s reserve balances are only verified at the specific time of the audit. This can be problematic because a crypto exchange’s balances can fluctuate as users move their assets in and out between audits, and bad actors can potentially misappropriate user assets in between snapshots. 

Because all PoR are backwards looking, a user does not have full confidence that going forwards their assets are safeguarded. Discrepancies might not be discovered after the fact, and exchanges might use the time in between snapshots to obscure unwarranted asset activity.

Third-Party Integrity:

Since third-party auditors usually conduct these audits, the results will depend on the auditor’s competence and reputation. This reliance on auditors may raise questions about the integrity of the audit.

User-Account Balance Verification:

While on-chain balances are easy to verify, user account balances are difficult to verify. In most PoR audits, user account balances are provided by the exchange to auditors, and auditors have to trust the exchange to provide accurate customer balance data, yet such data may be subject to manipulation by bad actors. 

To improve PoR audits and build trust, exchanges could reduce the time between audits, reducing the potential for suspicious activities in the gaps. Utilizing reputable and competent third-party firms who have a deep understanding of the crypto industry and with no financial ties to the exchange can enhance credibility. Additionally, implementing smart contract audits and decentralized oracles for real-time proof can make the PoR process more reliable and harder to manipulate.

In light of the many limitations on the current state of PoR audits, we decided to build Backpack Exchange from the ground up using next generation infrastructure tools to build security, verifiability, and transparency into the entire exchange itself from day one. In fact, Backpack Exchange is built just like a blockchain, with multiple independent nodes having to agree on every deposit, withdrawal, and trade that occur on the exchange.

In addition to enhancing security by eliminating single points of failure, this comes with an additional benefit: with Backpack Exchange, the entire history of the exchange is replayable and auditable. This helps in two ways: (1) ensuring that any malicious activity is forever traceable, and (2) anyone - any user, auditor, or regulator - can see and replay the entire history of the exchange at any given time for greater peace of mind.

We’re excited to showcase this structure as a better way to demonstrate PoR and enhance user confidence in everything that we do.

Today’s top exchanges rely on Proof of Reserves to provide their users with peace of mind and help build trust in the crypto industry. By staying informed and actively verifying your exchange’s PoR, you will more effectively safeguard your holdings and set yourself up for future success.

Disclaimer: This content is presented to you on an “as is” basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial, legal or other professional advice, nor is it intended to recommend the purchase of any specific product or service. You should seek your own advice from appropriate professional advisors. Where the article is contributed by a third party contributor, please note that those views expressed belong to the third party contributor, and do not necessarily reflect those of Backpack. Please read our full disclaimer for further details. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Backpack is not liable for any losses you may incur. This material should not be construed as financial, legal or other professional advice.