What Is Proof of Reserves (PoR)? The Key to Crypto Audits

Proof of Reserve (PoR) is the outcome of a set of procedures, typically conducted by an independent third party, to provide transparency on the crypto and fiat assets controlled by an exchange. These procedures, known as Agreed-Upon Procedures (AUP), help verify that the exchange holds the assets it claims to possess.

A reasonable PoR report should also include information about liabilities, which together contribute to what is known as Proof of Solvency.

Key Audit Matters in Proof of Reserve

Although the procedures in a PoR report are ultimately determined by the auditee, and there are currently no established professional audit standards for PoR, the key considerations for a PoR audit are as follows:

1. Blockchain Verification: The auditor should understand and be able to use blockchain technology to publicly verify the exchange’s on-chain assets at a specific block height.
2. Crypto Asset Ownership: How does the crypto exchange prove ownership of its crypto assets? Does it use multi-signature wallets, and how does the auditee protect private keys?
3. Fiat Asset Segregation: Does the exchange use a trust bank account to segregate users' fiat assets from its operational funds?
4. Smart Contract Review: Should the audit involve a smart contract expert to review the code deployed on the blockchain and ensure its execution aligns with the agreed-upon contract terms?
5. User Liability Verification: Does the exchange use a Merkle Tree to verify the completeness and accuracy of user liability balances? Auditors should be mindful of common vulnerabilities in Merkle Trees, such as vulnerable summation trees or shared User IDs. For exchanges not using Merkle Tree, auditors should understand how the auditee extracts user liability data and the cryptography used to record user liabilities.
6. Exchange Token Valuation: How does the auditee measure the value of its exchange token? (Note: An exchange token is native to the cryptocurrency exchange and is created by the company that operates the exchange.)

Next Steps After PoR Verification

While publishing a PoR audit result is an important step toward transparency for crypto exchanges, it is not enough on its own. Several critical issues remain:

1. Overall Balance Sheet: The overall balance sheet of the exchange, including its own assets and liabilities, should also be within the scope of the audit.
2. Compliance Risk: Is the crypto exchange following regulatory requirements? Does it have the necessary approvals or financial/AML licenses from regulators?

Conclusion

Proof of Reserve is a valuable tool for increasing transparency in the crypto industry, offering a clearer picture of an exchange’s asset holdings. However, true transparency goes beyond PoR. Exchanges must also address liabilities, regulatory compliance, and governance to build trust with their users and the broader financial ecosystem.

As an experienced auditor in crypto flied, Crowe Taiwan able to assist transparency of crypto industry. Contact us to explore how we can assist with your PoR or financial audit report: