Since FTX was insolvent due to misappropriation of users’ funds and was hit by a thunderstorm, major exchanges have expressed that they will launch their own 100% Merkle tree reserve certificates to prove that their asset reserves are 100% sufficient and will not be misappropriated. , similar events will not occur. So, what is a Merkle Tree Proof of Reserve, why does it prove to have a 100% reserve, and what potential problems does it have?
First understand what is a Merkle Tree. A Merkle tree is a data structure. As shown in the figure, we have 4 pieces of data, each of which is the user’s ID and balance. The leaves of the Merkle tree are formed by hashing the 4 pieces of data separately, and then the hash values of the two leaves are combined and then hashed. In this way, we will get a complete Merkle tree. The topmost node is called the root of the tree. Due to the characteristics of the hash algorithm, any change in any data node will cause the hash value of the root of the tree to change.
Therefore, when we need to prove that a certain user is indeed on the tree, such as proving User1 and its balance, we only need to provide the value of the blue node in the figure. User1 only needs to know his user ID and balance, as well as Hash2 and Hash34 (these two hashes are provided by the exchange) to verify that he is on the root of the tree. Obviously, just giving these few nodes is enough to hash all the way to the root of the tree. It only needs to verify whether the values of the root match. We call [User1, Hash2, Hash34] a Merkle proof or path to prove User1.
Merkle Reserve Proof can be implemented in various forms, let’s take a look at Gate.io’s solution first. The realization idea is:
1. Public Merkle root.
2. Ability to prove to any user that their balance and UID are on the tree.
3. A third-party auditing company audits the total balance of all users on the tree.
4. A third-party auditing company audits the total balance of all wallet addresses on the exchange.
Point 1 and 2 are a dynamic deterrent from mathematics and society. Whether it is for users or auditing companies, they cannot be sure whether this Merkle tree root can correspond to all users of Gate. But since everyone can verify whether they are on the tree (obviously, it is impossible for ordinary users to verify other users due to privacy issues), once someone provides evidence that I am not on the tree, then Gate is undoubtedly fake. When no one claims that the Gate is fraudulent, we all assume that the root of the tree is correct, and the audit company can also audit each node in the tree based on this and sum up the balance of the user.
Point 3 and 4 are based on third party trust. It may be criticized here, but for CEX, it is almost impossible to find a way to avoid trust, we just need to pay attention to the problems that may arise here.
Potential problems are:
The update frequency of the root of the tree. CEX has a large number of transactions per second, and it is unrealistic to update the root of each transaction. There is a high probability that the tree roots you see will not be the latest, that is, what you know is not the latest. Update frequency is a key parameter to ensure the effectiveness of the system.
Front-end fraud problem. Users basically open the front-end page of the exchange to verify whether they are in the tree. This page can return false results, and some third-party open source software may be needed to solve this trust problem.
Credit issues for third-party audits. Many companies in the traditional financial industry have also been audited at various levels, and having audits does not mean that they are foolproof.
Whistleblower usability issues. Even if a certain user finds out that the root is false, can he realize what he should do, and can he effectively prove that he is right and spread this fact?
While we cite a range of issues, more transparency is generally a better trend for CEX users.
It is hopes that all exchanges in the future can implement a similar or better 100% margin reserve proof system to provide a more open and transparent environment.