Explore

Proof of Reserves and Liabilities: Moving Beyond PoR to Solvency You Can Verify

Proof of Reserves and Liabilities: Moving Beyond PoR to Solvency You Can Verify

In the aftermath of high-profile failures like FTX’s collapse, transparency and trust have become non-negotiable imperatives for custodial services and exchanges. Proof of Reserves (PoR) emerged as a rapid response to prove that on-chain assets held by an exchange exceed its user deposits. Yet, PoR alone stops short of demonstrating holistic financial health. To bridge this gap, the industry is now moving toward proofs of liabilities and verifiable solvency.

The Trust Crisis and the Rise of Proof of Reserves

When FTX filed for bankruptcy in November 2022 amid allegations of misappropriating customer funds, the crypto ecosystem confronted a harsh reality: users had no verifiable way to confirm their deposits remained intact. This “trust crisis” triggered a wave of PoR rollouts by leading exchanges seeking to reassure customers through on-chain transparency.

Proof of Reserves is a cryptographic process that shows an exchange’s entire on-chain asset holdings exceed the total customer balances recorded in its internal database ledger. By structuring user balances into a Merkle Tree and matching its root with a snapshot of blockchain addresses, the exchange offers public evidence that it holds sufficient collateral for 100% repayment of withdrawals.

While PoR quickly gained traction among centralized exchanges (CEXs) like Gate, Binance, and Kraken, it was never intended to be a panacea for all transparency concerns. Its primary goal is to answer a single question: “Does this exchange control the assets it claims to hold?” Beyond that, it leaves critical questions unanswered.

Mechanics of Proof of Reserves

Merkle Trees and Cryptographic Proofs

At the heart of PoR lies the Merkle Tree, a data structure that enables efficient, anonymous inclusion proofs. Each leaf node represents a hashed user balance (e.g., “Alice: 10 BTC”), and internal nodes hash their children pairwise until arriving at the Merkle root. Users can independently verify that their balance is included in the tree without revealing other users’ data.

Simplified Merkle Tree Creation

User balances: ["Alice:10", "Bob:5", "Charlie:7", "David:20"]
Leaf hashes: [H(Alice:10), H(Bob:5), H(Charlie:7), H(David:20)]
Internal nodes:

  • H1 = H( H(Alice:10) || H(Bob:5) )
  • H2 = H( H(Charlie:7) || H(David:20) )
    Merkle root = H( H1 || H2 )

Once the exchange publishes the Merkle root, any stakeholder can fetch the tree and request a Merkle proof for their balance.

Third-Party Audits and Public Verification

To bolster credibility, many PoR implementations engage external auditors. These firms confirm that the snapshot accurately reflects on-chain balances and internal records. Gate, for instance, invited Armanino LLP to audit its reserves, marking a shift toward standardized third-party attestations in the CEX sector.

Exchanges often publish interactive dashboards where customers can paste their account identifiers and receive a Merkle proof of inclusion. This “crowd-sourced” verification layer fosters collective transparency and allows for continuous, real-time monitoring.

Introducing Proof of Liabilities

Proof of Reserves demonstrates owned assets, but it does not reveal what an exchange owes. That’s where Proof of Liabilities (PoL) steps in.

Defining Proof of Liabilities

Proof of Liabilities is the cryptographic analog to PoR on the obligations side. It proves that the total amount owed to users calculated from the exchange’s internal ledger does not exceed a specified figure. By reconciling each user’s balance from the database into a Merkle Liability Tree, exchanges can publish a liability root that anyone can compare against the asset root.

Building the Liability Tree

  1. Extract all customer balances from the exchange’s ledger.
  2. Anonymize each balance by salting with a user-specific secret.
  3. Hash each salted balance to form leaf nodes.
  4. Pairwise-hash the leaves to construct the Merkle Liability Tree.
  5. Publish only internal node hashes for privacy.

By comparing the asset root (PoR) with the liability root (PoL) and their aggregate sums, stakeholders can verify that on-chain reserves exceed off-chain obligations.

Toward Verifiable Solvency

Proofs of Reserves and Liabilities yield two separate claims. Solvency emerges when they are combined in a way that any observer can verify:

Solvency Claim:
On-chain reserves (A) ≥ Customer liabilities (L).

Net Equity on Chain

Solvency verification involves computing the difference A - L and demonstrating that it is non-negative. This calculation can itself be subjected to cryptographic proof using zero-knowledge protocols or Merkle proofs on the net equity value.

Zero-Knowledge Proofs and Liability Trees

Zero-Knowledge Proofs (ZKPs) allow an exchange to prove solvency without revealing exact balances or asset concentrations. OKX’s recent upgrade introduces full liability tree disclosure alongside ZKPs, enabling anyone to cryptographically confirm A \ge L while keeping individual balances private.

By splitting and shuffling leaf nodes in the liability tree, exchanges can maintain privacy for account sizes, yet still publish a complete liability snapshot. When combined with ZKP of net equity, this approach ensures that:

  • All user obligations are accounted for.
  • Total on-chain assets cover those obligations.
  • No sensitive data is leaked.

Limitations of Stand-Alone PoR

Despite its usefulness, Proof of Reserves as a standalone tool has significant limitations:

  • Snapshot in Time: PoR proves reserves at a specific timestamp but says nothing about past misappropriations or future changes.
  • Off-Chain Liabilities: Without PoL, PoR ignores non-customer liabilities (e.g., operational debts, loans).
  • No Process Assurance: PoR doesn’t evaluate the controls around fund custody, leaving gaps in ongoing security and governance.

According to PwC, explanations that PoR “proves everything” are misleading. Proper assurance demands an understanding of process controls, risk management, and consolidated financial obligations, which only a full-scope financial statement audit can provide.

Regulatory Assurance and Audit Standards

To achieve comprehensive trust, exchanges must supplement PoR/PoL with industry-recognized assurance frameworks:

  • SOC 1 / ISAE 3402 Type 2: Audits of internal controls over financial reporting and custodial processes.
  • Financial Statement Audits: Full audits per GAAP or IFRS, covering all assets, liabilities, equity, revenues, and expenses.
  • Capital Adequacy Ratios: Borrowing from traditional finance, maintaining minimum reserves relative to liabilities.

By implementing these alongside cryptographic proofs, custodians can deliver a “belt and suspenders” approach to transparency, blending real-time verification with periodic attestations.

Industry Adoption and Case Studies

Several emerging projects and exchanges are pioneering advanced transparency:

  • Solv Protocol uses Chainlink’s PoR feeds on BNB Chain and Ethereum to secure over $2 billion of collateralized assets, offering customers real-time transparency of staked positions.
  • Binance has published monthly Merkle-tree proofs since late 2022, letting users verify their specific balances against publicly posted reserves.
  • Kraken engages third-party auditors and publishes on-chain addresses, enabling independent monitoring of fund flows.

These implementations illustrate a broader shift: transparency is now a competitive advantage and baseline requirement for user trust.

Best Practices and Recommendations

  1. Dual Proofs: Always combine Proof of Reserves with Proof of Liabilities to enable net solvency verification.
  2. Frequent Updates: Publish Merkle roots and ZKPs on a weekly or monthly cadence to minimize blind spots.
  3. External Assurance: Engage reputable auditors for SOC 1/ISAE 3402 and financial statement audits to validate both controls and financial positions.
  4. User Education: Provide clear guides and interactive dashboards so customers can verify their inclusion proofs.
  5. Privacy Preservation: Leverage zero-knowledge methods to protect sensitive user data while providing aggregate transparency.

Adoption of these best practices moves the industry beyond mere showmanship to genuine, verifiable solvency that stands up to regulatory and customer scrutiny.

Conclusion

Proof of Reserves marked the first step toward rebuilding trust in custodial services by demonstrating that claimed on-chain assets truly exist. Yet, staking reputations solely on PoR is insufficient. The natural progression is to include Proof of Liabilities and verifiable solvency proofs, enhanced by Merkle trees, zero-knowledge cryptography, and robust audit standards. Together, these tools and practices form a comprehensive transparency framework, offering users verifiable assurances that their assets are not only held but fully backed against all obligations.

By moving beyond PoR to solvency, you can verify, custodians and exchanges transform transparency from a marketing slogan into a measurable, continuous reality.

PoR - Proof of Reserves
PoL - Proof of Liabilities

References

MITOSIS official links:

GLOSSARY
Mitosis University
WEBSITE 
X (Formerly Twitter)  
DISCORD
DOCS

Read next

Comments ()