Latest audit time:
(UTC+0)
Excess reserve value:
$ B
Algorithm:
Merkle Tree + zk-SNARKs
Total reserve rate:
Merkle Root Hash:
Customer Net Balance
$
Gate Wallet Balance
$
Excess reserve value
$
Not Data
A centralized trading platform manages a ledger for recording user assets in a database. As such, platforms face the challenge of proving that they have full custody of all users' assets in good condition.
Gate.io implemented the Merkle tree to resolve this issue, by storing the hash value of each user's account assets in the leaf nodes of the Merkle tree. Every user can audit the total amount of users' assets stored in the leaf nodes of the Merkle tree and verify whether his funds are included through a qualified third-party audit agency.
If the assets stored in the Merkle tree are verified to be greater than or equal to 100%, it means the users' assets are kept in full on the platform, i.e. the platform provides 100% Proof of Reserves for the users' assets.
The platform is financially solid
Enhance users' trust
Guarantee the security of users' assets
100% cash out in a crowded withdrawal
Users' assets are at risk of being misappropriated
Delay or inability to cash out assets
The platform may suffer a run if users crowd to request a withdrawal
The platform is more likely to go bankrupt or suffer assets loss
If the total number of tokens managed by the exchange on the blockchain meets or exceeds the aggregate balance of all user accounts, as captured in a snapshot, the platform maintains a 100% margin for those tokens
When you use hot or cold wallets, you transfer a randomly designated amount to the addresses designated by the audit company to prove your ownership over the wallet.
The audit company will add up the balance of the relevant addresses to calculate the total amount involved in the transaction (including users' assets and self-owned assets of the platform).
Please refer to the diagram below for illustration. After the merkle tree is successfully built, the leaf nodes will be exported into a plain text file, which will be published together with the merkle root hash by the auditor.
In cryptography and computer science, a hash tree or Merkle tree is a tree in which every leaf node is labeled with the cryptographic hash of a data block. Every non-leaf node is labeled with the hash of the labels of its child nodes. Hash trees allow efficient and secure verification of the contents of large data structures.
a. The total amount of assets managed by the platform includes the total asset balance of all users.
b. The net balance of each user is greater than or equal to zero.
c. Change of any user's assets will result in alteration of the Merkle root hash value.
zk-SNARK, standing for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge, is a groundbreaking tool rooted in cryptography. Utilizing advanced mathematical algorithms, it can proficiently validate the reserve amount without disclosing specific asset details. zk-SNARK not only facilitates swift asset verification but also negates privacy breach risks. Owing to these benefits, coupled with its non-interactive nature and high scalability, it finds extensive applications in areas like on-chain transaction verification, data privacy safeguards, and identity authentication
1. Install the program and download data:
First, download the verification program via the link provided or access GitHub to download the verification program. Then rename it to main.
Access to the Audit Page and locate the batch you need to verify. Click on [Download Merkle Tree] and [Download User Config] to download the data.
Unzip the zkmerkle_cex_xxx.tar.gz compressed file, place the mainprogram inside this folder, and put the user_config.json file inside the config folder.
The program folder is now
zkmerkle_cex_xxx
Config
cex_config.json
user_config.json
proof.csv
zkpor864.vk.save
main
2. Assets verification:
From cmd or terminal, use the cd command to navigate into the downloaded folder, such as cd ~/Downloads/zkmerkle_cex_xxx.
(Before running the program, you might need to execute chmod 777 mainto grant permissions or set security items.)
Execute the following command to begin verification.
./main verify cex
Upon successful verification, the message will be displayed.
All proofs verify passed!!!
For detailed technical documentation and verification principles, please check the GitHub open-source project
Audit time | Audit firm | Auditor | Repositories | Audit Report |
---|---|---|---|---|
January 3, 2024 | HACKEN | Luciano Ciattaglia、Sofiane Akermoun、Nino Lipartiia、Bartosz Barwikowski | Gate.io PoR Implementation |