For a digital assets trading platform, that custody users’ assets, a question often asked is whether the user's assets are still intact and stored in the exchange's wallet, whether it has been stolen, and whether it has been misappropriated. When users withdraw coins, can they withdraw their own coins smoothly?
The scheme to prove that the user's assets is intact and stored in the exchange wallet is generally called "Proof of Reserve". The steps are as follows:
- Announce the exchange's hot and cold wallet addresses and balances
- Snapshot user asset balance
- Use the snapshot of the user's asset balance to construct a Merkle Tree, the leaf is the user's asset balance, and the root is the user's total asset balance
- Public Merkle Tree for user verification
- Check whether the balance exists in the Merkle Tree leaf node
- Verify the calculation of Merkle Tree from the leaf node to the root node of its balance, and confirm that the hash is correct
- Compare the total asset balance of the root node with the balance of the cold wallet and the wallet address announced by the platform to confirm that the exchange assets are sufficient
- Even if it proves that the user's coin is in the exchange's wallet, it does not mean that the withdrawal can be withdrawn.
- Need enough users to carry out the actual verification operation to reduce the probability that the platform will falsify data in the Merkle Tree and will not be discovered. Ideally, all users who hold positions have performed self-validation verification, and all verifications are correct, which proves that the Merkle Tree generated by the platform is completely correct.
HBTC Specific Practices
Raw data selection
- Coins: HBTC asset certificate three type of coins: BTC, ETH and USDT
- Balance snapshot: HBTC selects all user balances, including summary wallet account, option account, contract account and user-defined sub-account balance at UTC+0 (Singapore time, GMT+8) time on April 13, 2020. One record per coin, including UserID, Nonce random code, amount balance. This nonce chooses to use the account id of the user's wallet account
- Hot and cold wallet address:
- Due to the wallet collection strategy of ETH and USDT, some funds were not collected to the hot wallet address
- Due to the characteristics of Bluehelix cloud's custody and clearing platform and liquidity sharing function, the balance of the HBTC exchange changes rapidly, and some of the balance changes are not reflected in the on-chain hot wallet balance, but the custody and clearing platform internally completes the clearing.
Leaf node generation
- Round the user balance amount * 10 ^ 8
- Calculate hash = sha256 (userId + "|" + nonce + "|" + amount)
- Convert hash to hexadecimal string and take the first 16 characters as hexHash and store it on the node
Tree node generation
- Because every 2 child nodes need to gather a parent node, if the number of child nodes is odd, copy the last node, the amount is cleared, and used as a padding node
- Parent node amount = sum of child nodes amount
- Parent node hash = sha256 (parent node amount + "|" + leftNode.hexHash + "|" + rightNode.hexHash)
- The parent node hexHash is the parent node hash to hexadecimal, and takes the first 16 characters
User authentication subtree generation
- The set of all nodes that pass through the only path from the root node to the leaf node where the user is located, and other nodes involved in the calculation, is called the user verification subtree. Provided to users for verification operations
- The user's own leaf node is called its own node ‘self’. The next user node is called user node ‘user’
- The first-level node is called the root node ‘root’
- From the leaf node up to the root node, the passing nodes are called ‘relevant’ nodes.
- Non-related nodes involved in the calculation of related nodes are called ordinary ‘node’.
HBTC provides a page for users to self-validate on the PC Terminal
- Visit the user center to get your own userId
- Visit the asset page to get your own balance in the corresponding coin asset, multiply the balance by 10 ^ 8 and then round up as the amount
- Visit the asset certification page to get your own nonce
- Calculate sha256 (userId + "|" + nonce + "|" + amount) 16 bytes on the left and compare it with the hash of the self node of the asset certification page
- From the self node all the way up, calculate and verify the hash of each node: first add the amount of the two child nodes as the amount of the parent node, and then calculate sha256 (amount + "|" + leftNode.hexHash + "|" + rightNode. 16 bytes to the left of hexHash), compared with the hash of the parent node
- Calculate all the way to the root node, and confirm that the amount and hash of each level in the middle match correctly
- HBTC Proof Generation and Validation Sample
- Renrenbit 100% Proof of Reserve
- Proof of Liabilities (PoL) Github Code