Jump Crypto releases research on Proof of Solvency vulnerabilities

Jump Crypto (JC) released a research article on Dec. 21 that analyzed Proof of Solvency (PoS) vulnerabilities and how PoS works in theory, but failed in practice. .

of articlethe research-driven quantitative trading firm said:

In order to prove the solvency mechanisms that prevent exchanges from misappropriating consumer deposits, consumers must verify that their deposits are on the exchanges reported deposit list.

As a mechanism used by exchanges to show customer deposit holdings, the report showed that the PoS mechanism is not always effective in practice.

If exchanges can predict future verifications or be suspicious of failed verifications, they can successfully divert consumer funds.

JC says that the “strong probability guarantees” that underpin PoS in theory are “very weak in practice.”

actual defect

JC’s findings present three perspectives that reveal the reliability flaws of PoS mechanisms. they are:

1. From a verifiability point of view: Exchanges may not have control over the on-chain addresses they claim, said JC.
2. From a financial point of view: JC said PoS is not a guarantee of actual corporate solvency as exchanges retain other assets and liabilities on their balance sheets.
3. From a technical point of view: JC says PoS is “not necessarily plug-and-play, and choosing the right approach can be tricky.”

JC acknowledged that the crypto community was already partially aware of these flaws, but suggested further consideration of exchanges’ suppression of failed PoS checks.

YOU MAY ALSO LIKE

The Future of Blockchain: Key Innovations Transforming Industries

September 19, 2024

Hong Kong court orders financial disclosures in multi-million dollar MANTRA DAO case

September 18, 2024

Tesla reports no change to $184M Bitcoin holdings amidst record $25B revenue

July 20, 2023

Bitcoin mining difficulty sees 7% uptick in 11th such rise this year

July 12, 2023

PoS check failure

JC suggested that it is imperative for both exchanges and users to consider mechanisms for user-initiated checks and raise potential issues to restore the effectiveness of PoS.

Exchanges are more likely to be able to predict which consumers will check, and exchanges may also throttle a small number of failed checks, which weakens the probabilistic security that proofs of solvency provide. or weaken it.

JC also suggested that users learn the arbitration mechanism for failed PoS checks.

If a check fails, there is often no formal mechanism to escalate or verify it, requiring users to make it public on Twitter and other social channels.

By promoting it on social media, JC said, “One voice, or a few voices, arguing on Twitter could easily be mistaken for FUD.”

JC also warned that malicious exchanges could “easily lean into this narrative”, directing public criticism at them, labeling them “engagement farmers” and promoting them to their user base. persuade them to ignore it.

Possible solution

JC stated five distinct changes that exchanges could implement to mitigate the discussed vulnerabilities, but flaws remain.

1. Exchanges can help users verify their financial stability, but they may collect more user information and confuse users.
2. Exchanges can offer rewards for finding false proofs, but this can lead to false positives and false accusations have no effect.
3. Exchanges can automatically send trees or user-specific proofs to users. This can increase false positives and deter new users.
4. Because exchanges can generate evidence faster and more often, exchanges may be able to change evidence after investigation.
5. Exchanges can use secret auditors, but this can reduce trust in the process.

JC concludes the research article by stating:

This article is not intended to criticize exchanges that are rapidly building proof of solvency infrastructure. We expect it to mature over time.