Open in app

Sign in

Write

Sign in

Beyond Reserves and Liabilities:

Proving Exchange State for DEXes

Ainsley Sutherland
DerivaDEX
6 min readDec 8, 2022

--

Following the recent exchange insolvency crisis, many centralized exchanges are publishing proof of reserves to reestablish user trust. Additionally, some are also releasing “proof of liabilities”.

For decentralized finance applications, proof of reserves and liabilities is necessary but not sufficient for exchanges that utilize off-chain components, or for exchanges that utilize upgradeable smart contracts or contracts with admin control.

For DEXes where the exchange state is modified off-chain, the exchange should have a way to prove that all accounts are held to the same liquidation rules. On FTX, privileged accounts were exempt from this, bringing systemic risk into the exchange so exchange-affiliated parties could profit unfairly.

While users may assume that funds being present in on-chain contracts prevents re-hypothecation or other abuse of deposited funds, this is not necessarily the case. Funds held on-chain are at risk in the following scenarios:

  • Admin risk. If a contract has admin control over the deposit contract, then the deposits are not secure while a single person or persons can modify the contracts.
  • Off-chain state risk. If contracts accept state from an off-chain exchange in order to determine user allocations, that state must not be controlled by a single entity or be otherwise manipulated by exchange operators.

At DEX Labs, we believe DEXes must provide proof of state to make statements about reserves and liabilities meaningful. Without this, the on-chain deposit contracts of a DEX provide only minor advantages over wholly centralized exchanges.

DerivaDEX provides provable, transparent exchange state at all times, as well as a strict use of governance for all code updates and parameter changes.

First, some background:

Proof of Reserves and Liabilities for CeFi

In short, the biggest problem for proving the solvency of centralized exchanges lies in effective “proof of liabilities”, because even on-chain assets apparently controlled by the exchange may have claims on them due to off-chain agreements.

This article by Nic Carter provides an overview of which exchanges are currently providing proof of reserves / liabilities, and the methodologies they use: https://niccarter.info/proof-of-reserves/

Proof of reserves and liabilities in DeFi

DerivaDEX is a decentralized derivatives exchange. Proof of reserves for decentralized exchanges like DerivaDEX is simple. Deposits and withdrawals are on-chain. In the case of DerivaDEX, these deposits and withdrawals take place on Ethereum.

The DerivaDEX balance sheet displays the exact status of all funds processed to the exchange

For other exchanges, deposits may take place on another blockchain, or via deposits to an L2 contract. In any case, users can examine the funds held in the contract to confirm that collateral is present.

This is not enough.

Funds appearing on-chain does not guarantee that user funds are safe and that re-hypothecation or other abuses have not occurred. Users still need to ensure that the contract holding funds will use correct logic to disburse funds. This is particularly relevant for DEXes that combine on- and off-chain components.

If the smart contract looks to the off-chain exchange logic to see user balances, but a single entity is able to manually change balances or apply different standards to different users on the exchange, then this smart contract transparency means very little.

Additionally, if the smart contracts can be modified by admins or another entity, then this is another area of solvency risk.

How can this be solved in a way that creates meaningful proof of reserves and liabilities for DEXes?

Proof of State

The entire state of the DerivaDEX exchange is visible at any time to users streaming the exchange transaction log with the DerivaDEX Auditor tool. Users are able to confirm that the exchange logic implemented by the auditor matches that of the exchange every time there is an on-chain checkpoint by comparing a hash of the exchange state produced by the auditor to that submitted by the operators.

Sneak peek at the logs from DerivaDEX Auditor, and a marketmaker bot

Additionally, public governance is the only mechanism by which any DerivaDEX contracts can be changed or updated.

Reserves, Liabilities, and State for DEXes

Beyond Reserves and Liabilities

DerivaDEX substantiates the on-chain transparency of reserves and liabilities through transparency and verifiability of the exchange state.

Reserves and liabilities should be under the umbrella of transparency for DEXes. Beyond exchange solvency and correctness, what users should care about with DEXes includes answers to questions like:

  • What is the current state of the exchange?
  • What is the size of the insurance fund?
  • What is the risk of auto de-leveraging, and how leveraged are users on the exchange?

A DEX that is decentralized in name only does not provide any of the assurances laid out above. Users should ask of each DEX:

  • What are the risks of a 51% attack, either on the base chain or via application governance? What safeguards are in place?
  • Who controls the state of the exchange, and how can I verify this? Users of centralized exchanges have few protections that prove they are not being countertraded by exchange operators.

Most decentralized derivatives exchanges must uniquely account for user deposits in a way that spot exchanges (i.e., Uniswap) do not need to. Therefore, establishing proof of reserves and liabilities is also important for DEXes that have deposits and withdrawals.

However, unlike centralized exchanges, DEXes:

  • Have more straightforward, trustless means to prove reserves and liabilities
  • Can also provide “Proof of state” and transparency on governance risks

The second bullet point here is critical: without proactive transparency, DEXes can suffer unexpected catastrophic events, despite a convincing rhetoric of verifiable reserves and liabilities.

Users who trade on a DEX where the exchange state can be manipulated by exchange operators, for example, do not truly have the means to withdraw assets at any time. It is critical that all DEX protocols ensure that their off-chain components are as trustless as their on-chain components.

DerivaDEX achieves this through a layered approach of hardware security, economic incentives, and on-chain checkpointing and governance.

For a demonstration of the DerivaDEX Auditor, a tool which enables any user to monitor and verify correctness of the exchange business logic in real-time, join us for a live demonstration and workshop next Wednesday.

Get Involved!

DerivaDEX is currently in open beta, and you can try it out at beta.derivadex.io.

To get testnet tokens and learn more about how to test the exchange and provide feedback, or to participate in the DerivaDAO, check out the Discord or use the Twitter faucet for testnet tokens.

Finally — follow @DDX_Official on Twitter for the latest updates!

Ainsley Sutherland is the product lead at DEX Labs, an R&D technical contributor to DerivaDEX, a decentralized derivatives exchange.

Many thanks to Tom Schmidt for early structural feedback and suggestions, as well as Aditya Palepu and Cody White for their feedback on early drafts. Also thanks to Nic Carter, whose work documenting and proposing proof of reserves/liabilities for centralized exchanges has been critical.

Defi
Dex
Perpetual Contracts
Derivatives Exchange

--

--

Ainsley Sutherland
DerivaDEX

Written by Ainsley Sutherland

449 Followers
Editor for

Product Lead @ DEX Labs (building DerivaDEX & more)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams