Audit Page Explainer
Historically, cryptocurrency exchanges have done a poor job when it comes to transparency. Whether it’s exchanges being hacked, founders running away with hundreds of millions of dollars of customer money, concerns over order execution or otherwise, there are many risks involved when dealing with a centralised counterparty that has control over your money.
As we have spoken about in previous posts, DEX’s reduce and in some cases eliminate the need for trusting anyone with your money and are in our opinion the only way to trade cryptocurrencies.
Related to how things work on a DEX, in this post we’ll discuss trustless stablecoins and the transparency we provide around that.
Trustless stablecoins on a DEX
At the moment there isn’t any real cross-chain, trustless orderbook exchange protocol that can link the many cryptocurrencies and blockchains together in one system.
Fundamentally, Bitcoin is not Bitshares or Ethereum or EOS. So if you are to represent BTC on one of those chains, someone needs to be running a Bitcoin node to generate the address for you to deposit at. The person running the Bitcoin node can then issue you the token on that respective blockchain. So who will that be? In most cases, it is a centralised company offering you this service.
We have already been over this previously how another alternative is to create a trustless stablecoin on-chain however, you cannot deposit real Bitcoin in order to get it. So you would need to purchase it with something else or convert your Bitcoin first — just like you cannot deposit USD via a bank transfer to the MakerDAO smart contract to get the DAI token).
So then the question becomes if you deposit 1 Bitcoin with someone else who then issues you 1 Bitcoin token on their respective blockchain to trade with, how do you ensure that they are issuing only the amount of Bitcoins they receive in deposits?
It could very easily be the case that a gateway could be running a fractional reserve where they issue more of the ‘Bitcoin tokens’ on their blockchain than they have actual reserves. A bad actor doing this would do so to profit at the expense of their users, perhaps under the guise of ‘adding liquidity’ when in reality they’re exchanging something of no value (an unbacked Bitcoin token) for something of value (whatever someone is giving them in exchange for that).
The best way for a Gateway or exchange to show honesty in this is to post publicly all the Bitcoin they owe people and then post the addresses they control backing this obligation — this proves they have the money to back their tokens.
Our approach to transparency
Bitspark has been offering an Audit page functionality for our obligations for almost a year now.
We saw this as critical for our launch of our services and also thought it would encourage other Gateways/Exchanges to do the same. Unfortunately, none have taken the same approach to transparency so we are still one of the few companies in the world running an exchange which proves all of our obligations on-chain publicly. The only other company that we know of that provides similar transparency is Bitcoin to gold exchange Vaultoro.
How to read our Audit page
Given the amount of information on the Audit page it’s important to understand what it all means.
Bitspark infrastructure
The first section is titled ‘Bitspark Infrastructure’ and gives an Operational or Not Operational status for each of our core parts of internal infrastructure. The bitspark.io website, the transfer.bitspark.io centralised exchange, the dex.bitspark.io exchange node (SparkHK), our API and related subroutines and our Faucet which registers new users on the DEX paying their account opening fee.
If any of these components are not running it will say so here and you can expect that if one has a Not Operational status then customers may encounter issues when using that part of our infrastructure.
Blockchain infrastructure
Next is our ‘Blockchain Infrastructure’ section, this details the various nodes we are running to facilitate Deposits and Withdrawals from the Bitspark platform and ensure connectivity between all orders we are posting on the blockchain for our customers (exchange orders from the centralised exchange are posted on the DEX via our Bitshares node).
If one of these nodes is down, customers can expect a delay to their deposit/withdrawals or exchange executions.
We also show the last block synced so if you are waiting on a deposit you can confirm if your node has the latest sync or not which would indicate how many confirmations we have credited towards your deposit in the Bitspark system. This may affect the speed at which deposits are credited or withdrawals are sent.
Digital currency funds
This section is an important tally of the amount of cryptocurrency we hold vs the amount that is issued publicly.
It is important that these numbers match because if we issued more than we hold there is a fractional reserve in play — the total sum of hot wallet + cold wallet should = ‘Sparkdex.BTC’ issued.
You may click on the hyperlinks to see on the blockchain proof that the amount of cryptocurrency resides on those wallets. It is also important to know where this bitcoin resides, if it’s on the orderbooks it means that we can sell unbacked bitcoin to people which is bad, if it’s on a hot wallet (on Bitshares our hotwallet is called ‘sparkdex-hot’) then it means it’s not in the markets and not being sold which is better.
In the above screenshot, more Sparkdex.BTC is issued than is stored in the hot+cold wallets. On the face of it that doesn’t look right. But when you look into it a bit more, it becomes clear why this is the case and we are fully transparent with the entire process:
If you deposit 1 Bitcoin to your Bitspark account (e.g. transfer.bitspark.io or dex.bitspark.io), we need to have 1 sparkdex.BTC available almost immediately to send to your wallet. If we don’t have it, then the transaction will fail and customers may complain they deposited real bitcoin and were not credited with their sparkdex.BTC token.
Sparkdex.BTC is a UIA on Bitshares, meaning it is issued by the account ‘bitspark-deposit’ and it is burned on this account too. When a deposit is made to Bitspark, ideally new Sparkdex.BTC should be issued to the account the deposit is owed to, when a withdrawal is made then the sparkdex.BTC the customer has already is sent back to Bitspark where it should be burned when Bitspark sends the withdrawal out.
This whole process assumes the automation of the Deposit and Withdrawal functions which while convenient for customers is a very dangerous function to have automated — something which Bitfinex found out when it automated withdrawals with Bitgo and was hacked for $73M+ in bitcoin.
Therefore, operations like issuing and burning require some involvement from a Bitspark employee and is airgapped.
Additionally the issuer wallets for Bitspark assets are all offline wallets as a security measure.
Given the above situation, in order to ensure fast deposits/withdrawals for customers and accounting for the fact that Bitspark does not have a 24/7 support team answering customer questions, if a deposit/withdraw is slow we ‘over issue’ an amount of Sparkdex.BTC to our hot wallet (sparkdex-hot). This means that when a deposit comes in, we do not need to issue it using an issue function and therefore there is no need to compromise the security of an offline wallet like the sparkdex.BTC issuer (bitspark-deposit).
This ensures that the amount of sparkdex.BTC on the sparkdex-hot wallet is available to account for any incoming deposits a customer has. If a customer deposits more real BTC than the available sparkdex.BTC ‘over issued’ to sparkdex.BTC, then they will need to wait till a Bitspark team member is online again to issue more.
Therefore we must judge what we think is a reasonable margin of issued assets to remain on the hot wallet keeping in mind that we don’t want to issue too much to this hot wallet for risk management and customer transparency.
We can, therefore, see that the portion of Sparkdex.BTC that is issued but not ‘backed’ resides on the hot wallet of sparkdex-hot and is not introduced to the market. It can be provably shown Bitspark does not trade with customer funds as the sparkdex-hot wallet never executes orders and the account history is public for all to see and that more sparkdex.BTC is not being dumped on the market which is unbacked by real collateral. The same applies to other crypto assets we issue like sparkdex.ETH.
We are, to our knowledge, the only exchange in the world that has built our centralised mobile and web wallets on top of a DEX with all order execution and orderbooks on-chain and public verifiable. We are also one of the few in the world to be transparent about our reserves and provide real hot and cold wallets.
Stablecoins
Finally, we have our Stablecoins section displaying the balances of cryptocurrencies we hold on behalf of customers on our web and mobile app exchange. These stablecoins live on the bitspark-vault wallet on the DEX. By clicking the hyperlink you can view the balances on-chain and in an upcoming update we will also be publishing some anonymised metadata from our internal database to compare against on-chain reserves.
Upcoming Additions
One of the items on our roadmap is an updated design of the Audit page to make many of the things we discussed in this post much clearer.
We are working on the following improvements:
- Clearer explanations and data presentation for the process around issued vs circulating supply vs collateral backing for cryptocurrencies.
- A unique identifier for balances from our database and comparison to on-chain data for stablecoins
- Better explanations around infrastructure components
- New UI to reflect these changes in line with updated Bitspark branding.
We hope this blog has helped assist you with navigating the Aduit page and we are committed to maintaining the highest levels of transparency in our operations — something which is unique in the cryptocurrency world.
It is for these reasons we firmly believe Bitspark is the safest, fastest and best place to trade cryptocurrency
Originally published at https://www.bitspark.io.
