easy-audit1.0.1 • Public • Published
This tool is designed to simplify the job of crypto-currency auditors.
This tool is inspired by Olivier Lalonde's PoL and PoA tools:
The reason I wrote my own was because most exchanges seem to request a type of audit which leaks zero information to the public. This tool also expects a data format that does not contain any user-identifying information.
Note that the implementations are not compatible unfortunately.
npm install -g easy-audit
assets.json from exchangeGet
The exchange operator needs to sign a message with all of their hot and cold wallets. This usually works differently for each exchange, but the resulting format should be something like this:
The message should be
[owner] : [blockheight] where
owner is the domain of
the exchange being audited and
blockheight is the height of the reference
All balances should be the total amount of unspent outputs associated with that Bitcoin address at the given block height.
liabilities.json from exchangeGet
We also need a list of liabilities. The exchange operator can provide that in the following format:
The nonce can be generated in any way that the exchange operator prefers, however we recommend the following way:
- nonce ...
SHA256 ( user_email || user_secret )
- user_email ... A value that is unique to the user and user-chosen
- user_secret ... A random or pseudo-random 256-bit value that is unique to each user
user_secret are known to the user, but not the auditor.
This means that the auditor only sees anonymous balances.
Audit assets separately
assets.json format specified above is compatible with
First, you need to run libcoin to download a blockchain with full persistence:
libcoind --bitcoin --persistence=FULL --debug --log=-
--bitcoin... Use Bitcoin blockchain
--persistence=FULL... Don't prune old transactions
--debug... Print additional information
--log=-... Log to stdout
Once libcoin has reached the reference blockheight, you can run
cryptoshi audit path/to/assets.json
If successful, cryptoshi should print something like:
PASSES audit with 12450 Satoshis
There should be no other messages (warnings or errors.)
Run audit using easy-audit
easy-audit audit path/to/liabilities.json path/to/assets.json
The tool will output something like:
ASSET OWNER: example.comBLOCK HEIGHT: 294548ROOT HASH: 25faefe8190e0d179e3029b186e02be644a9c55b786df73ffb33ba270090b022RESERVE RATIO: 107.31%
This is what you sign and post publicly. For your own reference you may also
want to run a verbose audit using the
Once the audit is posted, users may wish to verify they were included in it. The
exchange operator should disclose to each user their
user_secret, the sibling
nodes between them and the root hash and their balance at the reference block
height. The user should verify:
- Their nonce matches
SHA256 ( user_email || user_secret ).
- The balance provided matches what they were holding at the reference block height.
- Their leaf hash matches
SHA256 ( nonce || "|" || balance).
- The siblings provided connect their leaf hash to the root hash where each
internal node is calculated as
SHA256 ( left_hash || "|" || right_hash ).
- The root hash matches the one the auditor signed.
- Checks input file integrity
- Ensures assets message uses correct format
- Generates liabilities root hash
- Verifies asset signatures
- Calculates total assets and liabilities
- Calculates reserve ratio
Currencies supported: Bitcoin
You can also generate a code coverage report:
npm run coverage
- Support for more currencies
- Support for Ripple liability proof
- Support for balance proof against Bitcoin blockchain
- Calculate how old the reference block is
Ideally this tool would be implemented as a zero-knowledge proof (ZKP) that the exchange operator themselves executes and that anyone can verify. Until someone implements that, users have to trust the auditor.
Exchanges can borrow money for an audit, they can buy bitcoins against their customers' fiat balances, they can ask third parties to sign the audit message instead of them signing it and more.
The fact that an exchange is solvent at a given point in time says nothing about their overall exposure to regulatory, technical, financial and other risks. It also says nothing about their integrity.
The liability proof relies on the fact that users actually bother to go through the verification process.
This tool is released under the ISC license.