Why they stop with the Proof of Solvency Audit?

medium.com9m ago

We ran the same procedure for all the assets on the ICONOMI platform and built a tree for every asset to get multiple root nodes. These root nodes are extremely important because they show the liabilities we have for each asset. Additionally, using hashes all the way up to the root node makes the data in the tree tamper-proof: we cannot change any of the data in the tree without also changing the hash of the root node.

Procedural Difference for Digital Asset Arrays

The same procedure is used for generating Merkle trees for DAAs except for the data used in the leaves. In the hashing function for DAA Merkle trees, we use DAA tickers instead of user emails. For example:

How to Verify Merkle Trees How Deloitte Verified our Merkle Trees

Deloitte received the full Merkle trees (balances and hashes only, so no user data was shared) and checked all balances and hashes up to the root node. They were able to check that there were no negative balances and that all nodes were summed and hashed correctly. They also listed the root node hashes publicly, meaning if we ever tried to change any balances or add or remove users in these trees, it would be publicly known.

Coming Soon: Verify Your Branch from the User Dashboard!

Users will be given tools on our platform to verify their branch of the tree and make sure their assets were included in the tree sent to Deloitte. Users can only see their own partial tree, but liabilities are still fully verifiable.

All users who had assets on the ICONOMI platform at the time of the blockchain audit will see the following data on the platform blockchain audit page:

User email used at snapshot time Audit ID generated for the user For each asset they were holding at snapshot time: asset or Digital Asset Array ticker, balance, and a link to their partial tree

Here is an example of what a partial tree would look like for the user from the previous example:

Users can see the path from their leaf to the root node. By using any online SHA256 calculator, information on the user’s individual blockchain audit page, and the information provided in this blog post, users should be able to verify that all the hashes from their leaf node up to the root node are correct. Users should also verify that the hash of the root node matches the one listed by Deloitte for that asset. DAA managers will also be able to verify the holdings for their DAAs.

Once the user blockchain audit interface has been implemented, we will publish a dedicated blog post explaining how you can verify your own assets. More updates will follow.

Proof of Reserves

We provided Deloitte with all our exchange balances, all our bank account balances, and all our blockchain addresses holding assets.

Exchange and bank accounts were verified in person. We proved ownership of blockchain addresses either by generating signatures with the private key(s) for those addresses with random strings provided by Deloitte or by creating transactions with an amount and target address agreed on in advance.

Note: For the wallet involved in the Parity hack at address 0x376c3e5547c68bc26240d8dcc6729fff665a4448, we were able to prove ownership by signing messages with private keys, but we cannot access those assets at this time.

Proof of Solvency

All eighty assets were blockchain audited. We have $133.6M of liabilities and $210.2M of reserves. The full data is available on our website.

In conclusion, by proving we have more assets in our reserves than liabilities to our users, we have proved that we are solvent.

Follow our official channels for more updates and news:

Facebook / Twitter / Reddit / Medium

or log into our platform to explore more DAA strategies.