Reserve Audit

A real-time, automated verification where a smart contract or oracle continuously proves that the total supply of a token does not exceed the value of its on-chain reserves. This is the gold standard for transparency, as the proof is publicly verifiable by anyone at any time.

• Mechanism: Uses proof-of-reserves algorithms and merkle tree constructions.
• Example: A stablecoin protocol where a smart contract holds collateral and mints/burns tokens based on verifiable, on-chain deposits and withdrawals.

A traditional, point-in-time examination conducted by a licensed accounting firm (e.g., an audit following GAAP or ISA standards). It provides a high level of assurance on the existence and valuation of reserves at a specific date.

• Scope: Verifies off-chain assets (bank accounts, treasury bills) and on-chain holdings via wallet attestations.
• Limitation: Provides a historical snapshot, not real-time assurance. The report is typically issued quarterly or annually.

A cryptographic audit technique that allows users to cryptographically verify that their funds are included in the total custodial reserves, without revealing other users' balances. It proves solvency (assets >= liabilities) but not necessarily asset quality.

• Key Components: A Merkle root of user balances and a digital signature from custodial wallets.
• Common Use: Centralized exchanges (CEXs) like Binance and Coinbase use PoR to demonstrate they hold sufficient customer funds.

A specialized audit for protocols backing tokens with off-chain, physical assets like real estate, commodities, or corporate debt. It verifies the legal ownership, valuation, and custody of these non-digital assets.

• Challenges: Requires bridging the trust gap between physical legal titles and on-chain tokens.
• Process: Often involves a special purpose vehicle (SPV), legal opinions, and regular reports from a qualified custodian and appraisal firm.

A code-level review focused on the technical security of the smart contracts that manage minting, burning, and collateral locking. This is distinct from a reserve audit but is a critical complementary verification.

• Focus: Identifies vulnerabilities like reentrancy, logic errors, or upgrade risks that could compromise the reserve mechanism.
• Conducted By: Specialized firms like Trail of Bits, OpenZeppelin, or CertiK. Findings are published in a public report.

An automated, frequent verification system where a decentralized oracle network (e.g., Chainlink Proof of Reserve) periodically attests to the state of reserves and publishes the data on-chain. It bridges off-chain data with on-chain verification.

• Frequency: Can provide attestations hourly or daily, far more frequent than manual audits.
• Function: Oracles fetch data from custodians, APIs, or reserve wallets, cryptographically sign it, and deliver it to a verification contract for consumption by dApps and users.

MakerDAO's DAI stablecoin is backed by a diverse portfolio of collateral assets, including significant holdings in Real-World Assets (RWAs) like U.S. Treasury bills. Audits for these reserves involve multiple layers:

• On-chain verification of crypto collateral via oracles.
• Off-chain due diligence and regular reporting by specialized asset managers for RWA portfolios.
• Risk parameter audits by decentralized governance and third-party risk assessors.

Lido Finance issues stETH, a liquid staking token representing staked ETH on the Beacon Chain. Its reserve audit is inherently on-chain and verifiable. The protocol's smart contracts publicly track the total amount of ETH staked and the corresponding stETH minted. Users and auditors can independently verify that the stETH supply is 1:1 backed by staked ETH plus rewards, making it a prime example of a crypto-native, algorithmically verifiable reserve.

Frax Protocol employs a hybrid collateral model for its FRAX stablecoin, backed partly by USDC and partly by its governance token, FXS. Reserve audits must account for this dual structure:

• Verification of USDC collateral in publicly disclosed wallets.
• Algorithmic stability mechanism audits to ensure the collateral ratio is maintained as market conditions change.
• This model demonstrates the audit complexity for fractional-algorithmic stablecoins.

A key metric in lending and stablecoin protocols, calculated as (Value of Collateral / Value of Debt) * 100%. It measures the safety buffer for issued loans or minted stablecoins.

• Over-collateralization (e.g., 150%): Requires more collateral than the debt value, common in DeFi (MakerDAO, Aave).
• Under-collateralization: Higher capital efficiency but carries greater liquidation risk. A reserve audit verifies that the reported collateral backing the protocol's obligations actually exists and is correctly valued.

The formal document issued by an auditor after a reserve audit. It is not a legal opinion but a factual assertion based on observed evidence. A robust report includes:

• Scope and methodology detailing what was examined (e.g., wallet addresses, valuation methods, snapshot time).
• Findings presented as an opinion (e.g., 'unqualified' for a clean report).
• Supporting evidence like blockchain transaction IDs and data snapshots for public verification. This report is the primary deliverable that builds trust with users and stakeholders.

A specialized audit challenge for protocols backed by off-chain assets like treasury bills, real estate, or corporate debt. Verification requires:

• Custody proof from regulated financial institutions (e.g., bank statements, trust receipts).
• Legal structure review of the entity holding the assets and the rights of token holders.
• Ongoing monitoring for asset performance and potential defaults. This process is more complex than verifying on-chain crypto reserves due to reliance on traditional finance infrastructure and legal frameworks.

An assessment of a protocol's ability to meet withdrawal demands without causing significant price impact. It goes beyond simple solvency to examine:

• Depth of liquidity pools on decentralized exchanges (DEXs).
• Withdrawal queue mechanisms and processing capacity.
• Stress test scenarios simulating mass withdrawal events. A protocol can be technically solvent (positive net assets) but illiquid, unable to fulfill user redemptions in a timely manner, which a reserve audit alone may not capture.