• Hacken researchers identified a bug in Binance’s zk-SNARK based proof of reserves system.
• Binance upgraded their verification system to include zk-SNARKs for increased transparency and security.
• Hacken discovered loopholes that could allow the generation of fake user debt undetectable by third parties.

Binance Proof of Reserves Upgrade

On February 10, 2023, Binance announced an upgrade on its proof-of-reserves verification to include zk-SNARKs. The upgrade was expected to boost the verification system’s transparency and security and included the addition of zero-knowledge proof protocols to Binance’s existing Merkle tree cryptography. This addressed the possibility of fake accounts and negative balances while preserving user safety and privacy during transactions.

Bug Identification

Hacken researchers ran tests on Feb 14, 2023 and identified a bug in the Binance zkSNARK-based Proof of Reserves system which they made public via a complete report released on Twitter. The team found 42 vulnerabilities, with 16 exposed to public exploitation, 20 dependencies had severe vulnerability while 20 had medium severity. They discovered that Binance’s Proof of Reserves had loopholes that could allow the generation of fake user debt undetectable by a third party and the creation of fake debt by bypassing totalUserDebt, totalUserEquity (api.AssertIsLessOrEqual) assertion due to lack of CheckValueInRange validation for BasePrice parameter.

Hacken Boosts Security

Hacken immediately apprized the Binance team to resolve the issue after identifying the bug in their proof-of-reserves system. The team generated zk-SNARK proofs containing batches of 864 users interlinked through a Poseidon hash as part of their efforts to boost security measures at Binance Exchange Platform.

Open Source Project

Binance also made this project open source with an aim to benefit all crypto industry participants including users who would be assured SAFU (Secure Asset Fund for Users). This way other blockchains can also adopt Merkle tree cryptography based Proof Of Reserves systems for increased industry transparency following FTX’s fall out from cryptocurrency exchange platforms.

Conclusion

The upgrade was successful thanks to Hacken’s report which highlighted some major issues with their previous PoR implementation allowing them to bridge gaps that previously existed between users’ privacy, safety and trust within transactions at Biance exchange platform .

By admin