Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Gate.io’s Proof of Reserves Security Assessment: Elevating Crypto Standards and Trust

Gate.io’s Proof of Reserves Security Assessment: Elevating Crypto Standards and Trust

Share via:

One of the biggest crypto exchanges in the world Gate.io has recently upgraded its Proof of Reserves (PoR) to include zero-knowledge technology, marking an important step toward enhanced financial transparency. Hacken has conducted an independent third-party assessment to evaluate Gate.io’s Proof of Reserves newest implementation, scrutinizing it for vulnerabilities to known attacks or malicious code.

The move is particularly significant in the post-FTX landscape, where most exchanges don’t provide 100% capital reserve. With this initiative, Gate.io raises the bar for the transparency of digital assets among centralized exchanges.

“We’re grateful for Hacken’s thorough and diligent security review, leaving no stone unturned. Ensuring the integrity of our PoR is a commitment not only to user asset safety but also to the entire blockchain industry. Hacken plays an important role in fortifying this commitment and ensuring we continually set the bar high.”
– Dr. Lin Han, Founder and CEO of Gate.io, as reported on Cryptonews.com

Technology & Implementation

Gate.io’s original implementation of PoR, forked from Binance’s “zkmerkle-proof-of-solvency,” underwent significant modifications in structure, dependency management, and cryptographic frameworks since 2020.

The most critical enhancement was the addition of zk-SNARK verification, which eliminated the weakness in the previous implementation that could have allowed the inclusion of fabricated accounts with negative balances, potentially altering data accuracy.

The project uses the following cryptographic frameworks and structures:

A fork of GNARK – to construct cryptographic circuits.
Poseidon hash function with the BN254 curve – for hashing user data and the Sparse Merkle Tree (SMT) structure.
BSMT library – for implementing the SMT with a maximum depth of 28, enabling the Proof Of Solvency system to accommodate over 250 million users.

See Gate.io’s Proof of Reserves implementation on GitHub or read more about it here.

Findings & Recommendations

*Hacken’s assessment on Gate.io’s website*

Assessment Team

The Proof of Reserves Implementation Security Assessment was led by Luciano Ciattaglia, Hacken’s Director of Services and a renowned expert in cryptology, alongside lead auditors Sofiane Akermoun, Nino Lipartiia, and Bartosz Barwikowski.

Method

The team conducted a thorough analysis of Gate.io’s documentation, repository codebase, code structure, and architectural quality, along with examining new release tags and functionalities. We performed extensive checks against known vulnerabilities, including verification through checksum validation for all 1157 dependencies. The primary objective of this assessment was to evaluate the code for vulnerabilities to known attacks or malicious code and to verify the absence of issues in build processes, deployment, and architectural design.

Findings

The Hacken team’s assessment revealed no critical-, high-, medium-, or low-severity vulnerabilities. We found several informative issues:

Merkle root hash integrity: It was recommended that the Merkle root should be signed by a trusted third-party auditor or published on the blockchain for verifiability.
Outdated GNARK version: Updating to the latest GNARK version was strongly recommended to mitigate security risks and efficiency drawbacks.

Assessment

Overall, the project is a testament to a strong foundation in cryptographic implementation and exceptional code organization. Its current state reflects a well-considered balance between functionality and complexity, offering a comprehensive setup for users with its detailed documentation and provided sample data. The project’s existing framework and features already contribute significantly to the field, demonstrating a clear understanding and application of key principles in blockchain technology and cryptographic systems.

The full report is public and can be accessed at https://hacken.io/audits/gate.io.

Conclusions

Gate.io’s PoR implementation sets a new benchmark in the blockchain and cryptocurrency industry. It exemplifies a commitment to transparency and trust for all of its 14M+ users. The 100% Proof of Reserves commitment, as well as a subsequent third-party security assessment of the implementation, offers a blueprint for other digital asset exchanges to enhance their security and integrity.