Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Binance’s Proof of Reserves gets a security boost thanks to Hacken’s discovery

Binance’s Proof of Reserves gets a security boost thanks to Hacken’s discovery

Share via:

On Feb 14, 2023, Hacken researchers identified a bug in the Binance zkSNARK-based Proof of Reserves system. We immediately notified the Binance team. Together, we quickly resolved the issue.

Binance Proof of Reserves integrates zk-SNARKs

On Feb 10, 2023, Binance released an automated Proof of Reserves system based on zk-SNARKs. With this upgrade, Binance’s developers added zero-knowledge proof protocols to their existing Merkle tree cryptography, introduced shortly after the FTX collapse.

A Merkle sum tree alone had two major shortcomings: privacy and negative balances. Binance’s dev team addressed those problems by generating zk-SNARK proofs for batches of 864 users each. However, the first version of the zk-SNARK contained a vulnerability in Binance’s zk-SNARK code that could challenge the validity of solvency proofs.

Hacken Research Team discovers a vulnerability

Through independent research, Hacken discovered a glitch in Binance’s Proof of Reserves, allowing for the potential generation of fake user debt which could not be detected by a third party.

Our research team of L1 auditors Bartosz Barwikowski and Yarik Bratashchuk led by Luciano Ciattaglia checked the code and discovered a bug in the circuit that allowed it to bypass api.AssertIsLessOrEqual(totalUserDebt, totalUserEquity) assertion.

It was possible to create a fake proof by setting BasePrice to a very high value because of a missing CheckValueInRange validation for this parameter. On the one hand, BasePrice is public for everyone, so it would be easy to detect if it’s invalid or not. On the other hand, there was a way to create fake proof without anyone knowing.

Each proof is generated for batch of 864 users, then they’re linked with each other using the following poseidon hash:

There was a critical bug related to BasePrice overflow. It could have been abused to change the BasePrice without anyone noticing it, which could allow for an exchange to lower their proved liabilities. The Hacken team created an illustration of batch proof calculations here.

Hacken L1 Auditor explains everything in detail, including the solution on GitHub.

Link to the pull request on GitHub ⬇️
https://github.com/binance/zkmerkle-proof-of-solvency/pull/5

Binance Response

As guardians of Proof of Reserves, Hacken is dedicated to ensuring exchanges’ transparency. That’s why we contacted the Binance team right away so that they could fix the bug. They responded swiftly.

Hacken’s proposed solution was to add CheckValueInRange for BasePrice which prevents overflow.

After a brief review, Binance team agreed with the feedback and merged Hacken’s commit into binance:main.

We’re thrilled that the world’s largest crypto exchange shares our commitment to transparency. In light of recent events, it is clear that all custodians must prove their net balances.

Learn more in the full independent technical assessment ⬇️
https://hacken.io/audits/#binance

About Proof of Reserves Audit

As a trusted blockchain security auditor, Hacken provides all crypto custodians with valid and secure cryptographic verification of equality and debt. We continue working towards the highest security standards. Contact us today to learn more about our Proof of Reserves Audit and how we can help you prove solvency.

About Bartosz Barwikowski – the auditor who found and reported the bug in Binance PoR

Bartosz is one of Europe’s most talented blockchain security experts working as a layer 1 blockchain researcher and auditor at Hacken. He is a certified CCSS Auditor with additional CEP and CBP certifications from CryptoCurrency Certification Consortium (C4) and has a strong engineering background from the Warsaw University of Technology.

His journey in crypto started in 2014 when he bought and mined his first bitcoins. He has been developing secure smart contracts since 2017 and gradually shifted focus toward all layers of blockchain architecture. Since June 2022, Bartosz has worked as a layer 1 blockchain security auditor at Hacken. In less than a year, he detected 30 critical vulnerabilities.

Binance’s case proves that Bartosz is among the most promising talents in blockchain security, with a passion for making Web3 safer. Additional kudos to Yarik and Luke for showing leadership in safeguarding transparency in Web3.