Skip to content

Proof of Reserve & Reserve Attestation Infrastructure

In short

Proof of reserve publishes continuous, on-chain evidence that a token issuer holds reserves equal to or greater than the tokens in circulation, replacing a point-in-time audit with data anyone can verify against the blockchain at any moment.

$4.2B+
audited assets
1,500+
enterprise clients
45%
fewer reconciliation errors
60%
faster compliance reporting
Trusted by teams building on-chain

Proof of reserves is a verification method that publishes continuous, on-chain evidence that a token issuer holds reserves equal to or greater than the value of tokens in circulation, replacing a single point-in-time assertion with data anyone can check against the blockchain at any moment. Unlike a traditional audit, which gives a signed opinion about one past date, proof of reserve runs as live infrastructure that updates continuously, verified by three parties: the issuer stays issuer of record; an independent auditor signs the reserve figures; and the infrastructure provider builds and operates the rails.

Protofire builds and operates that infrastructure. We are an engineering-led blockchain development firm with 250+ projects shipped since 2016 and a Chainlink core contributor. We have built proof-of-reserve systems at enterprise scale (Armanino's TrustExplorer Proof-of-Reserves suite), delivered 15+ attestations for the BaFin-regulated Swarm Markets, and maintain the Chainlink adapter behind Cache.gold's proof of physical gold custody.

Most issuers already run the pieces, custody, an issuance protocol, an oracle, a compliance tool, but those pieces do not talk to each other, so reserve reporting turns into a monthly scramble of manual reconciliation across disconnected systems with no clean, regulator-ready output. Protofire builds the vendor-neutral spine that connects them: it reconciles on-chain token supply against off-chain holdings continuously, flags any drift, and turns the monthly reserve report from a fire drill into an always-on, exam-ready readout. This service is for stablecoin and e-money token (EMT) issuers, tokenized-fund managers, and real-world-asset (RWA) issuers. One rule shapes everything we build: Protofire builds and operates the rails, an independent auditor signs the figures, and the issuer stays issuer of record. Protofire does not itself attest, and that separation is intentional and regulatory.

Reserve attestation is a five-layer pipeline

We build and operate every layer. The independent auditor signs; the issuer stays issuer of record.

01

Custodian API adapter

Reads reserve balances from the source of truth: a bank API, custody platform, SWIFT feed, or tokenized-fund NAV feed.
02

Chainlink PoR adapter

Brings that data on-chain through a decentralized oracle network, built by a Chainlink core contributor.
03

Aggregation contract

A Solidity reconciliation engine that compares reserves against circulating supply on every update and flags drift.
04

Compliance dashboard

Renders the data for treasury, finance, and risk teams, with monitoring and alerting on any deviation.
05

Reporting pipeline

Packages the figures for the independent attestor and regulators on cadence, operated after launch.
01

What is proof of reserve for stablecoin and token issuers?

For an issuer, proof of reserve lets anyone confirm, on-chain and in near real time, that every token in circulation is backed by an equivalent reserve asset. A feed reads reserve balances from the custodian, an oracle network writes them on-chain, and an aggregation contract compares them against circulating supply on every update, exposing the ratio publicly so a holder, an exchange, or a regulator can verify backing without trusting a screenshot or a quarterly PDF. The reserves can be fiat held at a bank, short-dated Treasuries, a tokenized money-market fund, or physical commodities such as gold. Proof of reserve does not replace the issuer's accounting or the auditor's signature; it makes both continuously visible, turning reserve transparency into an always-on property of the token.

02

How does on-chain proof of reserve differ from a financial audit?

A financial audit and on-chain proof of reserve answer the same question on different timescales. An audit gives a signed opinion about one past date, weeks after the period closes; proof of reserve publishes the reserve-to-supply relationship continuously, verifiable by anyone against the blockchain. The differences are frequency (every update versus quarterly or annually), verifiability (anyone can check the chain versus reading a report), latency (minutes versus a lag that can reach 90 days), and scope (a live backing ratio versus a full opinion on controls and valuation). The two are complementary, not competing: an auditor still attests the figures, and the infrastructure makes that attestation continuously visible between reports. MiCA Article 36 effectively implies both, ring-fenced reserves with independent attestation plus ongoing reporting.

03

What does MiCA require for e-money token reserve attestation?

Under MiCA, e-money token (EMT) and asset-referenced token (ART) issuers must hold reserves that are ring-fenced from the issuer's own funds and segregated in custody, with Article 36 setting out those custody and segregation requirements. Significant EMT issuers face a monthly independent attestation expectation on reserve composition and value, and the EBA's regulatory technical standards (RTS) specify the reserve-composition data to report and the independence of the attesting party. Read as infrastructure rather than legal advice, these rules imply an operational pipeline: reserve data pulled from segregated custody, written on-chain so it is tamper-evident, reconciled against circulating supply, and packaged for an independent attestor each month. That is the system Protofire builds; interpreting your specific obligations belongs with your counsel.

04

How does the GENIUS Act affect stablecoin reserve reporting?

The GENIUS Act, the United States framework for payment stablecoins, centers reserve reporting on three requirements: a monthly public reserve report, examination of that report by an independent auditor, and reserves held in eligible high-quality assets, principally cash and short-dated US Treasuries. Meeting that standard at scale is a data problem before a compliance one: reserve composition has to be pulled from custodians and fund administrators, reconciled against circulating supply, and surfaced every month for an auditor to sign. A real-time, on-chain data pipeline turns that monthly report from a fire drill into a continuous readout. Note that as of mid-2026 the GENIUS Act is proposed legislation, so the final obligations should be confirmed against the enacted text; we track its passage as we scope an engagement.

05

What are the components of a reserve attestation system, and which does Protofire build?

A reserve attestation system is a pipeline of five components, and Protofire builds and operates every layer. A custodian API adapter reads reserve balances from the source of truth: a bank API, a custody platform, a SWIFT feed, or a tokenized-fund net-asset-value feed. A Chainlink Proof of Reserve external adapter brings that data on-chain through a decentralized oracle network; as a Chainlink core contributor we build and maintain these adapters, including the one behind Cache.gold's proof of physical gold custody. An on-chain aggregation contract in Solidity, deployed across EVM networks, runs the reconciliation engine: it compares reserves against circulating supply on every update, publishes the ratio, and flags any drift. A compliance dashboard renders the data for treasury, finance, and risk teams, with monitoring and alerting on any deviation. An automated reporting pipeline packages the figures for the independent attestor and regulators on cadence, and we keep it running after launch. What we do not do is sign the attestation, that is the independent auditor's role, by design. The oracle layer is one component here; teams that only need oracle feed integration for a DeFi contract should see oracle integration.

06

Who needs proof-of-reserve infrastructure?

Three kinds of issuer need this most: EMT and stablecoin issuers, who face monthly attestation expectations under MiCA and the proposed GENIUS Act; tokenized-fund managers, whose NAV and share supply have to reconcile continuously for institutional holders; and RWA issuers, backing tokens with Treasuries, credit, commodities, or real estate that holders cannot see directly. The decision-makers are usually the CFO, the Chief Compliance Officer, and the Head of Treasury. The qualifying conditions, which we check before building, are concrete: a live token in circulation, a custodian or banking relationship with an accessible API or data feed, and a regulatory or holder-driven demand for verifiable reserves. Where the custodian has no usable data feed, we say so in scoping rather than after launch.

07

An engineering-led reserve attestation team since 2016

Protofire is an engineering-led blockchain development firm with 250+ projects shipped since 2016, across 60+ networks and 95+ protocols. We are a Chainlink core contributor and build Chainlink Proof of Reserve external adapters. We built Armanino's TrustExplorer Proof-of-Reserves suite, which supports $4.2B+ in audited assets across 1,500+ enterprise clients. We maintain Solhint, the open-source Solidity linter used by 1M+ developers, and harden every contract before it reaches an external auditor. We are a Safe Guardian, with Safe securing $2B+ across 120+ EVM networks, the custody and governance layer that controls who can change a reserve contract. The primitives reserve attestation is built on are tools we help maintain.

08

Where this comes from

The reserve attestation infrastructure this service describes is built on systems we have shipped. We built Armanino's TrustExplorer Proof-of-Reserves suite, the platform a top-20 US accounting firm uses to prove its clients' digital-asset reserves: it supports $4.2B+ in audited assets across 1,500+ enterprise clients, and the infrastructure we delivered cut reconciliation errors 45% and made compliance reporting 60% faster. On the oracle layer, as a Chainlink core contributor we maintain Chainlink Proof of Reserve external adapters, including the adapter behind Cache.gold, a gold-backed token whose on-chain proof verifies physical gold held in custody.

For Swarm Markets, the BaFin-regulated platform, we delivered 15+ proof-of-reserve attestations, the recurring, regulated-issuer cadence that reserve reporting actually runs on; operating a system through repeated cycles for a supervised issuer is what matters when a regulator reads the output. The same discipline anchors our MakerDAO governance-analytics work for the DAI system. Bringing an off-chain reserve on-chain in a tamper-evident form is the specific engineering this service is made of.

09

How an engagement works

1

Readiness & scoping

We assess your reserve-reporting setup against the regulation that applies (MiCA, the proposed GENIUS Act), map the reserve assets, custodian and banking systems, and available data feeds, and set the reporting cadence. Deliverable: a readiness gap analysis plus a scoped architecture and build plan.
2

Build & integration

We build the custodian adapters, the Chainlink Proof of Reserve external adapter, and the on-chain aggregation contract, wire in the dashboard and alerting, and test the data path end to end.
3

Launch & operations

Coverage goes live with monitoring and the reporting pipeline feeding the independent attestor, and we operate the feeds, contracts, and pipeline afterward.

Custodian API access and data format are usually the longest dependency, not contract complexity, so we sequence them first. We confirm the exact timeline and scope after a short discovery call.

10

What you get

  • Custodian API adapters for bank APIs, custody platforms, SWIFT feeds, and tokenized-fund NAV feeds
  • A Chainlink Proof of Reserve external adapter bringing reserve data on-chain through a decentralized oracle network
  • On-chain aggregation contracts in Solidity, deployable across EVM networks, comparing reserves to circulating supply
  • A compliance dashboard for treasury, finance, and risk teams, with monitoring and alerting on any reserve-to-supply deviation
  • An automated reporting pipeline packaging figures for your independent attestor and regulators, operated by us after launch, with the independent auditor as signer and you as issuer of record

Unlike a traditional audit, proof of reserve runs as live infrastructure, updated continuously and verified by three parties: the issuer, an independent auditor, and the infrastructure provider.

Proof of reserve, shipped at enterprise scale
$4.2B+in audited assets across 1,500+ enterprise clients

We built Armanino's on-chain Proof-of-Reserves suite, the platform a top-20 US accounting firm uses to prove client digital-asset reserves. It cut reconciliation errors 45% and made compliance reporting 60% faster.

Armanino TrustExplorerView project →
15+reserve attestations for a BaFin-regulated issuer

For the BaFin-regulated platform we delivered 15+ proof-of-reserve attestations, the recurring regulated-issuer cadence reserve reporting actually runs on.

Swarm MarketsView project →

Proof of reserve vs a traditional financial audit

Traditional auditOn-chain proof of reserve
FrequencyOnce or twice a yearContinuous, on every update
VerifiabilityA signed PDF you trustAnyone can check it on-chain
LatencyA 30 to 90 day reporting lagReal time
ScopeA full opinion on controls and valuationA live, public backing ratio
Who signs itAn independent auditorAn independent auditor, on rails we build and operate

FAQ

What is proof of reserve?
Proof of reserve is a verification method that publishes on-chain evidence that a token issuer holds reserve assets equal to or greater than the tokens in circulation, checkable continuously rather than asserted once. The difference from a PDF assertion is structural: a report is a claim you trust a firm to have made honestly on a past date, while on-chain proof is data anyone can verify against the blockchain at any moment. It works through a three-party model: the issuer remains issuer of record and owns the reserves; an independent auditor signs the reserve figures; and an infrastructure provider builds and operates the rails that bring the data on-chain and compare it against circulating supply. Proof of reserve is now a regulatory expectation as much as a trust feature, implied by MiCA's reserve rules and the proposed GENIUS Act's monthly reporting requirement.
How is proof of reserve different from a financial audit?
A financial audit produces a signed opinion about a single past date, usually weeks after the period closes, and its value rests on the auditor's professional judgment and reputation. Proof of reserve publishes the reserve-to-supply relationship continuously, and its value rests on data anyone can verify against the blockchain. The differences come down to frequency (every update versus quarterly or annually), verifiability (independent on-chain checking versus reading a report), latency (minutes versus a reporting lag that can reach 90 days), and scope (a live backing ratio versus a full opinion on controls and valuation). For DeFi protocols and institutional holders, a 90-day-old opinion is not enough; they need to see backing now. The two are complementary, not substitutes: an auditor still attests the figures, MiCA Article 36 effectively implies both, and the infrastructure makes that attestation continuously visible between reports.
What does MiCA require for e-money token reserve attestation?
Under MiCA, e-money token and asset-referenced token issuers must hold reserve assets that are ring-fenced from the issuer's own funds and segregated in custody, with Article 36 setting out the custody and segregation rules for those reserves. Significant EMT issuers face a monthly independent attestation expectation covering the composition and value of the reserve, and the EBA's regulatory technical standards specify the reserve-composition data to report and the independence required of the attesting party. Framed as infrastructure rather than legal advice, those requirements imply an operational pipeline: reserve data pulled from segregated custody, written on-chain so it is tamper-evident, reconciled against circulating supply, and packaged for an independent attestor every month. Protofire builds that pipeline. Interpreting your specific obligations belongs with your legal counsel; what we provide is the engineering those obligations require, not the legal opinion or the attestation itself.
How does the GENIUS Act change reserve reporting for stablecoin issuers?
The GENIUS Act, the United States framework for payment stablecoins, sets out reserve reporting around three pillars: a monthly public reserve report, examination of that report by an independent auditor, and reserves held in eligible high-quality assets, principally cash and short-dated US Treasuries. Meeting that standard reliably is a data-pipeline problem before a compliance one: reserve composition has to be pulled from custodians and fund administrators, reconciled against circulating supply, and surfaced every month for an independent firm to examine and sign. A real-time, on-chain data pipeline turns the monthly report into a continuous readout instead of a recurring fire drill. Note that as of mid-2026 the GENIUS Act is proposed legislation, so the final reserve and reporting obligations should be confirmed against the enacted text. We track its passage while scoping each engagement.
Who signs the reserve attestation, does Protofire attest?
Protofire does not attest. We are the infrastructure provider, and the separation of roles is intentional and regulatory. We build and operate the rails, custodian adapters, oracle feeds, on-chain contracts, dashboards, and the reporting pipeline, that bring reserve data on-chain and keep it current. An independent auditor or attestation firm signs the reserve figures; Armanino, whose TrustExplorer Proof-of-Reserves suite we built, is a clear example, while the attestation opinion remains Armanino's to give. The issuer stays issuer of record and owns the reserves throughout. The infrastructure makes the auditor faster and more accurate, the systems we have delivered cut reconciliation errors 45% and made compliance reporting 60% faster, but it never replaces the signature. The credibility of proof of reserve depends on that independence: the party building the rails is not the party signing the attestation.
Which custodians, networks, and asset types does proof-of-reserve infrastructure support?
The custodian adapter is built for any custodian or bank that exposes an accessible API, data feed, or SWIFT message stream, so the answer is set by what your reserve provider can deliver rather than by a fixed list. On the chain side, the on-chain contracts deploy across EVM networks, and Protofire has shipped across 60+ networks. On asset types, the system handles fiat-collateralized stablecoin reserves, tokenized US Treasuries and money-market funds via their NAV feeds, gold-backed tokens (the pattern behind Cache.gold's on-chain proof of physical gold custody), and broader RWA-backed tokens. The common mechanism is the Chainlink Proof of Reserve adapter pattern, which normalizes each source and brings it on-chain through a decentralized oracle network. The exact custodians, networks, and asset types are set in discovery, where we confirm that each reserve source has a data feed an adapter can actually read.
How long does it take to build and go live with proof-of-reserve infrastructure?
It depends on custodian API access and data format more than on contract complexity. The engagement runs in three phases: discovery and adapter scoping (mapping reserve assets, custodian and banking systems, available data feeds, and the required reporting cadence), build and integration (the custodian adapters, the Chainlink Proof of Reserve external adapter, the on-chain aggregation contract, the dashboard, and end-to-end testing from custodian to on-chain ratio to attestor-ready report), and launch and ongoing operations (going live with monitoring and the reporting pipeline, then operating the feeds, contracts, and pipeline afterward). Getting clean, structured data out of the custodian is usually the longest single dependency, so we sequence it first. We confirm the exact timeline and scope after a short discovery call, and we flag a thin or inaccessible data feed during scoping rather than after launch.

Reviewed by Luis Medeiros, Field CTO at Protofire. Last reviewed: June 2026.

Book a call with Alejandro Losa

Schedule a call with our Business Development Manager to receive practical recommendations and a prompt proposal for upgrading your solution.

Protofire 2026. All rights reserved