Overview
Proof of Assets provides a verifiable way of proving your control of the digital assets held in your Fireblocks workspace(s) to external parties, such as auditors, lenders, investors, and customers.
Each Fireblocks workspace has a Vault that can have multiple vault accounts, and each vault account can host numerous asset wallets, each with its own balance, across a range of supported blockchains.
Each workspace has one ECDSA (xPUB) and one EdDSA (fPUB) Extended Public Key for all ECDSA and EdDSA-based blockchains, respectively. Every wallet address within the workspace is ultimately derived from these keys.
Providing Proof of Assets
To gather all the necessary information for Proof of Assets:
- Retrieve your wallet addresses
- Aggregate the wallet balances
- Find your ECDSA Public Key
- Prove you control a wallet address
You can provide a Proof of Assets for the wallet addresses within your Fireblocks Vault using either of the following methods:
- List of Wallet Addresses and Balances (verifiable on the blockchain) + Proof of control of each of those Wallet Addresses = Proof of Assets.
- ECDSA Extended Public Key + List of derived Wallet Addresses and Balances (verifiable on the blockchain) + Proof of control of one of the Wallet Addresses = Proof of Assets
Retrieving Wallet Addresses
Retrieve a list of all wallet addresses in a workspace by using one of the following methods.
Fireblocks Console
Export all vault addresses and balances by initiating a request on the Console vault accounts page.
API Query
Retrieve all addresses held in a workspace by using one of the following:
- The Get vault accounts (Paginated) endpoint returns a list of vault accounts and shows the total asset balance of each vault account
- The Get vault wallets (Paginated) endpoint returns a list of the asset wallets within each vault account and the individual balance of each wallet
Manual Compilation
We do not recommend this method because of how intensive the effort is. Still, you can create a list of all the wallets in your Fireblocks workspaces by going into each Vault and copying the wallet addresses per each blockchain’s base asset. You may also view the balance of each vault at a segmented or aggregated level.
Aggregating the Balances
Depending on how you retrieved the wallet addresses, aggregate their balance using one of these methods. Regardless of the method, however, a third party can take the exported wallet address list and verify all balances by using public blockchain explorers.
Sum up using exported balances
Sum up the Total Balance column for each asset type in the exported CSV file. Please note that the CSV file's balances are the quantities of your assets, not their USD equivalent.
Sum up asset balances retrieved via the API
Sum up the asset balances returned when you used the Get vault accounts (Paginated) or Get vault wallets (Paginated) endpoints.
Manually compiling asset balances
We do not recommend this method because of how intensive the effort is. Still, you can use the Console's Assets page to create a list of asset balances in the workspace by going through each asset you hold and summing up the balances from that list.
Finding the ECDSA Public Key
Warning
Your Extended Public Keys (xPUB, fPUB) are sensitive information and should only be disclosed to trusted entities.
To find your Extended ECDSA Public Key via the Console:
- Go to Settings > General > Extended Public Keys.
- Select Unhide
.
Proving you control a wallet address
The final step is to prove you control a wallet address by signing a message from that wallet address. The message should be provided by the counterparty you are providing the Proof of Assets to and post-signing you should share the Signature Hash with them. They can verify the signature using the wallet address, message, and signature hash; and thus, your control of the wallet.
You may do this off-chain by using one of the following methods.
Raw Signing
Raw Signing lets you sign any arbitrary message on any blockchain. This method requires access to the Fireblocks API. Visit our Developer Portal to learn how to structure the Raw Signing API call.
Typed Message Signing
Similar to Raw Signing, Typed Message Signing lets you sign messages using specific standard formats that prefix the message with a magic string. This makes the feature safer but only useful for certain use cases.
This method also requires access to the Fireblocks API. Visit our Developer Portal to learn how to structure the Typed Message API call.
A third-party service or publicly available tool
You can sign a third-party service's message to prove you control a wallet. You can connect to third-party services using WalletConnect or the Fireblocks Browser Extension.
As always, we recommend performing due diligence and only using reliable, low-risk services.
FAQ
How can an external party confirm the wallet addresses were derived from the ECDSA Extended Public Key I shared with them?
The external party can use the ECDSA Extended Public Key and Key Derivation path you provide to derive the wallet addresses you share, thus verifying they were all derived from the same xPUB.
There are some publicly available tools, or the third party can develop their own tools.
How can an external party confirm my signature hash?
Once you sign a message from the external party, they can verify the signature hash you shared using one of the publicly available tools, such as Verified Signatures from Etherscan, or develop their own tools. This process might vary by blockchain.
What about EdDSA-based chains?
As the Fireblocks implementation for EdDSA-based chains is unique, there is no way to publicly verify whether a list of wallet addresses was derived from an Extended EdDSA Public Key. You must prove control of the wallet addresses related to EdDSA chains via the methods specified above.
Is it safe to share the Extended Public Keys with third parties?
Sharing Extended Public Keys does not compromise the security of the derived wallet addresses. However, it does impact their privacy, because you can map any future or non-included wallet addresses using the Extended Public Key.
We recommend only sharing the Extended Public Key with trusted entities, like auditors, who can then prove your control to other third parties. Alternatively, you can use the methods above to prove your control of the wallet addresses included in the Proof of Assets.
Is Proof of Assets the same as Proof of Reserves or Proof of Solvency?
Proof of Assets is a verifiable way for you to prove that you control the wallet addresses within your Fireblocks workspace(s), and in turn, the digital assets in these wallet addresses.
Proof of Reserves or Solvency requires including a view of the entity’s liabilities, such that Proof of Reserves or Solvency = Proof of Assets + Proof of Liabilities, where Liabilities is equal to or less than Assets. Proof of Reserves or Solvency is not discussed in this article.