CSV format for VerifyAddress incompatible

[monperrus]

I cannot verify the addresses.

the format of okx_por_*.csv downloaded at https://www.okx.com/proof-of-reserves/download is

coin,Network,Snapshot Height,address,amount,message,signature1,signature2,redeem script/ public key

however VerifyAddress expects:

as := strings.Split(line, ",")
coin, addr, balance, message, sign1, sign2, script := as[0], as[3], as[4], as[5], as[6], as[7], as[8]

thanks!

[LwwL-123]

This doesn't seem to be a problem, VerifyAddress will select the corresponding field in the csv to run. coin, addr, balance, message, sign1, sign2, script := coin, address, amount, message,signature1 ,signature2 ,redeem script/ public key

[LwwL-123]

You can download the corresponding version of VerifyAddress from github releases and run ./VerifyAddress --por_csv_filename ./okx_por_2024032500.csv. Then you can get the result "Verify address signature end, all address passed".

[monperrus]

Hi @LwwL-123

I tried with the release proof-of-reserves-linux-arm64-v3.0.6.zip and okx_por_2024032500.csv.zip

It fails:

Verify address signature end.The file is empty.
Total balance: []
Verify address signature end, all address passed

Then I tried with compiling the latest version on Github. It's the same error message.

We need to verify, how to fix this?

Thanks!

--Martin

[LwwL-123]

This is strange, it seems that the file is not being read correctly, you make sure that you read the csv file with the name okx_por_2024032500.csv and that it has readable permissions

[monperrus]

Did everything from scratch again. Now it works!

The reason was outdated info and links on https://www.okx.com/help/zero-knowledge-proofs-what-are-zk-starks-and-how-do-they-work

Does the signed message contain a tamperproof time-based information such as a block hash?

Thanks @LwwL-123

[LwwL-123]

Thanks for your feedback, we will check this . Regarding the signed message, at the moment the message only contains the information I am an OKX address to prove that the private key for this address is controlled by OKX. I don't think this can be tampered with. If you want to verify the address balance for a given block height, you can use CheckBalance, it may help you!

[monperrus]

at the moment the message only contains the information I am an OKX address

This only proves that the key was once in control of OKX, but it may have been lost since then, putting the reserve at risk.

To solve this, the message should contain time-dependent information such as:

• I am an OKX address <exact amount> OK
• I am an OKX address <block hash> Better

[LwwL-123]

Sounds good, thanks for the suggestion, we'll firstly discuss it internally. This issue then we'll close it, thanks again for your support!

[monperrus]

ok thanks for your help @LwwL-123 . looking forward to the follow-up!