Hacker News new | ask | show | jobs
by graeme 1832 days ago
A substantial chunk of DAI is backed by USDC. USDC has never been audited, and has been curiously late with its attestations at precisely the same time the supply of USDC has massively increased.

And the value of ETH backing DAI is dependent on Tether not being fraduluent and instead being worth $1.
1 comments
sushid 1832 days ago
You think a joint collaboration by Coinbase and Circle with monthly audits has "never been audited"?

https://www.centre.io/usdc-transparency

link
graeme 1832 days ago
It hasn’t, no. Those are attestations, not audits.

You won’t find the word audit on that page or in the reports.

link
sushid 1832 days ago
I thoughts an attest is a form of audit. Can you explain why you think this is insufficient?

And aren't these reports going to take time to complete? Every report in the past took about a month to complete and I don't see why that's a red flag.

link
rojeee 1832 days ago
Former auditor here.

An attestation offers considerably less assurance than an audit.

An audit is the most comprehensive type of assurance. Often called positive assurance. A clean audit opinion means the auditor collected sufficient and appropriate evidence to form an opinion on the financial statements (or reserves in tether/usdc case).

On the other hand, an attestation or review is a form of negative assurance where auditors state that nothing has come to their attention to indicate that subject matters or financial statements contain a material misstatement. In this type of assurance, auditors do not give an opinion; they simply say that financial statements look "reasonable".

Unlike positive assurance, auditors are not required to obtain sufficient and appropriate evidence to form an opinion. Instead, they only need to review if there are any problems with financial statements or subject matters.

link
graeme 1832 days ago
Thanks! How would an attestation work with a fraud. For example, suppose a company simply produced a false bank statement.

Would an attestation have no ability to verify that the statement was fraudulent? In other words we must trust the entity undergoing attestation in order to rely on the attestation, and the attestation merely certifies there is no error of math or logic in what was presented.

link
rojeee 1832 days ago
Good question.

With an audit, the auditors get a representation from management that they will provide the truth etc. The auditors would also get third party evidence eg. from the bank providing the audit client's account. For important things you would always get third party evidence from banks, custodians, etc or even just go and check to see if physical things exist!

With an attestation or limited/negative assurance engagement, there's no third party evidence. Instead, the auditors just rely on what they are given and whether it looks reasonable. The auditors would state in their "report" that only limited evidence was gathered and not enough to form the basis of an opinion.

Basically, limited / negative assurance is not really that useful in most circumstances.

Regarding fraud - auditors are not expected to find/uncover fraud under any type of engagement, which is a common misconception.

The biggest audit firms won't go any where near tether, and this alone, tells you quite a bit :)

link
graeme 1832 days ago
They seem to have caught up somewhat for the April report, but March was extremely delay. News article below.

I’m not an expert, but I think an attestation just examines if a statement makes sense. My accountant did one for my revenues and the percent that were in USD. I sent them a spreadsheet with my revenues from various sources and calculations showing total USD.

The accountant verified that my spreadsheet said what I said it said. However, they did not actually verify the info underying the spreadsheet beyond examining some screenshots of customer addresses I provided. They samples a handful at random.

In USDC’s case, I think the auditor would look at a bank statement and say “the bank statement on May 31st indeed says Circle has $X” and Circle says this money is theirs for backing USDC.

Stuff they wouldn’t verify:

* Was the money there before that specific minute of the day?

* Did it remain there after?

* Was the money from deposits, or was it from a loan or some other source? (Bitfinex did this with a prior attestation, mixing up Bitfinex’s money and reserve funds)

So most people would assume these attestations mean “At all times USDC had backing of basically all of their tokens by $ in a bank account, free and unencumberer” but the attestations don’t examine that claim at all. They examine a very specific moment in time, and don’t examine the source of the funds.

In an audit you might actually examine the accounts at a time not chosen by Circle.

https://news.bitcoin.com/usdc-attestations-run-late-raising-...

link