The cryptographic proofs are baked-into the confirmation and reporting process.
A sufficiently-capable attacker could conceivably trick the browser into thinking a native OS ad-notification was displayed, we do rely on the OS to inform us at this point (though preview versions of Brave do not have this dependency), but we have considered this as well.
The main threat here would be an attacker who attempts to automate the confirmation process, and potentially duplicate it across various VMs or OS instances. Fortunately, we've considered this too. For reasons I hope are obvious, I can't go into greater detail here.
A sufficiently-capable attacker could conceivably trick the browser into thinking a native OS ad-notification was displayed, we do rely on the OS to inform us at this point (though preview versions of Brave do not have this dependency), but we have considered this as well.
The main threat here would be an attacker who attempts to automate the confirmation process, and potentially duplicate it across various VMs or OS instances. Fortunately, we've considered this too. For reasons I hope are obvious, I can't go into greater detail here.