How is the Lossless security functionality related to the token?
Lossless is the first DeFi hack mitigation tool for token creators. The Lossless project builds upon the popular ERC20 standard to include security features. This Lossless core functionality (aka LERC20 standard) relies on the LSS token. On Ethereum, the LSS token can be staked by anyone to point out a hack and initiate its review. The review of the transaction can then lead to its reversal and to return of the hacked funds to the rightful owner.
How does Lossless staking interact with the hack detection/freeze function?
Anybody in the community can stake 500 LSS tokens to freeze any address for 24 hours. Then, additional tokens can be added to signal a wider belief that a hack took place. In 24 hours, evidence is reviewed and a decision is made if a hack has occurred or not. If a hack is confirmed, the stakers are rewarded; otherwise their stakes are slashed.
Are we required to deploy our token before inserting the Lossless code or vice versa?
Does our token becomes “audited by Hacken” automatically as we deploy Lossless code?
If you launch your token using the Lossless Token Generator at Lossless Token Generator it indeed provides code that has been audited by Hacken. However, Hacken would need another audit to officially publish an audit dedicated to your project.
What if we deploy a custom token that conforms to the LERC20 standard?
Yes, but we recommend that any customisation (ie, any changes to the code) get an independent audit.
How much does the Lossless integration cost?
The integration with Lossless core does not cost anything. If a hack is stopped and funds recovered, a fee is withheld. See Whitepaper for more details.
Is there anything that should done, checked or tested before the deployment to make sure it was done correctly?
We advise using the Lossless Token Generator at Lossless Token Generator to avoid human error. If you still wish to deploy your Lossless-protected token manually, a detailed walk-through of deploying the contract is available at Lossless Integration complete with a video of how to do it.
We have already launched our token? Can we still integrate with Lossless?
A token relaunch will be required to enable Lossless protection. Please contact us and we will help to plan the relaunch.
How is LERC20 different from ERC20?
LERC20 is an extension of the ERC20 standard. LERC20 enables all the Lossless features. It has the same methods and interface as ERC20 with a few extra methods, modifiers and variables. Please see LERC20 for a detailed technical reference.
What if the LERC20 token project does not like the idea of Lossless any more?
If you decide that Lossless is not bringing you value anymore, there is a method in your token contract that allows turning the Lossless functionality off.
Is Lossless a one-size-fits-all solution? Can the token project owners adjust anything?
Lossless strives to stop stealing and hacking transactions as detailed in our Whitepaper. However, the projects deploying Lossless protection will be able to configure some of the parameters. In particular, the “settlement period” is configurable; it is a parameter that determines the amount of time before a newly received token has to be kept before being moved to a DEX.
What is the recommended settlement period?
We think that 20 minutes is a reasonable settlement period. However, it may make sense to set a different period depending on how your token is typically used etc.
Lossless Decision Making Body
Who are the Decision Making Body and the Committee? And more broadly how the control and custody mechanisms work?
The Lossless project has two main components: the Finders and the Decision Making Body. Anyone can be a finder, it’s permissionless. The Finders stake their LSS tokens in order to freeze a hacker’s address after they notice a suspect transaction.Then the Lossless Decision Making Body decides if the transaction was actually a hack or if a Finder was wrong and froze someone for no good reason. The Lossless Decision Making Body consists of three main parties: the LERC20 token project owner, the Lossless team and the Lossless Committee. To make a decision, two out of these three parties have to align. After this decision is finalised, the stolen funds are returned to the wallet that is proposed by the LERC20 token project owner.
How will the Committee vote mechanics work?
The idea is to make it as transparent as possible. The vote on frozen funds has a pre-programmed way to deal with the funds. This means that no one will be able to somehow move the funds or invalidate the governance decision.
Lossless Hack Mitigation Mechanics
What if a sophisticated attacker steals and sells the tokens in the same block? Eg, Flashloan attacks?
Lossless core protects against that by enforcing a certain amount of time that has to pass before a newly received token is sold (“settlement period”).
What is the recourse if a hacker has managed to exchange LERC20 tokens into other tokens (eg, DAI)?
If the stolen assets not held in LERC20 tokens, Lossless core cannot help.
Security of Lossless contracts
What measures are taken to prevent malicious code changes on the Lossless side of the contracts?
In the future all the changes to the Lossless contract will be time-locked with substantial advance time so that all interested parties can analyse them in detail.Also lossless is committed to deploying publicly audited code.
If there is an issue with the Lossless code that actually causes the loss of our tokens, is there any compensation or protection for us if this happens?
The Lossless project is a public team staking our personal reputation on the successful operation of the Lossless code. All our code is public and it is being audited by multiple top auditing shops. Furthermore, there might be additional insurance options in the future through our partners – stay tuned.
Future of Lossless
Do you have any similar use cases around NFT?
We have received multiple inquiries from various projects, and we are actively thinking about expanding our product offering to also protect NFTs. However, we remain focused on delivering on our roadmap first of all.