In regards to creating a system devoid of faults and loopholes, we have previously announced a few tools at different times of the year. With these having a convergence of uses but different operational features, we, once again, explicate two important tools created within the year 2021 — the Lossless Token Minter and the Lossless Vault Protection Tool.
Token Minter was born out of the desire to help projects deploy their own tokens easily as well as integrate with the Lossless security ecosystem. The token minter will ease the complexities pertaining to walking our clients through deploying a smart contract and incorporating their tokens into our ecosystem.
Token Minter is a permissionless tool available to anyone who is looking for a way to easily create and deploy a token smart contract. With an intuitive user interface, users do not require much technical experience to use the tool and operate its various features, including minting their own tokens. The tool currently adds support for all ERC20 and BEP20 tokens. This allows token contracts to be minted on a few blockchains including Ethereum, Polygon, Ropsten as well as Binance Smart Chain as of present.
In addition, Minted tokens will be infused with the Lossless Standard plug-in and once our protocol goes LIVE in Q1 of 2022, the hack mitigation code will instantly become functional too. The Lossless plug-in will act as a sleeper code and will save token teams from the trouble of redeploying their contracts later down the road.
As much as we regret to hear of the many hacking events and rug pulls that occurred throughout the year and are still happening, it once again reminds us of our sole existence and the work we need to do. We are therefore fast-evolving to render an impeccable system that actually helps mitigate faults and loopholes of the DeFi industry.
Vault Protection is an additional layer of security for large key vaults and fund wallets. In the event that our Vault Protection is to be used, the tokens involved would have to integrate the Lossless Controller and become a LERC20 token — that is done either manually prior to token’s launch or through the Token Minter for automatic Lossless Protocol integration.
After a complete verification by the Lossless team, a LERC20 token can begin to use the two functions of Vault Protection — wallet whitelisting and withdrawal limiting. Also, the team needs to verify protected addresses before they are assigned to any verified LERC20 token. Check out this demo which explains on the code-level how Vault Protection can save your funds from hacks:
The commitment we have towards our mission has created a driving force that propels us further into becoming an indispensable standard. It also helps us in rendering the helping hands that great DeFi protocols need in order to better protect their investors from the watchful eyes of astute and nefarious hackers.
Lossless Vault Protection (LVP)
This tool was designed to operate on two independent procedures:
- Wallet whitelisting
- The Single limit
LVP requires a Vault Protection admin who is responsible for setting the protection rules. This admin is verified by the Lossless team. The function is activated under the LosslessGuardian smart contracts. This allows the LERC20 token admin of a DeFi protocol to set up a protection admin using the setProtectionAdmin function on the LosslessGuardian smart contract.
The whitelisting procedure employs a straightforward method of marking addresses as possible beneficiaries. It will deny other addresses of withdrawal by default. While the whitelisting is enabled for Vault Protection, the corresponding contract address is restricted to sending funds only to the whitelisted address(es).
The Vault Protection features a convoluted system of verification, which forms part of the security process necessary to determine which wallet addresses may receive funds from the protected vault. The smart contracts under such influence are wired to filter out malicious activities by simply determining which addresses are part of the predetermined beneficiaries.
Wallet addresses that are not used directly within the DeFi protocol employing the use of the Lossless Vault Protection, may simply be protected by whitelisting. This also applies to treasury wallets, vesting contracts, crowd sale contracts, and the likes of which receivers may be known in advance.
The LVP whitelisting feature ensures that only addresses known and controlled by the project developers may receive funds, and even if the protocol itself experiences a security breach, no funds may be sent to an unfamiliar recipient.
Similar to the whitelisting procedure, the single limit also requires activation.
The vault under this type of protection can only send a predetermined or configured amount (or range of amounts) at a time. This feature combined with whitelisting ensures maximum protection as tokens don’t move to an unfamiliar destination or only a little fraction may move in the worst possible scenarios.
As simple as this solution sounds, it has a network of convoluted risk assessments necessary to add a second factor authentication. The protection admin may set up functions like protected addresses, as well as both token withdrawal amount and the time period allowed.
Lossless Vault Protection will automatically disallow further movements of tokens out of the verified limited contract. This directly indicates that, in the event that the said protocol gets hacked by means of a security breach, the hack may result in the loss of tokens not more than the limit already configured before counter security measures come to place.
The single limit does not alter the expected daily user experience but will offer protection. For instance, a withdrawal limit may be set up a bit above the average daily transactions. These limits, however, will be performing the functions of protection as well as allowing the maximum user experience simultaneously. Vault Protection doesn’t entirely replace the underlying DeFi protocol security stance. It merely adds a layer of security that doesn’t exist on the basic security architecture of the client’s protocol.
Lossless Vault Protection is implemented within the token itself. This means that a breach of security within the underlying protocol only takes effect within an allowed range of figures, with respect to time.
We are excited to be ending the year on a good note. Lossless kicked off as an idea and has progressed more positively into becoming one of the greatest organizations offering a unique set of formidable hack mitigation tools in present times. We are moving forward through our roadmap, launched two tools this year, and are proceeding to the main event — the Core Protocol’s launch in Q1 in 2022.
Lossless is the world’s first DeFi hack mitigation tool for token creators. Apart from our known cyber security solutions and renowned professionals, the community also plays a role. With a tangible reward system, community members are also encouraged to explore new ways to detect hacks and fraudulent transactions.
Our protocol halts counterfeit transactions through various methods of fraud identification and automatically reverses any stolen tokens back to the original owner. Our solutions to the impending problems of cyber theft within the blockchain space are thorough and applicable within many protocols.