Attention, community! We want to introduce our upcoming feature release, the Lossless Vault Protection (LVP) tool. A few developments are underway, and we aim to release the newest Lossless tool pretty soon.
The Vault protection tool has a straightforward yet very valuable purpose — to create an additional layer of protection for large key vaults and fund wallets and protect them from hacks. It will serve as a helpful security-enhancing tool for project owners who manage treasury and other project-owned wallets holding project funds.
Before we dive fully into how the tool is designed to operate, we just want to state that the LVP tool is a great step towards our commitment to ensuring that the crypto space, particularly DeFi, becomes fraud-free. In line with this vision, we have found it necessary to create the vault protection tool to help combat the rate at which projects are being hacked.
Unlike auditing, an extensive security check is done to reveal a smart contract’s bugs and security vulnerabilities, our tool will work on particular wallets. A good audit report may suggest that a DeFi protocol is well secured. However, this doesn’t always guarantee that a breach of security within the protocol itself is entirely impossible. If such unforeseen circumstances eventually occur, our LVP tool is designed to prevent fund drainage.
The Lossless Vault Protection (LVP) Tool Mechanism
The Lossless Vault Protection tool is being designed to operate based on whitelisting and limiting.
Whitelisting is a common practice in the crypto ecosystem. It’s a system of wallets that have access to a specified area or function. Whitelisting will allow project owners to mark certain addresses as beneficiaries while every other address would be denied any form of interaction by default.
It means our LVP tool will restrict a contract address or treasury only to send transactions to a predetermined set of wallet addresses. This would be also applicable when projects decide to predetermine a set of wallet addresses (such as vesting contracts) to participate in forthcoming coin distributions.
HOW WHITELISTING WORKS?
As part of the security process, the project team will have to verify the addresses to which funds may be sent. Since hackers usually steal funds by sending them to previously unknown, new addresses, the LVP can implement specific rules, making it difficult to do that. Anything outside the whitelisted addresses, the smart contracts will not be able to trigger a transaction.
Whitelisting applies best to treasury wallets, vesting contracts, crowd sale contracts, and the likes of which have a limited amount of known receivers in advance.
LVP tool whitelisting will ensure that in the event that an unexpected security breach occurs, the only possible beneficiary addresses are the ones controlled by the project’s team themselves leaving no possibility for an exploit.
WHAT IS WITHDRAWAL LIMITING?
Withdrawal limiting is a pretty basic concept introducing amount (value) and time limits on protected wallets. If used without the whitelisting function, it permits anyone to interact with the contract or the protected wallets but freezes transactions when they surpass a certain value of transferred tokens over a specified time (eg. 100,000 tokens in 50 blocks).
As simple as this solution sounds, it adds second-factor protection if anyone wants to drain a protected wallet quickly.
HOW WITHDRAWAL LIMITING WORKS?
Limiting gives the possibility to set both the time period and amount of tokens allowed to be taken from the protected address during that time. Of course, it is up to the team to add protected addresses, set the time/amount parameters, and calibrate them across time.
In cases, the amount threshold parameter has to be increased if the transaction volume of the protected wallet or contract rises significantly.
A Typical Case Study
Under the normal collaboration, a DeFi protocol will need to get approval from Lossless to either verify their vault address(es) and/or add new ones. For a protocol with a typical daily transaction amounting to around 10,000 units of EXP (Example tokens), a verified contract address “X” is configured to limit its outputs (in terms of transactions to other addresses) to around 100,000 units of EXP (Example Tokens).
The Lossless Vault Protection tool will automatically disallow further movements of tokens out of the verified limited contract. It directly indicates that if the said protocol gets hacked through a security breach, the hack may result in the loss of tokens not more than the limit already configured before counter security measures come to place.
There are a few distinct features to this:
- While the verified contract address may be limited by the vault protection tool, it does not tamper with the typical daily user experience.
- The Lossless Vault Protection tool doesn’t entirely replace the underlying DeFi protocol security stance. It merely adds a layer of security that doesn’t exist on the basic security architecture of the client’s protocol.
We feel that by just giving these 2 rather simple rule-setting options in LVP, project teams will be equipped with the right ammunition to safeguard their most valuable wallets and add another layer of protection to them.
The LVP tool is currently being developed and battle-checked in the testing environment with the aim of a possible release by late November/ early December. We hope to make an official announcement within the next few weeks. Stay tuned, visual teasers are coming soon.
Lossless is the world’s first DeFi hack mitigation tool for token creators. Apart from our known cyber security solutions and renowned professionals, the community also plays a role. With a tangible reward system, community members are also encouraged to explore new ways to detect hacks and fraudulent transactions.
Our protocol halts counterfeit transactions through various methods of fraud identification and automatically reverses any stolen tokens back to the original owner. Our solutions to the impending problems of cyber theft within the blockchain space are thorough and applicable within many protocols.