FAQ

How is the Lossless security functionality related to the token?

Lossless is the first DeFi hack mitigation tool for token creators. The Lossless project builds upon the popular ERC20 standard to include security features. This Lossless core functionality (aka LERC20 standard) relies on the LSS token. On Ethereum, the LSS token can be staked by anyone to point out a hack and initiate its review. The review of the transaction can then lead to its reversal and to return of the hacked funds to the rightful owner.

How does Lossless staking interact with the hack detection/freeze function?

Anybody in the community can submit a report by paying reporting fee in LSS tokens to freeze any address for 24 hours. Then, additional tokens can be staked without generating a new report to signal a wider belief that a hack took place. In 24 hours, evidence is reviewed and a decision is made if a hack has occurred or not. If a hack is confirmed, the stakers are rewarded; otherwise their stakes are slashed.

Lossless Integration

Are we required to deploy our token before inserting the Lossless code or vice versa?

Integrate Lossless code before launching your token, see for more info.

Does our token becomes “audited by Hacken” automatically as we deploy Lossless code?

If you launch your token using the Lossless Token Generator at it indeed provides code that has been audited by Hacken. However, Hacken would need another audit to officially publish an audit dedicated to your project.

What if we deploy a custom token that conforms to the LERC20 standard?

Yes, but we recommend that any customisation (ie, any changes to the code) get an independent audit.

How much does the Lossless integration cost?

The integration with Lossless core does not cost anything. If a hack is stopped and funds recovered, a fee is withheld. See for more details.

Is there anything that should done, checked or tested before the deployment to make sure it was done correctly?

We have already launched our token? Can we still integrate with Lossless?

A token relaunch will be required to enable Lossless protection. Please contact us and we will help to plan the relaunch.

How is LERC20 different from ERC20?

What if the LERC20 token project does not like the idea of Lossless any more?

If you decide that Lossless is not bringing you value anymore, there is a method in your token contract that allows turning the Lossless functionality off.

Is Lossless a one-size-fits-all solution? Can the token project owners adjust anything?

What is the recommended settlement period?

We think that 20 minutes is a reasonable settlement period. However, it may make sense to set a different period depending on how your token is typically used etc.

Lossless Decision Making Body

Who are the Decision Making Body and the Committee? And more broadly how the control and custody mechanisms work?

The Lossless project has two main components: the Finders and the Decision Making Body. Anyone can be a finder, it’s permissionless. The Finders stake their LSS tokens in order to freeze a hacker’s address after they notice a suspect transaction. Then the Lossless Decision Making Body decides if the transaction was actually a hack or if a Finder was wrong and froze someone for no good reason. The Lossless Decision Making Body consists of three main parties: the LERC20 token project owner, the Lossless team and the Lossless Committee. To make a decision, two out of these three parties have to align. After this decision is finalised, the stolen funds are returned to the wallet that is proposed by the LERC20 token project owner.

How will the Committee vote mechanics work?

The idea is to make it as transparent as possible. The vote on frozen funds has a pre-programmed way to deal with the funds. This means that no one will be able to somehow move the funds or invalidate the governance decision.

Lossless Hack Mitigation Mechanics

What if a sophisticated attacker steals and sells the tokens in the same block? Eg, Flashloan attacks?

Lossless core protects against that by enforcing a certain amount of time that has to pass before a newly received token is sold (“settlement period”).

What is the recourse if a hacker has managed to exchange LERC20 tokens into other tokens (eg, DAI)?

If the stolen assets not held in LERC20 tokens, Lossless core cannot help.

Security of Lossless contracts

What measures are taken to prevent malicious code changes on the Lossless side of the contracts?

In the future all the changes to the Lossless contract will be time-locked with substantial advance time so that all interested parties can analyse them in detail. Also lossless is committed to deploying publicly audited code.

If there is an issue with the Lossless code that actually causes the loss of our tokens, is there any compensation or protection for us if this happens?

The Lossless project is a public team staking our personal reputation on the successful operation of the Lossless code. All our code is public and it is being audited by multiple top auditing shops. Furthermore, there might be additional insurance options in the future through our partners – stay tuned.

Monetization

An estimated 7% fee paid from the stopped hack transaction. Paid only when it is stopped, in native tokens.Uses of revenue: Native tokens are used to buy LSS tokens and distribute:

• 2% is paid out to finder - finders identify and report fraudulent transactions that originate from exploits, hacks, or scams. A report must pinpoint the incident by providing (1) the LERC20 Token contract on which the incident is taking place and (2) the address of the malicious actor. If the correctness of the report is confirmed, the Finder is rewarded with a fraction of the tokens that were initially stolen. In contrast, if the report is rejected as incorrect, the Finder’s stake is taken.

• 2% is distributed for LSS token holders that stake - stakers stake tokens on open reports they believe to be legitimate in order to give more visibility and credibility to the report. If the correctness of the report is confirmed, the Staker is rewarded with a fraction of the tokens that were initially stolen. The reward is calculated based on the time of the stake. In contrast, if the report is rejected as incorrect, the Staker’s stake is taken.

• 2% is distributed for Lossless Committee - the Committee is a group of people from diverse sectors within the blockchain ecosystem. These members have the capability to vote and resolve reports as well as make decisions about where the stolen funds should be returned. Each Committee Member has an individual vote. The decision of the whole Committee counts as a single vote, that is, ⅓ of the total voting power in addition to the Lossless company (1/3) and the Token project team (1/3). If half plus one of the committee members cast a positive vote the whole committee is considered to have voted in favor of a report being correct. Committee Members are rewarded for participating in the investigation and resolution of a report

• 1% is retained by Lossless company - the Lossless Team is composed of a group of people from the Lossless Protocol. It also has 1/3 of the voting power. The Lossless Team can determine the outcome of a report being legitimate if two-thirds of the decision-making body cast a positive vote. The company takes 1% from the 7% retrieved from a hack to continue its activities and develop further.

Future of Lossless

Do you have any similar use cases around NFT?

We have received multiple inquiries from various projects, and we are actively thinking about expanding our product offering to also protect NFTs. However, we remain focused on delivering on our roadmap first of all.