The objective of the Lossless Hack Mitigation Protocol is to provide an extra security layer in order to prevent fraudulent token movement and recover fraudulently taken tokens. This functionality is available to all the tokens that follow the LERC20 standard. The Lossless Hack Mitigation Protocol exists alongside the Vault and Treasury Protection Protocol.
To achieve this goal, four types of actors work together in order to detect, report, and recover funds from fraudulent transactions. These are Finders, Stakers, the LERC20 Token Owners, and the Decision Making Body.
Each part has an essential role to play within the Lossless Hack Mitigation Protocol.
The Lossless Protocol currently has two major parts:
- 1.Vault and Treasury Protection Protocol
- 2.Hack Mitigation Protocol
Hack Mitigation Protocol is the result of four independent parties working together and interacting with the tools provided by Lossless.
The Lossless Community encompasses everyone that interacts with the Lossless Protocol at different levels via the SDK, Dashboards, Discord or the Lossless Platform.
Two major groups are required in order for the Lossless Community and Protocol to thrive.
Finders identify and report fraudulent transactions that are originated by exploits, hacks or scams. A report must pinpoint the incident by providing (1) the LERC20 Token contract on which the incident is taking place and (2) the address of the malicious actor. If the correctness of the report is confirmed, the Finder is rewarded with a fraction of the tokens that were initially stolen.
Stakers stake tokens on open reports they believe to be legitimate in order to give more visibility and credibility to the report. If the correctness of the report is confirmed, the Staker is rewarded with a fraction of the tokens that were initially stolen. The reward is calculated based on the time of the stake. In contrast, if the report is reject as incorrect, the Staker’s stake is slashed.
The Decision Making Body investigates the reports and confirm their validity.
Furthermore, the Decision Making Body is in charge of returning funds to the rightful owner by verifying that the proposed refund wallet is correct.
The function performed by the Decision Making Body is essential to the correct functioning of the Hack Mitigation Protocol.
The Decision Making Body is composed by the following parties with equal voting power.
The Committee is a group of people from diverse sectors within the blockchain ecosystem. These members have the capability to vote and resolve reports as well as make decisions where the stolen funds should be returned.
Each Committee Member has an individual vote that results in a single vote for the for the whole group. If half plus one of the committee members cast a positive vote the whole committee is considered to have voted in favor of a report being correct.
Committee Members are rewarded for participating on the investigation and resolution of a report.
The Token Owner role is inherited from the LERC20 Token specified on a report. Meaning that only the admin of the reported Token is able to participate in the decision making for that particular report.
The Token Owner has the capability of casting a single vote (ie, same voting weight as the Committee) over a report as well as closing the report when the necessary number of votes have been reached. The Token Owner also is able to reject a refund wallet in case do not believe that the refund wallet is correct.
The Token Owners (collectively) also refers to the adopters of the LERC20 standard. By adhering to the LERC20 standard, their Token is able to interact with and be protected by the Lossless Hack Mitigation Protocol.
The Lossless Team is composed by a group of people from the Lossless Protocol. It also has 1/3 of the voting power.
The Lossless Team can determine the outcome of a report being legitimate if two thirds of the decision making body cast a positive vote.
Its an essential part to interact with the Lossless Core Protocol. It extends the functionality and behavior of the ERC20, adding a layer of security that allows the protection of the tokens. This is done by adding modifier to the standard functions of the ERC20.
The Hack Mitigation Protocol has a set of steps that need to be taken in order to successfully prevent the hacks. An overview will be given in this paragraph, nonetheless, a more detailed version can be found in
The following case would end up in the exploited funds being retrieved: