Community Voice AMA 26th Jan: Recap
An abbreviated non-verbatim summary of the Community Voice AMA held in our Telegram on 26th Jan 2022.
Dear Crosswise Community,
Thank you for making it to our Community Voice AMA. It was a very insightful talk with Greg, our COO, and Ted, our CMO who were able to shed some light on what Crosswise is currently doing to move forward after the exploit.
This live AMA was held in our Telegram group on January 26th, 2022 at 11 AM UTC. Topics raised included security measures, project relaunch, as well as compensation and entitlements.
Additions to Team Crosswise
We are very grateful to have been fortunate enough to re-build and scale our team swiftly, and would like to reveal new additions to our team:
- Mike Chui — CTO, based in China
- Ted Chantarawanick — CMO, based in Thailand
- Andy Lee — Front-End Dev, based in China
- Grigoriy Park — Front-End Dev, based in Russia
- Pedro Costa — UI/UX, based in Portugal
- Bikas Lin — Front-End Dev, based in Hong Kong
- Meng Lin — Front-End Dev, based in Hong Kong
- Hui Meng — Smart Contract Dev, based in Hong Kong
AMA questions submitted by the community:
Development Team Activity
What is Crosswise doing to improve quality and security?
We are currently investigating the attack. We cannot rule out the possibility that one or several members of the former team had collaborated together to enable the exploit.
We are also reviewing the entire code. The investigation is focused on three aspects: financial logic, security holes, and software architecture.
In some ways this exploit may turn out to be a blessing in disguise, forcing us to scrutinize the code in greater depth than what may otherwise have been the case.
New, rigorously selected developers are creating entirely new smart contracts based on lessons learned from previous attacks.
How is the timeline looking like at the moment?
3 months is the estimated timeline at the moment. We want to shorten the timeline, and are working very hard to do so.
Can we get a refund for the tokens still vesting? The timeline has been changed, so its only fair we get a refund
We will not be offering a direct refund for tokens still vesting. We don’t think project delays are grounds for an immediate refund. If we did make a refund available, it would only be fair to refund it at the purchase price value. We doubt that such a scheme would enjoy widespread support if applied to everyone.
Overall, we also need to balance the project requirements with our community demands and ensure the entire process doesn’t distract us too much from the main objective, which is re-launching the DEX.
Is it true that the as the project owner(s) have mentioned on twitter — a snapshot will be taken and users compensated?
Yes, as communicated very early on, we will be compensating users. Our compensation scheme will most likely comprise of a blanket snapshot-based compensation that will aim to reinstate your holdings to equivalent monetary value prior to the exploit.
What will happen to my LP tokens such as USDT-USDC and CRSS-BNB?
Your LP tokens will have the same value as they did pre-exploit.
If I had $CRSS tokens in my wallet, will I receive new tokens?
$CRSS held in your wallet will equally be reinstated to its pre-exploit value. The mechanics of the distribution is yet to be defined.
What about those who bought tokens post-exploit? Will they be compensated?
We do want to offer some genuine dip buyers compensation but have yet to decide at what level and when.
If users bought during the dip and subsequently sold they will not be eligible for compensation. Similarly those that bought way after we asked user not to buy, will likely be excluded.
Timing & Distribution
When will the compensation be distributed?
We’re still figuring that out — once we have more clarity on timeline, we will be informing all investors.
Why do the devs want us to leave tokens locked?
As we need to process a huge amount of transactional data, it would be most helpful to us if you don’t move any tokens around. Doing so will not be beneficial at all and makes it more difficult for us to reconcile everything. As a result, you may also diminish or void your compensation entitlement.
Why can’t I connect my wallet to the website?
We have done all we can to lock every thing down including our DApp. We don’t want users to do anything for the moment (that could jeopardize one’s holdings & position), and have thus disabled the platform completely.
Aside from the functionalities released as part of the first launch, do you plan to include other features or milestones?
The biggest ‘feature’ would be security. We are reauditing the entire code, to ensure that our codebase is as near to perfect as possible. Our new team is extremely diligent on that. We are enhancing security & testing.
We are also upgrading our smart contracts so that our contracts itself become upgradeable. This wasn’t the case before but our new team is set on putting together the infrastructure in place.
In addition, we are considering launching on Polygon or Fantom shortly after re-launch, however these are very initial ideas and we have yet to determine feasibility.
Apart from that, we are revamping our UI/UX to give users a fresh new feel upon re-launch.
What will the price be at re-launch?
We’re looking to set the price the same as the previous launch — at 0.95 BUSD. This will make it easier to get everyone back to the same value.
Will the migration to the new contract be automatic? Do vested tokens have to be migrated from 1.1 to 2.0?
Most likely, there will be no migration needed by users. We’re looking at the best way to approach this.
Should we keep our tokens staked or unstake them?
Please don’t do anything. You will only waste gas fees.
What about the rewards? Are they currently accumulating and valid?
No, staking and farming rewards were heavily compromised and thus there is simply no way that they can be accumulated or be valid at all.
What audits will we have before the new launch?
We’re currently shortlisting auditors for this.
Can the audits be fast tracked/prioritized if you pay more to CertiK?
Not that we are aware of — we are already on their highest paying package. In any case, we need ample time to actually internally re-audit the code ourselves.
Can lossless protocol be enabled on the platform to mitigate the risk of another exploit?
We’re looking at a number of ways to bolster security. This is interesting tech, but we would need to see if it can works cross-chain and is mature.
What legal action have you taken against your ex developer(s)?
We’re still trying to come to a resolution privately.
Will I still need to withdraw unlocked tokens as before, or will they land in my wallet?
We’re looking at the most frictionless way of distributing tokens, so withdrawing may not be necessary.
Conclusion & what’s next?
We sincerely hope that this AMA brings closure to our community, and that we can all now focus on the re-launch and coming back stronger than before.
As we move forward, we will be updating you regularly, and continue our tradition of transparency.
About Crosswise Finance
Next-gen cross-chain Decentralized Exchange (DEX) building a seamless DeFi user experience. Crosswise Finance bridges the gap between centralized and decentralized exchanges, bringing together the best of both worlds. Crosswise is committed to it’s community and brings back customer service and support to the DeFi space.
Disclaimer: This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making investment decisions.