How Does LI.FI Work?

Bridge|Risk D+|5 mechanisms|5 interactions

LI.FI is an SDK-first bridge + DEX aggregator that most users interact with via Jumper Exchange or a partner wallet rather than LI.FI directly. Technically it is a single EIP-2535 Diamond contract with many 'facets' that share all user approvals — meaning every user who ever transacted has an outstanding approval to the LI.FI Diamond. This has already led to two exploits: $600K in March 2022 (swap facet bug) and $11.6M in July 2024 (GasZipFacet arbitrary-call). LI.FI also inherits the security of whichever underlying bridge is routed — which, post-KelpDAO's April 2026 $292M LayerZero exploit, includes a now-validated and very real threat surface.

TVL

Sector

Bridge

Risk Grade

D+

Value Grade

D

Core Mechanisms

8.1.2 Liquidity pool bridges

Novel

Bridge + DEX aggregation via Diamond-pattern smart contract

LI.FI implements EIP-2535 Diamond Standard, where multiple 'facets' add functionality to a single shared contract that holds user approvals. Any malicious or buggy facet can access all approved tokens.

8.1.3 Message-passing bridges

Routes through 23+ underlying bridges (LayerZero, Stargate, Across, Hop, Circle CCTP, etc.)

LI.FI's routing engine selects the best path across many underlying bridges. Users inherit the security of whichever bridge is selected for their route.

4.1 AMM / DEX design

DEX aggregation via 21+ DEXs

LI.FI routes swaps through DEX aggregators and individual DEXs. Standard DEX aggregation pattern.

2.1.2 Percentage-based fee

SDK-first fee model (partners charge users, share with LI.FI)

LI.FI primarily generates revenue through SDK partner integrations (wallets, apps) rather than a consumer-facing product. Revenue dependent on partner usage.

5.4.1 Multisig override

Team multisig controls Diamond upgrade + facet deployment

Facet deployment and Diamond upgrades are controlled by a team multisig. Critical authority.

How the Pieces Interact

Diamond architecture with shared approvalsNew facet deploymentCritical

Every new facet can access every user approval previously granted to the Diamond. A facet bug or malicious upgrade can drain funds across all past users. July 2024 $11.6M exploit was exactly this class of bug (GasZipFacet with arbitrary-call).

Bridge aggregation (many underlying bridges)Per-bridge security assumptionsHigh

LI.FI routes inherit the weakest of whatever bridges are selected. A KelpDAO-style LayerZero exploit, Wormhole/Nomad-style multisig bypass, or Across bond compromise on any routed bridge becomes a LI.FI user loss.

Infinite-approval patternTime-of-check vs time-of-exploitHigh

Users who approved LI.FI 6-12 months ago are still exposed to any exploit that happens today. Historic users have no mitigations short of active approval revocation.

SDK integration into partner wallets/appsPartner-level securityMedium

A partner wallet with a security issue could leverage LI.FI SDK integration to route user funds adversarially. Partner vetting is informal.

Team multisig upgrade authorityDiamond facet deploymentHigh

Multisig compromise enables deployment of a malicious facet that drains all user approvals — catastrophic. Historical multisig compromises (Ronin, Multichain) demonstrate the pattern.

What Could Go Wrong

  1. Two separate exploits (March 2022 $600K, July 2024 $11.6M) — both involving arbitrary-call bugs in swap facets with user-approved tokens. Pattern of issues in the facet/Diamond architecture
  2. Aggregator model means LI.FI inherits every underlying bridge's security (including LayerZero, Stargate, Across, Hop, etc.) — KelpDAO's LayerZero exploit in April 2026 is directly inherited through any LayerZero-routed path
  3. Large infinite-approval surface: any user who ever used LI.FI has (likely) granted the LI.FI Diamond contract unlimited token approvals, making every future contract facet a potential drain vector

Third Diamond Facet Exploit

Elevated

Trigger: A newly deployed or existing Diamond facet contains an arbitrary-call, unsafe-approval, or trust-boundary bug that lets an attacker drain users with active LI.FI approvals

  1. 1.New or existing facet contains exploitable pattern (analogous to GasZipFacet July 2024) Attacker can execute arbitrary transfers using LI.FI Diamond's approvals
  2. 2.Attacker identifies flaw (manual discovery, AI-assisted tooling, or whitehat disclosure race) Exploit is executed at scale
  3. 3.Users with outstanding approvals drained of wrapped/stablecoin balances Direct user losses aggregating to millions or tens of millions USD
  4. 4.LI.FI pauses Diamond, disables facet, issues revocation guidance Downtime + reputational damage; partial remediation
See all 3 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty6/15
Interaction Severity15/20
Oracle Surface4/10
Documentation Gaps6/10
Track Record15/15
Scale Exposure0/10
Regulatory Risk4/10
Vitality Risk10/10
D+

Overall: D+ (60/100)

Lower score = safer

More on LI.FI

Is LI.FI Safe?

Safety analysis

Is LI.FI a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related Bridge Explainers

How Does CrossCurve Work?D+How Does Jumper Exchange Work?D+How Does Axelar Work?C-How Does deBridge Work?C-How Does Hyperlane Work?C-