Why LI.FI is in the 2025 spotlight
The complexity of a multi-chain world changed in 2025. Liquidity began to move through shared aggregation layers, and more organisations treated that connectivity as core infrastructure. LI.FI sat at the centre of this shift, connecting applications to liquidity across many chains, bridges, exchanges, and solver networks through a single, policy-aware integration.
LI.FI paired that growth with a deliberate security program. Together with Cantina, the organisation ran deep security reviews, a large open competition, and a $1 million bug bounty focused on the contracts that move value for users and partners.
This spotlight covers how LI.FI evolved in 2025, how its architecture serves both developers and institutions, how the security collaboration with Cantina works, and what we have learned together about running bug bounties on complex infrastructure.
2025 recap for LI.FI
LI.FI began the year as a leading cross-chain aggregator. By the end of 2025, it is a default choice for many organizations that need secure access to the universal market for digital assets.
A single LI.FI integration now reaches more than sixty chains, over a dozen bridges, and more than 20 decentralized exchanges and solver networks. Products such as MetaMask, Hyperliquid, Superfluid, Alchemix, OpenLiq, and Teahouse rely on LI.FI to handle cross-chain connectivity while they retain control over user experience and account models.
Key developments in 2025 included:
- Broader venue coverage and improved routing logic, tuned for price, reliability, and partner preferences.
- Single step flows such as Hyperliquid users moving from assets on Arbitrum into supported collateral on HyperCore, with intent fulfilment handled through Relay and Gasdotzip.
- Wider adoption of the LI.FI widget, SDK, and API so that users can bridge and swap across chains inside frontends they already trust.
From the user’s perspective, these are simple actions. Behind the scenes, LI.FI connects integrators with their desired policies, and safeguards at the infrastructure level.
Technical and institutional architecture
LI.FI’s design has one goal: make cross-chain interactions simple for users and controllable for integrators.
At a high level:
- Applications call LI.FI through a widget, SDK, or API and request a route between assets and networks.
- A backend engine aggregates quotes and paths across connected bridges, DEXs, and solver networks, filtered through the integrator’s allow lists and constraints.
- Onchain, a Diamond contract, based on EIP 2535, acts as the entry point. It forwards execution to facet contracts that encode the logic for individual bridges, exchanges, and solver integrations.
- Those facets call external liquidity provider contracts, where swaps and bridges settle.
This pattern gives LI.FI three important properties:
- Modularity, since new venues can be integrated as new facets without redesigning the core router.
- Extensibility, since logic can evolve while the Diamond address and interface stay stable for partners.
- Traceability, since each transaction follows a concrete path through the Diamond, facets, and external contracts that can be inspected onchain.
Institutional lens
Institutions view LI.FI as a connectivity protocol they can integrate into existing governance and risk frameworks.
- Aggregation is bound by explicit configuration. Risk and compliance groups approve the lists and constraints that determine which chains, bridges, assets, and venues are eligible.
- Fulfilment leaves a clear record. All logicpasses through known contracts, which supports internal audit, transaction reporting, and post-trade analysis.
- Operational models remain intact. Custody, approvals, and user identity stay with the partner. LI.FI handles routing decisions and enforcement of venue policy.
- The security story is concrete. Partners can point to named security reviews, a documented competition, and a live $1,000,000 USDC bounty focused on the same contracts their flows rely on.
This combination makes LI.FI suitable as institution oriented crosschain aggregation infrastructure.
Security collaboration with Cantina
LI.FI’s position in the stack means that security cannot be an afterthought. In 2025, LI.FI and Cantina built a security program that runs alongside product development instead of trailing it.
The program has three pillars.
One million dollar bug bounty A public bug bounty on Cantina now covers the src directory of LI.FI’s contracts repository, including the Diamond and all facets. Rewards are aligned with concrete impact on user funds, routing guarantees, and protocol invariants.
Alongside this external work, LI.FI continues to engineer for safety:
- Permit logic is wrapped in structured error handling so upstream quirks do not silently break executions.
- Approvals are kept as tight as possible in relation to intended transfers.
- Internal structures, naming, and utilities follow consistent patterns, which reduces review overhead and long-term maintenance risk.
Cantina provides the coordination layer for this program, from scoping and triage to impact evaluation and communication with researchers.
Targeted audits Cantina led security reviews focused on the Diamond contract, facet boundaries, protocol logic, token handling, and interaction patterns with external venues. These reviews looked at how components behave together under realistic routes, not just at isolated functions.
Crowdsourced competition LI.FI and Cantina ran a security competition with a reward pool of $455k USDC. Researchers concentrated on the same contracts that power production logic, exploring how approvals, slippage handling, and edge cases behave when calls chain through multiple facets and venues.
Shared lessons: best practices when submitting bugs
Working with LI.FI, we have put together a shared set of best practices for researchers who want to submit high-impact bugs.
One recurring pattern across bounties is severity inflation. Many reports arrive labelled as critical or high. After triage, some of these issues are reclassified as lower severity or out of scope. Overstating severity does not increase rewards. It introduces friction and can erode confidence in a researcher’s calibration.
To make bounties more effective for both sides, we recommend the following.
Calibrate severity realistically
Anchor severity in demonstrated impact on funds, core guarantees, or control boundaries under realistic conditions. If there is uncertainty, state it explicitly and describe the impact clearly instead of forcing a label.
Prioritise clear, reproducible proofs of concept
A strong report includes a minimal, deterministic proof of concept. Show the path from the external call into the contract, the conditions required, and the resulting state change. For routing layers, trace the key steps through the entry point and any relevant facets.
Write for the reader
Use a short summary in plain language, list assumptions, then lay out exploit steps and expected results. Avoid unnecessary setup, speculation, or unrelated code. Good writing is a direct contribution to faster triage.
Respect scope and ownership
Differentiate between issues inside the program owner’s contracts and behaviour that belongs to external dependencies, such as upstream protocols or libraries. Explain the impact from the point of view of what the program owner controls.
Use feedback to improve
When a finding is reprioritised or ruled out of scope, treat the explanation as a signal. Adjust how you think about impact and scope. Over time, this leads to sharper, more valuable work.
Let rigour be your differentiator
Many researchers see similar patterns. The submissions that stand out combine accurate analysis, realistic impact modelling, and disciplined proofs of concept. Rigour, not complexity, is what separates a strong report from a weak one.
On the platform side, Cantina is exploring small, in context prompts during submission, especially around severity selection. The aim is to help researchers align more easily with each program’s expectations.
Cross-chain trends from LI.FI’s vantage point
Because LI.FI routes traffic across many networks and venues; it has a clear view of how cross-chain behaviour evolved in 2025.
Several trends are visible:
- Aggregation became the default for serious products. Direct, single bridge integrations are less common among larger organizations. They prefer an aggregation layer that can adapt as the ecosystem changes.
- Routing became policy-driven. Allow lists, deny lists, and asset constraints moved from optional extras into standard integration requirements, often driven by security and compliance input.
- Intent-based flows moved into production. Users expressed outcomes instead of hops, and aggregators plus solver networks executed those outcomes within defined constraints. Hyperliquid’s integration on HyperCore is a concrete example.
- Crosschain routing matured into infrastructure. Wallets, consumer applications, and financial products now depend on systems such as LI.FI for everyday flows, including deposits, withdrawals, and rebalancing. Expectations around uptime, transparency, and security rose accordingly.
LI.FI helped shape these patterns by providing a concrete implementation of policy-aware, multi-venue routing.
2026 expectations
Looking ahead, LI.FI’s role in the cross-chain stack is likely to grow further.
We expect:
- Continued expansion of connected chains, bridges, and solver networks, with routing logic that can evolve while keeping a stable integration surface for partners.
- More expressive policy tooling, so that organisations can encode fine-grained rules into their LI.FI configurations without sacrificing performance or user experience.
- Ongoing security work, including new reviews aligned with major changes, refinements to bounty scope, and better guidance for researchers inside Cantina.
- Deeper integration with institutional infrastructure, where routing layers are evaluated against frameworks such as Web3SOC and internal readiness standards.
Cantina’s role will be to support this evolution with structured security programs designed for systems that sit at the center of value flows.
Closing
LI.FI’s 2025 story is about turning a complex aggregation system into dependable cross-chain infrastructure. The organisation expanded coverage, gave partners fine control over how they interface with a multichain world, and committed to a security program that runs continuously.
Cantina is proud to collaborate on that work.
If you are building infrastructure that moves value at scale and want a security model with this level of structure and continuity, contact us, and we will help you scope, test, and strengthen your model.