Security and Audits
Security is fundamental to our operations at Jumper (Powered by LI.FI). Our approach combines multiple layers of defense, independent verification, and complete transparency with our users and partners.Security Team
We maintain a dedicated security team specializing in blockchain and DeFi security. This team is augmented by independent security researchers who provide external perspectives on potential vulnerabilities. Our objective is to identify and remediate security issues before they impact our users.Web2 Security Testing
We conduct annual penetration testing on our Web2 infrastructure, including APIs, web applications, and backend systems. These assessments are performed by specialized third-party security firms that provide independent evaluation of our security posture. These tests are conducted annually and cover:- Vulnerability scanning
- Manual penetration testing
- Authentication flows
- API security
- Infrastructure configuration review
Web3 Security
Smart Contract Audits
All smart contracts deployed by LI.FI undergo independent security audits prior to production deployment. This applies to new contracts, upgrades, and material changes—any code going on-chain receives external audit review. Our policy for Web3 smart contracts is that no code reaches production without independent security review. We engage multiple audit firms as different auditing teams bring varied expertise and methodologies, which strengthens our overall security assurance. All audit reports are publicly available for review: LI.FI Smart Contract Audit Reports We maintain full transparency in our security practices. Users entrusting us with their assets can independently verify our security measures through our public audit disclosures.Automated Security Testing
We employ proactive Web3 automated security testing to continuously assess our smart contracts for potential vulnerabilities. Our automated testing infrastructure utilizes Olympix, which provides continuous security analysis and threat detection throughout the development and deployment lifecycle.Smart Contract Monitoring
Beyond audits, we employ real-time monitoring of our smart contracts. Our internal monitoring systems track for anomalous patterns and suspicious activity. We also maintain partnerships with firms that provide independent monitoring capabilities—Hexagate being one example—which provides an additional layer of oversight. Throughout 2024, we have expanded our monitoring infrastructure to include:- Automated threat detection
- Anomaly detection using baseline behavioral models
- Transaction analysis for potential exploits
- Emergency pause mechanisms for high-risk scenarios
Incident Response
We maintain established protocols for security incident management, including defined escalation procedures, communication frameworks for affected stakeholders, and post-incident analysis to implement corrective measures.Reporting Security Issues
We encourage responsible disclosure of security vulnerabilities. Security researchers and users who identify potential security issues can contact us through our dedicated channel: Security Contact: https://help.li.fi/ All vulnerabilities may qualify for rewards through our bug bounty program, with awards up to $1,000,000 USD. All security reports are reviewed and addressed according to established protocols.Standards and Compliance
Our security practices align with recognized industry standards, including:- Smart contract security best practices
- OWASP guidelines for web application security
- Secure development lifecycle methodologies
- Mandatory independent audits for all smart contract deployments
- Public disclosure of all audit reports