QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$9 730 000 USD
JULY 2024
GLOBAL
LIFI PROTOCOL
DESCRIPTION OF EVENTS
"Swap & Bridge Liquidity Across 20+ Chains" "Best price execution for any swap/bridge. One API to swap, bridge, and zap across all major blockchains and protocols. Enable trading across all DEX aggregators, bridges, and intent-systems and save hundreds of developer hours."
"Go to market faster. No integration and maintenance overhead. Benefit from risk mitigation, fail safety and neatless interoperability by a vast amount of underlying protocols (e.g. DEX aggregators & bridges), which LI.FI aggregates."
"Frequent audits, pentests and enterprise-grade security controls. We work intensively with the most trusted organizations in the space to create risk-assessment frameworks and risk-mitigation measures."
"It takes constant research, integration, monitoring and maintenance overhead. A unified data handling allows consistent analytics, debugging and customer support capabilities. You get all of that out of the box."
"Flexible fee structures allow the collection and distribution of fees amongst partners. Automatic fee conversions (depending on which currency the fees were taken in) are included."
"The two founders, Philipp and Max, have already been building companies together for 10 years. With a growing team of 40+ people, we’re obsessed with DeFi infrastructure and aggregating and optimizing the most important parts of it to accelerate the widespread adoption of crypto."
"LiFi has been audited, twice by Spearbit in April 2023 and the other in October 2022. They were also audited by Quantstamp in May 2022 and were part of a Code4ena contest back in March 2022."
"No word on the most recent contract facet being audited."
"As Nick L. Franklin pointed out that the attack was due to a lack of validation in the "swap" function of the new contract facet added to the protocol.
The vulnerable contract failed to properly check the call target and call data, allowing an exploiter to perform a "call injection" attack.
This enabled the attacker to execute arbitrary functions using the permissions granted to the LiFi contract.
Because of this, users who approved the contract for infinite approvals lost their tokens."
"Please do not interact with any http://LI.FI powered applications for now! We're investigating a potential exploit. If you did not set infinite approval, you are not at risk. Only users that have manually set infinite approvals seem to be affected."
"The protocol is fully operational again.
Bridging and swapping on most of our partner protocols have resumed."
"We continue to engage with law enforcement authorities and industry participants to trace and recover funds."
LiFi Protocol is a decentralized swap/bridge aggregation service which assists with swapping assets from one asset to another. After an initial failure in March 2022, the contract was redeployed with limited restriction on the bridges which could be used, and multiple audits were performed. Unfortunately, a subsequent decision enabled a new swap contract which allowed transferring assets to be specified in the swapping function. Users who had granted infinite approvals for any assets were at risk for those assets being drained. $9.73m was drained in a series of rapid transactions. The contract was secured and efforts are still underway to trace and reimburse funds lost.
Rekt - LiFi/Jumper - Rekt (Jul 17)
LI.FI - Bridge & DEX Aggregation Protocol (Jul 17)
@lifiprotocol Twitter (Jul 17)
@lifiprotocol Twitter (Jul 17)
@lifiprotocol Twitter (Jul 17)
@JumperExchange Twitter (Jul 17)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Jul 17)
@0xNickLFranklin Twitter (Jul 17)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Jul 17)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Jul 17)
@pcaversaccio Twitter (Jul 17)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Jul 17)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Jul 17)
@JumperExchange Twitter (Jul 17)
@CertiKAlert Twitter (Jul 17)
