Morpho Blue
Summary
ExpandMorpho Blue is a minimalist, singleton lending protocol that provides permissionless market creation with oracle-agnostic pricing. The architecture centers on a single `Morpho.sol` contract with internal libraries for math (`MathLib`, `SharesMathLib`), token transfers (`SafeTransferLib`), and utilities (`UtilsLib`). Markets are identified by a keccak256 hash of their parameters (loan token, collateral token, oracle, IRM, LLTV), and all market state is stored in the singleton contract. The protocol supports supply, borrow, repay, liquidation, flash loans, and EIP-712 signature-based authorization delegation. The immutable, governance-minimized design philosophy — where IRMs and LLTVs can be enabled but never disabled — reflects a deliberate choice to minimize the ongoing attack surface of the protocol.
The codebase employs well-considered security mechanisms throughout. Share-based accounting uses virtual shares (1e6) and virtual assets (1) to mitigate the ERC4626 inflation and first-depositor attack vectors. All arithmetic rounding is consistently applied in favor of the protocol: supply rounds shares down, withdrawal rounds assets down, borrowing rounds shares up, and repayment rounds assets up. The `SafeTransferLib` handles non-standard ERC20 tokens such as USDT by checking both call success and return data, while safe casting via `toUint128()` prevents silent truncation of large values. The interest accrual mechanism uses a Taylor expansion approximation for continuous compounding, and fee shares are calculated against the net supply to avoid double-counting. The EIP-712 authorization system correctly validates signatures with nonce protection and deadline enforcement, including the critical check of `ecrecover` results against `address(0)`.
The overall security posture of this codebase is excellent. No findings were identified during this audit. The protocol explicitly documents its trust assumptions about token behavior, oracle correctness, and IRM safety, placing appropriate responsibility on market creators to select compliant external dependencies. The liquidation mechanism implements a capped incentive factor with proper rounding against the liquidator, and bad debt is socialized across suppliers when a position's collateral is fully seized. The checks-effects-interactions pattern is followed throughout the contract, with all state updates completing before external calls including callbacks and token transfers.
Findings
No issues identified
Conclusion
ExpandMorpho Blue demonstrates exceptional code quality and security maturity. The codebase is minimal by design, with approximately 400 lines of core logic in Morpho.sol, relying exclusively on internal libraries with no external dependencies. The virtual shares mechanism in SharesMathLib effectively neutralizes first-depositor inflation attacks, a common vulnerability in share-based vault systems. All arithmetic rounding consistently favors the protocol, safe casting prevents truncation, and the SafeTransferLib correctly accommodates non-standard ERC20 implementations. The authorization system, liquidation mechanism, interest accrual, and flash loan implementation are all correctly implemented with proper validation throughout.
No findings were identified during this audit. The protocol’s trust assumptions are clearly documented and appropriate for its role as an immutable base layer. The token assumptions — no fee-on-transfer, no reentrancy, no rebasing — are explicitly stated in the createMarket documentation, establishing a clear boundary of responsibility between the protocol and its market creators. Continued attention should be paid to the off-chain systems that curate market creation, as the protocol’s security depends on selected oracles, IRMs, and tokens meeting these documented assumptions.
Morpho Blue appears ready for mainnet deployment from a smart contract security perspective. The immutable, governance-minimized design significantly reduces the ongoing attack surface relative to upgradeable or admin-controlled lending protocols. Future integrators should carefully review the periphery libraries (MorphoLib, MorphoBalancesLib) and the feeRecipient share accounting behavior when building on top of the protocol. Ongoing operational security efforts should focus on monitoring the external components — oracles, interest rate models, and token contracts — that market creators select, as these represent the primary vectors through which risk enters the system.
On-Chain Verification
Compare these values with the on-chain attestation
Verify: download the markdown and compare the hash
sha256sum morpho-blue.md
Legal Disclaimer: This report covers the code submitted for analysis. It does not account for infrastructure, deployment configuration, third-party dependencies, or changes made after the audit date. Automated analysis may produce false positives or miss context-dependent vulnerabilities. audited.xyz provides this report “as is” without warranty of any kind.