Morpho
DAMASCUSLending / Borrowing · Ethereum + Base · $3B+ TVL · 10 contracts
Official site: morpho.org ↗
799
3004756508251000
Confidence61%
Z-Factor0.68
Updated 2026-05-27Public scoreSecurity Profile
Access Control
85
85
Economic Soundness
82
82
Oracle Integrity
80
80
Compositional Risk
72
72
Governance
68
68
Maturity
65
65
Resilience
54
54
Supply Chain
90
90
Op Security
59
59
Cascade Exposure
55
55
Access Ctrl
85
85
Economic
82
82
Oracle
80
80
Compos.
72
72
Govern.
68
68
Maturity
65
65
Resilience
54
54
Supply Ch.
90
90
OpSec
59
59
Cascade
55
55
Min
54
Avg
71
Max
90
Audit History
Spearbit
2023-12
Cantina Competition
2024-07
Trail of Bits
2024-01
Bug Bounty Program
$2,500,000
Max payout on Cantina
Assessment
Exceptionally clean design with formally verified immutable core. Strongest supply chain score (D8=90) in this batch. Maturity (D6=65) and governance (D5=68) are main drags due to youth. Should improve significantly with time.
Dimension Breakdown
MethodologyAccess Control
85Weight 18% · 82% confidence
+21Minimalist Morpho Blue core: ~650 lines, immutable, no admin keys
+21Authorization model via callbacks (well-scoped)
+21MetaMorpho vaults add curator layer with controlled permissions
+21No emergency pause on base layer (by design)
Provenance
Economic Soundness
82Weight 13% · 78% confidence
+20Isolated markets: no cross-collateralization contagion
+20LLTV per market, clean liquidation math
+20Interest rate model (IRM) is modular and well-designed
+20Bad debt is isolated per market, not socialized across protocol
Provenance
Oracle Integrity
80Weight 13% · 76% confidence
+20Oracle-agnostic: each market specifies its own oracle
+20Risk delegated to market creators/curators
+20No protocol-level oracle validation (intentional design)
+20Popular markets use Chainlink, Morpho oracles wrapper
Provenance
Battle-Tested Maturity
65Weight 12% · 72% confidence
+16Morpho Blue live since Jan 2024 (~1.5 years)
+16Original Morpho Optimizer (2022) provides org maturity
+16Formally verified core contract
-35Rapid TVL growth to $5B but limited stress-test history
Provenance
Governance & Upgradeability
68Weight 10% · 75% confidence
+17Base layer is immutable (strong governance by design)
+17MetaMorpho curators have significant control over vault allocation
+17No protocol-level token governance yet (MORPHO token governance minimal)
+17Morpho Labs retains influence on ecosystem direction
Provenance
Adversarial Resilienceredacted
54Weight 10% · 95% confidence
- Score derived from continuous adversarial security research
Provenance
Operational Security
59Weight 10% · 60% confidence
-41No branch protection detected
+12Active CI/CD (100% success rate)
+12Commit signing: 100% verified
+12Minimal development activity (2 commits/month)
Provenance
Compositional Risk
72Weight 5% · 74% confidence
+24MetaMorpho vaults compose over base markets (curator trust)
+24Growing integration ecosystem (Steakhouse, Re7, Gauntlet curators)
-28Callback-based authorization enables complex composition
+24Vault reallocation can create cascading liquidity shifts
Provenance
Cascade Exposure
55Weight 5% · 90% confidence
+18Appears in 9 cross-protocol cascade chain(s)
+18Member of 8 dependency cluster(s)
+18Source: cross_protocol_composition.json dependency analysis
Provenance
Supply Chain
90Weight 4% · 88% confidence
+30Extremely minimal dependency chain (by design)
+30Formal verification of core invariants
+30Clean, well-audited codebase (Spearbit, Cantina)
Provenance
Top Score Drivers
Dimensions with the greatest marginal impact on BRI.
Adversarial Resilience
54+31.7 potential
Operational Security
59+27 potential
No branch protection detected
Battle-Tested Maturity
65+26.5 potential
Rapid TVL growth to $5B but limited stress-test history
Governance & Upgradeability
68+19.6 potential
Base layer is immutable (strong governance by design)
Cascade Exposure
55+15.1 potential
Appears in 9 cross-protocol cascade chain(s)
Adversarial Risk Signals
Publicly verifiable security posture indicators.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:e...
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "morpho"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("morpho")Reduce exploitable risk
Continuous adversarial analysis, vulnerability detection, and verified reassessment.
Embed this score
Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.
Style
Theme
Format
Preview
Copy iframe code
<iframe
src="https://blackhart.io/embed/oracle/morpho?variant=card&theme=dark"
title="BlackHart Risk Index: Morpho"
width="340"
height="290"
frameborder="0"
loading="lazy"
style="border:0; max-width:100%;"
></iframe>