Scores/Morpho

Morpho

DAMASCUS

Lending / Borrowing · Ethereum + Base · $3B+ TVL · 10 contracts

Confidence 61%Z-Factor 0.68Updated 2026-05-06Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

813

BRI Score

3004756508251000

Security Profile

Access Control
85

Economic Soundness
82

Oracle Integrity
80

Compositional Risk
72

Governance
68

Maturity
65

Resilience
54

Supply Chain
90

Op Security
78

Cascade Exposure
55

Access Ctrl
85

Economic
82

Oracle
80

Compos.
72

Govern.
68

Maturity
65

Resilience
54

Supply Ch.
90

OpSec
78

Cascade
55

Min

Avg

Max

Audit History

Spearbit

2023-12

Cantina Competition

2024-07

Trail of Bits

2024-01

Bug Bounty Program

$500,000

Max payout on Immunefi

View Program →

Assessment

Exceptionally clean design with formally verified immutable core. Strongest supply chain score (D8=90) in this batch. Maturity (D6=65) and governance (D5=68) are main drags due to youth. Should improve significantly with time.

Dimension Breakdown

How scores work →

Access Control

Weight 18%82% conf

Strong

Minimalist Morpho Blue core: ~650 lines, immutable, no admin keys
Authorization model via callbacks (well-scoped)
MetaMorpho vaults add curator layer with controlled permissions
No emergency pause on base layer (by design)

Economic Soundness

Weight 13%78% conf

Strong

Isolated markets: no cross-collateralization contagion
LLTV per market, clean liquidation math
Interest rate model (IRM) is modular and well-designed
Bad debt is isolated per market, not socialized across protocol

Oracle Integrity

Weight 13%76% conf

Strong

Oracle-agnostic: each market specifies its own oracle
Risk delegated to market creators/curators
No protocol-level oracle validation (intentional design)
Popular markets use Chainlink, Morpho oracles wrapper

Battle-Tested Maturity

Weight 12%72% conf

Moderate

Morpho Blue live since Jan 2024 (~1.5 years)
Original Morpho Optimizer (2022) provides org maturity
Formally verified core contract
Rapid TVL growth to $5B but limited stress-test history
Z-factor: 0.731

Governance & Upgradeability

Weight 10%75% conf

Moderate

Base layer is immutable (strong governance by design)
MetaMorpho curators have significant control over vault allocation
No protocol-level token governance yet (MORPHO token governance minimal)
Morpho Labs retains influence on ecosystem direction

Adversarial Resilience

Weight 10%95% conf

Concerning

Score derived from continuous adversarial security research

Operational Security

Weight 10%74% conf

Good

Active monitoring and alerting
Responsive development team
Bug bounty program on Immunefi ($100K+)
Young operational history, untested under major incident

Compositional Risk

Weight 5%74% conf

Good

MetaMorpho vaults compose over base markets (curator trust)
Growing integration ecosystem (Steakhouse, Re7, Gauntlet curators)
Callback-based authorization enables complex composition
Vault reallocation can create cascading liquidity shifts

Cascade Exposure

Weight 5%90% conf

Moderate

Appears in 9 cross-protocol cascade chain(s)
Member of 8 dependency cluster(s)
Score: 55/100 (higher = more isolated from systemic risk)
Source: cross_protocol_composition.json dependency analysis

Supply Chain

Weight 4%88% conf

Excellent

Extremely minimal dependency chain (by design)
No proxy patterns on base layer
Formal verification of core invariants
Clean, well-audited codebase (Spearbit, Cantina)

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience54

Cascade Exposure55

Battle-Tested Maturity65

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2024-01-08Z-Factor 0.68010 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug: "morpho"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("morpho")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring Plans How Scores Work

Believe this score contains a factual error? Submit evidence for review →