Sign in
  1. Competitions
  2. metamorpho-and-periphery
profile image

Morpho - metamorpho-and-periphery

Metamorpho and Periphery Competition

Morpho Labs has teamed up with Cantina for the inaugural public security review competition hosted on their new platform by security researchers for security researchers.

The competition at a glance:

  • November 16th 10:00 UTC to December 7th 10:00 UTC
  • $100k total prize pool.

What is Morpho Blue and MetaMorpho

Morpho Blue and MetaMorpho form part of the vision to rebuild decentralized lending in layers, with MetaMorpho enabling any lending experience to be rebuilt on a shared and immutable base layer: Morpho Blue.

Morpho Blue is a trustless lending primitive that offers unparalleled efficiency and flexibility. It enables the creation of isolated lending markets by specifying any loan asset, any collateral asset, a liquidation LTV (LLTV), an oracle, and an interest rate model.

MetaMorpho is a protocol for lending vaults built on Morpho Blue. Anyone can create a vault that allocates to multiple Morpho Blue markets. Each vault is curated to provide suppliers with tailored risk exposures, better yields, and greater transparency.

Visit the docs for a complete project overview.

Prize distribution and scoring

The prize distribution works as follows:

  • Security reviewers will score points for each finding.
  • Prizes are distributed proportionally to the number of points scored.
  • A High Severity is worth 10 points, and a Medium Severity 3 points.
  • Duplicate findings will be resolved using a scoring formula that incentivizes unique findings.
  • Duplicate findings will be resolved using the following scoring formula that incentivizes unique findings:
    • Each duplicate finding will be scaled down by 0.9n1/n0.9^{n - 1} / n, where nn is the # of duplicates.
  • 10% of the prize pot is reserved for Low Severity or informational findings. These reports are judged based on quality and researchers are then ranked from 1st to 5th for the purpose of prize allocation:
    • 1st: $5k
    • 2nd: $2.5k
    • 3rd: $1.25k
    • 4th: $625
    • 5th: $625

Scope

Check out the previously recorded read through of the repos for both competitions on cantina twitter.

Morpho Blue IRM

  • Repository: morpho-org/morpho-blue-irm
  • Commit: c2b1732fc332d20a001ca505aea76bd475e95ef1
  • Total LOC: 134
  • Files: all files in src
Fileblankcommentcode
src/SpeedJumpIrm.sol274587
src/libraries/MathLib.sol101629
src/libraries/ErrorsLib.sol6119
src/libraries/UtilsLib.sol199
SUM:4481134

Morpho Blue Oracles

Fileblankcommentcode
src/ChainlinkOracle.sol94646
src/libraries/ChainlinkDataFeedLib.sol71315
src/interfaces/AggregatorV3Interface.sol5314
src/libraries/VaultLib.sol378
src/libraries/ErrorsLib.sol275
src/interfaces/IERC4626.sol144
SUM:277792

MetaMorpho

  • Repository: morpho-org/metamorpho
  • Commit: f4e2574029743088a8800149593fa997ab66f0f8
  • Total LOC: 642
  • Files: all files in src except the mocks folder
Fileblankcommentcode
src/MetaMorpho.sol202183477
src/interfaces/IMetaMorpho.sol171165
src/libraries/EventsLib.sol223437
src/MetaMorphoFactory.sol132026
src/libraries/ErrorsLib.sol212624
src/libraries/ConstantsLib.sol5108
src/interfaces/IMorphoMarketParams.sol215
SUM:282285642

Morpho Blue Bundlers

  • Repository: morpho-org/morpho-blue-bundlers
  • Commit: 5099e5fef9a82a500b875eb81b90c2deca1de243
  • Total LOC: 983
  • Files: all files in src except the mocks and goerli folders
Fileblankcommentcode
src/migration/interfaces/IAaveV3.sol41356126
src/MorphoBundler.sol3984112
src/migration/interfaces/IAaveV2.sol2415780
src/migration/interfaces/IAaveV30ptimizer.sol12372
src/ERC4626Bundler.sol274547
src/migration/CompoundV3MigrationBundler.sol163841
src/migration/interfaces/ICompoundV3.sol16136
src/migration/AaveV30ptimizerMigrationBundler.sol154235
src/migration/CompoundV2MigrationBundler.sol202834
src/StEthBundler.sol202633
src/BaseBundler.sol172632
src/TransferBundler.sol152628
src/WNativeBundler.sol172426
src/interfaces/IWstEth.sol2125
src/UrdBundler.sol51422
src/ethereum/EthereumBundler.sol4622
src/Permit2Bundler.sol81320
src/migration/AaveV2MigrationBundler.sol132520
src/migration/AaveV3MigrationBundler.sol132420
src/migration/MigrationBundler.sol7916
src/ethereum/EthereumPermitBundler.sol41515
src/PermitBundler.sol31614
src/ethereum/interfaces/IDaiPermit.sol21014
src/interfaces/IMorphoBundler.sol2513
src/libraries/ErrorsLib.sol121713
src/migration/interfaces/ICToken.sol8111
src/migration/interfaces/ICEth.sol7110
src/interfaces/IStEth.sol518
src/ethereum/libraries/MainnetLib.sol457
src/ethereum/migration/AaveV2EthereumMigrationBundler.sol467
src/interfaces/IWNative.sol117
src/ethereum/EthereumStEthBundler.sol466
src/interfaces/IMulticall.sol174
src/migration/interfaces/IComptroller.sol114
src/libraries/ConstantsLib.sol233
SUM:3911043983

Universal Rewards Distributor

Fileblankcommentcode
src/UniversalRewardsDistributor.sol4865100
src/interfaces/IUniversalRewardsDistributor.sol6928
src/UrdFactory.sol81424
src/libraries/EventsLib.sol83119
src/libraries/ErrorsLib.sol71210
SUM:77131181

ERC20Permissioned

Fileblankcommentcode
src/ERC20PermissionedBase.sol253355

Out of Scope issues

Any findings on the previous review from OpenZeppelin / Cantina Managed review will be considered out of scope.

On top of that, automated findings from 4nalyzer will also be considered out of scope.

Summary

Status

Escalations

Total reward:

$100,000 USDC

Start date:

16 Nov 2023 8:00pm UTC (local time)

End date:

7 Dec 2023 8:00pm UTC (local time)

The first marketplace for web3 security. We've aggregated the security talent and solutions so you don't have to.

Services

CompetitionsReviewsGuilds

© 2024 Cantina. All rights reserved.