Sign in
  1. Competitions
  2. morpho-blue
profile image

Morpho - morpho-blue

Morpho Blue Competition

Morpho Labs has teamed up with Cantina for the inaugural public security review competition hosted on their new platform by security researchers for security researchers. The competition will run two codebases in parallel: Metamorpho & Morpho Blue.

Competition at a Glance

  • November 13th 10:00 UTC to December 4th 10:00 UTC
  • Metamorpho: $100,000
  • Morpho Blue: $100,000
  • Total Prize Pool: $200,000

What is Morpho Blue and MetaMorpho

Morpho Blue and MetaMorpho form part of the vision to rebuild decentralized lending in layers, with MetaMorpho enabling any lending experience to be rebuilt on a shared and immutable base layer: Morpho Blue.

Morpho Blue is a trustless lending primitive that offers unparalleled efficiency and flexibility. It enables the creation of isolated lending markets by specifying any loan asset, any collateral asset, a liquidation LTV (LLTV), an oracle, and an interest rate model.

Visit the docs for a complete project overview.

Prize distribution and scoring

The prize distribution works as follows:

  • Security reviewers will score points for each finding.
  • Prizes are distributed proportionally to the number of points scored.
  • A High Severity is worth 10 points, and a Medium Severity 3 points.
  • Duplicate findings will be resolved using the following scoring formula that incentivizes unique findings:
    • Each duplicate finding will be scaled down by 0.9n1/n0.9^{n - 1} / n, where nn is the # of duplicates.
  • 10% of the prize pot is reserved for Low Severity or informational findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation:
    • 1st: $5,000
    • 2nd: $2,500
    • 3rd: $1,250
    • 4th: $625
    • 5th: $625
Severity levelImpact: HighImpact: MediumImpact: low
Likelihood:HighHighHighMedium
Likelihood:MediumHighMediumLow
Likelihood:LowMediumLowLow

Scope

Check out the previously recorded read through of the repos for both competitions:

Morpho Competition Live Code Walkthrough on twitter.

Morpho Blue

  • Repository: morpho-org/morpho-blue
  • Total LOC: 847
  • Files: all files in src except the mocks folder
Fileblankcommentcode
src/Morpho.sol12972325
src/interfaces/IMorpho.sol33167111
src/libraries/periphery/MorphoBalancesLib.sol172182
src/libraries/periphery/MorphoStorageLib.sol24976
src/libraries/EventsLib.sol188247
src/libraries/periphery/MorphoLib.sol11646
src/libraries/ErrorsLib.sol232826
src/libraries/MathLib.sol81225
src/libraries/UtilsLib.sol51023
src/libraries/SafeTransferLib.sol5921
src/libraries/SharesMathLib.sol81519
src/interfaces/IMorphoCallbacks.sol53116
src/libraries/MarketParamsLib.sol3810
src/libraries/ConstantsLib.sol678
src/interfaces/IIrm.sol396
src/interfaces/IOracle.sol1104
src/interfaces/IERC20.sol162
SUM:300502847

Out of Scope issues

Any findings on the previous review from OpenZeppelin / Cantina Managed review will be considered out of scope.

Automated findings from 4naly3er.

Contact Us

For any issues or concerns regarding Cantina Competitions or Cantina Code - please reach out to us at Cantina.

Summary

Status

Escalations

Total reward:

$100,000 USDC

Start date:

13 Nov 2023 8:00pm UTC (local time)

End date:

4 Dec 2023 8:00pm UTC (local time)

The first marketplace for web3 security. We've aggregated the security talent and solutions so you don't have to.

Services

CompetitionsReviewsGuilds

© 2024 Cantina. All rights reserved.