Morpho / morpho-blue
Morpho Blue Competition
Morpho Labs has teamed up with Cantina for the inaugural public security review competition hosted on their new platform by security researchers for security researchers. The competition will run two codebases in parallel: Metamorpho & Morpho Blue.
Competition at a Glance
- November 13th 10:00 UTC to December 4th 10:00 UTC
- Metamorpho: $100,000
- Morpho Blue: $100,000
- Total Prize Pool: $200,000
What is Morpho Blue and MetaMorpho
Morpho Blue and MetaMorpho form part of the vision to rebuild decentralized lending in layers, with MetaMorpho enabling any lending experience to be rebuilt on a shared and immutable base layer: Morpho Blue.
Morpho Blue is a trustless lending primitive that offers unparalleled efficiency and flexibility. It enables the creation of isolated lending markets by specifying any loan asset, any collateral asset, a liquidation LTV (LLTV), an oracle, and an interest rate model.
Visit the docs for a complete project overview.
Prize distribution and scoring
The prize distribution works as follows:
- Security reviewers will score points for each finding.
- Prizes are distributed proportionally to the number of points scored.
- A High Severity is worth 10 points, and a Medium Severity 3 points.
- Duplicate findings will be resolved using the following scoring formula that incentivizes unique findings:
- Each duplicate finding will be scaled down by 0.9n−1/n0.9^{n - 1} / n0.9n−1/n, where nnn is the # of duplicates.
- 10% of the prize pot is reserved for Low Severity or informational findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation:
- 1st: $5,000
- 2nd: $2,500
- 3rd: $1,250
- 4th: $625
- 5th: $625
| Severity level | Impact: High | Impact: Medium | Impact: low |
|---|---|---|---|
| Likelihood:High | High | High | Medium |
| Likelihood:Medium | High | Medium | Low |
| Likelihood:Low | Medium | Low | Low |
Scope
Check out the previously recorded read through of the repos for both competitions:
Morpho Competition Live Code Walkthrough on twitter.
Morpho Blue
- Repository: morpho-org/morpho-blue
- Total LOC: 847
- Files: all files in
srcexcept themocksfolder
| File | blank | comment | code |
|---|---|---|---|
| src/Morpho.sol | 129 | 72 | 325 |
| src/interfaces/IMorpho.sol | 33 | 167 | 111 |
| src/libraries/periphery/MorphoBalancesLib.sol | 17 | 21 | 82 |
| src/libraries/periphery/MorphoStorageLib.sol | 24 | 9 | 76 |
| src/libraries/EventsLib.sol | 18 | 82 | 47 |
| src/libraries/periphery/MorphoLib.sol | 11 | 6 | 46 |
| src/libraries/ErrorsLib.sol | 23 | 28 | 26 |
| src/libraries/MathLib.sol | 8 | 12 | 25 |
| src/libraries/UtilsLib.sol | 5 | 10 | 23 |
| src/libraries/SafeTransferLib.sol | 5 | 9 | 21 |
| src/libraries/SharesMathLib.sol | 8 | 15 | 19 |
| src/interfaces/IMorphoCallbacks.sol | 5 | 31 | 16 |
| src/libraries/MarketParamsLib.sol | 3 | 8 | 10 |
| src/libraries/ConstantsLib.sol | 6 | 7 | 8 |
| src/interfaces/IIrm.sol | 3 | 9 | 6 |
| src/interfaces/IOracle.sol | 1 | 10 | 4 |
| src/interfaces/IERC20.sol | 1 | 6 | 2 |
| SUM: | 300 | 502 | 847 |
Out of Scope issues
Any findings on the previous review from OpenZeppelin / Cantina Managed review will be considered out of scope.
Automated findings from 4naly3er.
Contact Us
For any issues or concerns regarding Cantina Competitions or Cantina Code - please reach out to us at Cantina.
Summary
Status
CompletedTotal reward:
$100,000 USDC
Start date:
13 Nov 2023 8:00pm (local time)
End date:
4 Dec 2023 8:00pm (local time)