Morpho

Morpho Aave v3 Smart Contract Audit

Cantina Security Report

Organization

@morpho-org

Engagement Type

Spearbit Web3

Period

-


P2P Lending Protocol Audit of Morpho Aave v3

Morpho is a lending optimizer that enhances Aave's capital efficiency by matching lenders and borrowers directly in a peer-to-peer layer. Its Aave v3 integration introduces optimized reward mechanics, collateral handling, and isolation mode management while preserving the familiar user experience and safety assumptions of the underlying protocol.

To assess this implementation, Morpho engaged Spearbit through Cantina for a security audits review of the Morpho Aave v3 codebase. The engagement addressed collateral misalignment risks, LTV=0 handling, borrower isolation scenarios, price oracle logic, and edge-case liquidations across supply, borrow, and reward claim flows.

Cantina also supports protocols like Morpho with layered protection through bug bounty programs, crowdsourced security competitions, and multisig security, reinforcing core lending infrastructure through community and expert-driven security reviews.


Findings

Critical Risk

4 findings

4 fixed

0 acknowledged

High Risk

5 findings

3 fixed

2 acknowledged

Medium Risk

7 findings

5 fixed

2 acknowledged

Low Risk

4 findings

3 fixed

1 acknowledged

Informational

13 findings

7 fixed

6 acknowledged

Gas Optimizations

3 findings

3 fixed

0 acknowledged