Morpho

Morpho Blue IRM Smart Contract Audit

Cantina Security Report

Organization

@morpho-org

Engagement Type

Cantina Reviews

Period

-


Variable Rate IRM Contract Review of Morpho Blue

Morpho continues to evolve its lending infrastructure with modular, permissionless interest rate models (IRMs) for the Morpho Blue ecosystem. This version introduced dynamic rate logic with exponential math, designed to adjust borrowing costs based on market utilization and error feedback mechanisms.

To verify the soundness of this upgrade, Morpho engaged Cantina for a security audits review of its SpeedJump IRM implementation. The review focused on average rate calculation, exponential bounds, overflow handling, and safe parameter tuning—essential to preventing stuck funds or distorted behavior.

Cantina offers additional security layers to support evolving DeFi infrastructure, including bug bounty programs, crowdsourced security competitions, and multisig security.


Findings

High Risk

2 findings

1 fixed

1 acknowledged

Medium Risk

1 findings

0 fixed

1 acknowledged

Low Risk

1 findings

1 fixed

0 acknowledged

Informational

5 findings

2 fixed

3 acknowledged