Morpho

Morpho Vault v2 & Blue IRM

Cantina Security Report

Organization

@morpho

Engagement Type

Cantina Reviews

Period

-

Researchers

Om Parikh

Jonatas Martins

Saw-mon and Natalie

Findings

Informational

2 findings

1 fixed

1 acknowledged

Informational2 findings

  1. Inconsistency in marketIds array when burnShares is called

    State

    Acknowledged

    Severity

    Severity: Informational

    Submitted by

    Jonatas Martins

    Description

    The burnShares function sets supplyShares for a market to zero but does not remove the market from the marketIds array. This creates an inconsistency with the deallocate function, which removes the marketId from the array when the market has no supply.

    Recommendation

    Remove the marketId from the marketIds array to maintain consistency with the deallocate function behavior.

    Morpho: We don't do it, we think that it's more natural to leave it in deallocate. One would want to call deallocate anyway to update the allocations in the vault.

    Cantina Managed: Acknowledged.

  2. burned shares can't be recovered if market gets back to healthy state again

    State

    Fixed

    PR #841

    Severity

    Severity: Informational

    Submitted by

    Om Parikh

    Description

    When supplied shares for particular morpho market are burned, there is no way to rescue funds or recover funds in case if market gets to healthy state again.

    Since morpho shares are not erc20, skimming would not be possible to retrieve them later.

    Recommendation

    • consider documenting shares are lost permanently irrespective of market circumstances
    • add a way to retrieve morpho shares which are burned

    Morpho: Fixed in PR 841

    Cantina Managed: Fix verified.