Morpho

Morpho Aave v3 Lending Protocol Audit

Cantina Security Report

Organization

@morpho-org

Engagement Type

Spearbit Web3

Period

-


Lending Pool Optimization Security Review of Morpho Av3

Morpho is a peer-to-peer lending optimizer that improves capital efficiency by matching supply and borrow positions within existing lending pools like Aave. The protocol offers users improved APYs without sacrificing pool-level liquidity and maintains compatibility with Aave’s risk and collateral parameters.

To strengthen its risk model and ensure reliable integration, Morpho engaged Spearbit via Cantina for a security audits review of its Morpho Aave v3 implementation. The engagement focused on LTV edge cases, isolation mode risks, oracle fallbacks, and reward distribution mismatches to align user experience with expected lending outcomes.

Cantina supports lending protocol security through layered solutions like bug bounty programs, crowdsourced security competitions, and multisig security, helping to secure core infrastructure as systems evolve and scale.


Findings

Critical Risk

4 findings

4 fixed

0 acknowledged

High Risk

5 findings

3 fixed

2 acknowledged

Medium Risk

7 findings

5 fixed

2 acknowledged

Low Risk

4 findings

3 fixed

1 acknowledged

Informational

13 findings

7 fixed

6 acknowledged

Gas Optimizations

3 findings

3 fixed

0 acknowledged