Stakekit

Stakekit: PR 41

Cantina Security Report

Organization

@stakekit-company

Engagement Type

Cantina Reviews

Period

-

Researchers

MostafaYassin

Findings

Informational

1 findings

0 fixed

1 acknowledged

Informational1 finding

  1. Public Allocator Entry Points Cannot Be Paused During Emergencies

    State

    Acknowledged

    Severity

    Severity: Informational

    Likelihood: Low

    ×

    Impact: Low

    Submitted by

    MostafaYassin

    Description

    MorphoAllocator exposes public user entry points for borrowing, supplying loan assets, and supplying collateral, but it does not include an emergency pause mechanism. There is no active exploit path in the current implementation solely from this design choice.

    However, the contract is deployed behind an upgradeable proxy, so future upgrades may introduce new behavior or an unforeseen integration issue. Without a pause control, administrators cannot quickly stop user-facing flows while an issue is investigated or a fix is prepared.

    Recommendation

    Consider adding an emergency pause mechanism, such as OpenZeppelin's PausableUpgradeable.