Trail of Bits
Audit Open Original ↗

Morpho

Type

Security review

Client

Morpho Labs

Date

2022-06

Domain

Blockchain

Effort

4 wks

Section

Ethereum/EVM

Trail of Bits's security review of Morpho Labs (Jun 2022) identified 8 issues: 2 high, 1 low, 3 informational, and 2 undetermined.

Findings · 8

  1. 1 Lack of two-step process for contract ownership changes High
  2. 2 Incomplete information provided in Withdrawn and Repaid events Informational
  3. 3 Missing access control check in withdrawLogic Informational
  4. 4 Lack of zero address checks in setter functions Informational
  5. 5 Risky use of toggle functions Low
  6. 6 Anyone can destroy Morpho’s implementation High
  7. 7 Lack of return value checks during token transfers Undetermined
  8. 8 Risk of loss of precision in division operations Undetermined

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related