DeFiScan

@defiscan

23 Following

4 Followers

DeFiScan pfp

We trusted governments; they failed us We trusted corporations; they robbed us We trusted billionaires; they played with us How about we stop trusting and harness the core - humanity changing benefit - that blockchains enable? Do not give even the chance to be evil. defiscan.info

0 reply

0 recast

0 reaction

DeFiScan pfp

Overall Score: Stage 1 The Morpho Ethereum mainnet protocol achieves Low centralization scores for the Chain and Accessibility dimensions. The upgradeability of the $MORPHO token that is not protected with an onchain governance system and Exit Window and its trusted Chainlink dependency result in Medium Upgradeability, Exit Window and Autonomy risks and Stage 1 decentralization. What Morpho can do to reach Stage 2: 1. Transferring control over the $MORPHO permissions to onchain governance with a sufficient Exit Window 2.Implementing a fallback mechanism around the Chainlink oracle (or Chainlink adopting a Security Council setup for its own multisig account) Once those measures are implemented, Morpho will be able to reach the highest decentralization level possible. 🔗Links Protocol Reviewer: https://x.com/@mmilien_ Full review: https://www.defiscan.info/protocols/morpho Website: https://morpho.org/ GitHub: https://github.com/morpho-org DeFiLlama: https://defillama.com/protocol/morpho-blue

0 reply

0 recast

0 reaction

DeFiScan pfp

🚪Accessibility 🟢Low Accessibility Centralization Score The main morpho interface is app.morpho.org. An RPC-only fallback interface (fallback.morpho.org) exists, offering an alternative in case of failure of the main interace. A backup solution allows users to self-host and access morpho following instructions on this repository. In addition to that, morpho is also accessible through several interfaces: @defisaver - https://app.defisaver.com/morpho @contango defi.instadapp.io/metamorpho monarchlend.xyz summer.fi/borrow?protocol=morphoblue lite.morpho.org

0 reply

0 recast

0 reaction

DeFiScan pfp

The Chainlink oracle system itself is upgradeable potentially resulting in the publishing of unintended or malicious prices. The permissions to upgrade are controlled by a multisig account with a 4-of-9 signers threshold. This multisig account is listed in the Chainlink docs but signers are not publicly announced. An unintended upgrade of the Chainlink price feed contracts could result in stale or inaccurate prices being reported. Since the Morpho oracle reverts on a negative price reported by a Chainlink feed, this failure could result in the permanent freezing of funds in affected markets. With a potential impact on more than 35% of Morpho markets, or more than 30% of Morpho's TVL, Chainlink is thus assessed as a Medium centralization risk for Morpho.

0 reply

0 recast

0 reaction

DeFiScan pfp

🪟Exit Window 🟡Medium Exit Window Centralization Score The morpho.eth multisig account owns the permission to enable new Liquidation LTVs and Interest Rate Models to create new Morpho Markets with, but cannot change existing Morpho Markets thus not affecting user positions. However, critical permissions in the $MORPHO token allow the same multisig account to upgrade the token contract or mint more tokens. These permissions can result in the loss of unclaimed $MORPHO rewards and thus expose a Medium upgradeability risk. The permissions are not protected with onchain governance and an Exit Window, instead the morpho.eth multisig account can upgrade and mint on the $MORPHO token contract instantly.

0 reply

0 recast

0 reaction

DeFiScan pfp

⛅Autonomy 🟡Medium Autonomy Centralization Score Morpho Markets are configured with an external price oracle which are neither controlled by Morpho nor deployed by Morpho. However, the Morpho protocol facilitates oracle creation through a factory, currently MorphoChainlinkOracleV2Factory, which is used by more than 35% of Morpho markets (read more: https://defiscan-git-morpho-defiscan.vercel.app/protocols/morpho#dependencies). This factory wraps price feeds compliant with Chainlink's Aggregator interface and assumes that these feeds never fail (liveness and valid prices). Although the price feed is chosen permissionlessly by the market creator, more than 35% of the Morpho markets rely on a Chainlink curated price feed.

0 reply

0 recast

0 reaction

DeFiScan pfp

⚠️Reviewer's Notes about Curators Curators of Morpho Vaults are in control of critical permissions which can result in the loss of user funds and unclaimed yield. These permissions only have a direct impact on users in the respective vault and thus do not contribute to the centralization of the Morpho protocol. Vault owners can name guardians with the capability to cancel bad behaviors of curators, when the actions they are taking is increasing the risk towards the end user.

0 reply

0 recast

0 reaction

DeFiScan pfp

🚨Upgradability 🟡Medium Upgradability Centralization Score The Morpho (markets) protocol and Morpho Vaults are non-upgradeable. No permissions exist in the Morpho protocol that could affect users' funds and unclaimed yield or could otherwise result in non-expected protocol performance. Permissions in Morpho Vaults are owned by the vault creators themselves, aka Curators, and thus are not centralized under Morpho governance. A team multisig, morpho.eth, is able to activate a fee switch and enable new LTV tiers and interest rate models. These permissions can only affect newly created markets with fees enforced in a fixed range. The morpho.eth multisig is further in control of the $MORPHO token and it's upgradeability and minting features. $MORPHO upgrades or minting can directly impact distributed rewards in the system and thus result in the loss of unclaimed yield.

0 reply

0 recast

0 reaction

DeFiScan pfp

⛓️Chain 🟢The report is concerned with the Morpho instance deployed on Ethereum mainnet. Ethereum achieves a Low chain centralization score.

0 reply

0 recast

0 reaction

DeFiScan pfp

Protocol Introduction Morpho is a lending protocol which enables the deployment of minimal and isolated lending markets by specifying: - One collateral asset - One loan asset - A Liquidation Loan To Value (LLTV) ratio - An Interest Rate Model (IRM) - An oracle Users may lend funds directly on individual Morpho markets or through Morpho Vaults. These vaults are created permissionlessly by third parties, or risk curators, and offer managed lending strategies by aggregating different Morpho markets.

0 reply

0 recast

0 reaction

DeFiScan pfp

@morpho's decentralization review

0 reply

0 recast

0 reaction

DeFiScan pfp

Overall Score: Stage 0 The Sky protocol exposes critical permissions that are not protected with an Exit Window of at least 7 days or a Security Council and thus earns a High centralization risk score for its Upgradeability and Exit Window dimensions. Furthermore, Sky is exposed to centralization risks from its USDC and Chronicle dependencies, resulting in an overall High centralization risk score for the Autonomy dimension. Sky thus achieves a decentralization of Stage 0. The protocol could reach Stage 1 by: 1. No longer swapping its $USDS with Circle's $USDC in a blind fashion 2. Increase its Exit Window to at least 7 days or establish a Security Council. It could further reach Stage 2 with: 1. An Exit Window of at least 30 days 2. Changing its oracle provider to a Stage 2 or equivalent protocol. This could also be achieved if Chronicle increases its Exit Window to 30 days.

0 reply

0 recast

0 reaction

DeFiScan pfp

🔗Links ✍️Protocol Reviewer: @mmilien_ (https://x.com/@mmilien_) 📜DeFiScan complete review @makerdao (https://x.com/@SkyEcosystem) Website (https://sky.money/) GitHub (https://github.com/makerdao) DeFiLlama (https://defillama.com/protocol/sky-lending)

0 reply

0 recast

0 reaction

DeFiScan pfp

🚪Accessibility 🟢Low Accessibility Centralization Score Sky has a main frontend at sky.money. The frontend is not self-hostable nor open source, but multiple other access points exist with Sky-specific apps such as Spark or third-party apps like DeFiSaver or SummerFi Pro. These apps build an acceptable backup solution in case of failure of the official frontend.

0 reply

0 recast

0 reaction

DeFiScan pfp

In addition to that, an Emergency Shutdown Module exists and can shut down the entire protocol if 500,000 MKR tokens are irreversibly sent to the Emergency Shutdown Contract. Once the process is started, a specific timeline allows token holders and vault users to receive the net value of their assets. If the process is activated, it is irreversible, a fork would need to be created in order to revive the protocol. It is assumed that there are 2 scenarios: 1. A malicious majority is hijacking the Sky Governance. The only option once the system is shut down is to set up an alternative fork in which the malicious users' funds are slashed, and the users who shut down the system see their funds restored. 2. A critical bug was discovered and prevented with a system shutdown. The Sky Governance can refund users who shut down the system by minting new tokens.

0 reply

0 recast

0 reaction

DeFiScan pfp

@chroniclelabs The Sky protocol also relies on the provider Chronicle for price feeds of collateral assets. Chronicle is an oracle protocol that computes a median price from multiple sources. The protocol contains validators who push new prices and challengers who can freeze and challenge new prices. The validator set of an oracle can be changed with a delay of 7 days. We analysed Chronicle's decentralization in a dedicated report here. An Oracle Security Module (OSM) enforces a 1-hour window on price updates, and the governance can freeze the current price value to prevent further updates. In addition to freezing prices, the MakerDAO governance can change the oracle provider with a governance proposal.

0 reply

0 recast

0 reaction

DeFiScan pfp

🔴High Exit Window Centralization Score All permissions within Sky are held by the onchain Sky Governance. There are no external accounts or multisigs in control. The minimum delay between approval and execution of a Sky Governance proposal is 18 hours, recently reduced from 30 hours in an emergency proposal. The Sky Governance has a continuous proposal model, which means voters need to migrate their vote from the current proposal to a new proposal. The proposal with the most votes at any time is accepted and can be executed once its delay has passed. Emergency measures permissions allow the Sky Governance to pause certain contracts through a proposal without being subject to the mandatory delay. This is the case for all contracts that have a Mom who can pause or stop their child.

0 reply

0 recast

0 reaction

DeFiScan pfp

⛅Autonomy 🔴High Autonomy Centralization Score Circle's $USDC Sky has a centralized dependency on Circle and its $USDC stablecoin token. Users can mint $USDS from $USDC at a fixed 1:1 rate. This means that $USDS is directly pegged to $USDC which is a centralized stablecoin. This conversion may be stopped or paused in an emergency Sky Governance proposal. There is a debt ceiling limiting how much $USDS can be backed by $USDC. Nonetheless, at the time of writing, this debt ceiling is high enough that it does not prevent more than 50% of the collateral in Sky from being backed by USDC. The ceiling is explained further in the dependencies section.

0 reply

0 recast

0 reaction

DeFiScan pfp

🚨Upgradability 🔴High Upgradability Centralization Score $USDS and $sUSDS, respectively Sky's stablecoin and its corresponding yield-bearing version, are upgradeable contracts through Sky Governance proposals. Updating those contracts could change the entire logic of those tokens and may incur a loss of funds for users. Critical parameters in the Sky protocol can be changed through Sky Governance proposals. Unwanted updates to these parameters can result in the loss of funds, loss of unclaimed yield, or otherwise materially impact the expected protocol performance. Example actions are: - Forced liquidations, which would result in loss of user funds. - Creating unbacked debt, which could endanger the protocol's stability. - Pausing the contracts, which could trap user funds for an undetermined amount of time.

0 reply

0 recast

0 reaction

DeFiScan pfp

Decentralization Assessments ⛓️Chain 🟢The report is concerned with the Sky instance deployed on Ethereum mainnet. Ethereum achieves a Low chain centralization score.

0 reply

0 recast

0 reaction