Omniscia Morpho Audit
Specialized Token Security Audit
Audit Overview
We were tasked with auditing the permissioned ERC20 implementation by Morpho that ensures transfers can only be executed by authorized parties as well as the public should it have been set so by the contract's owner.
Over the course of the audit, we identified the absence of a validation in the burning mechanism that we advise be introduced to avoid potential issues with integrations in centralized and decentralized exchanges due to centralization concerns.
We advise the Morpho team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The Morpho team adequately responded to all exhibits identified and refactored their code to no longer expose a burn function that burns the balance of arbitrary parties thereby nullifying the manual review exhibit within the report.
The original Solmate codebase was rigorously optimized according to our recommendation as part of our code style exhibits, increasing the legibility of the codebase as well as reducing its execution cost across the board.
Contracts Assessed
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
 | 0 | 0 | 0 | 0 |
 | 2 | 2 | 0 | 0 |
 | 2 | 1 | 0 | 1 |
 | 0 | 0 | 0 | 0 |
 | 0 | 0 | 0 | 0 |
During the audit, we filtered and validated a total of 1 findings utilizing static analysis tools as well as identified a total of 3 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: