SupplyHarvestVault Manual Review Findings

SRC-01M: Potential Points of Concern

Type	Severity	Location
Standard Conformity		SupplyHarvestVault.sol:L162, L166, L173

Description:

The referenced lines indicate integration with the IMorpho contract which is an internal project contract that is not in scope of the audit and thus interactions with it cannot be properly validated.

Example:

Copy
14contract SupplyHarvestVault is SupplyVaultUpgradeable {

Recommendation:

As general security recommendations, we advise the Morpho team to ascertain that the reward yielded by claimRewards is a single value variable, the false flag is correct for the purposes of the harvest system, and that the asset supplied in the last call properly update the relevant entries for the EIP-4626 asset evaluation mechanism. This does not constitute an audit of the Morpho contract and simply indicates best practices and security considerations that should be followed.

Alleviation:

The Morpho team considered our advice and has validated the IMorpho integration on their end. This exhibit will remain in the audit report for the sake of prosperity, marked as "addressed" based on Morpho's validation of the integration.