★ Audit scope mismatch

Morpho V1 (Morpho Blue + MetaMorpho)'s assessment for RD-F-001 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Morpho Blue v1.0.0 tag (SHA 55d2d99) corresponds to Dec 2023 deploy; Etherscan shows exact-match verified source for 0xBBBBBbbBBb9cC5e90e3b3Af64bdAF62C37EEFFCb; post-audit commits are CI/docs only.

Detail #

The Morpho Blue release history shows three tags aligned with audit phases: v1.0.0-alpha (06f0f65, Spearbit review), v1.0.0-beta (f463e40, Cantina competition code), and v1.0.0 (55d2d99, Cantina competition fixes). The mainnet deploy occurred December 28, 2023, matching the v1.0.0 production tag. Etherscan confirms 'exact match' source verification. Commits to main branch after December 2023 through April 2026 are CI pin updates, documentation renaming (Mar 2026), license updates (Jan 2026) — no core Solidity logic changes. Confidence is medium rather than high because a programmatic bytecode diff against the audit PDF commit was not executed.

Sources #

Etherscan
https://etherscan.io/address/0xBBBBBbbBBb9cC5e90e3b3Af64bdAF62C37EEFFCb#coderetrieved 2026-04-27
GitHub
https://github.com/morpho-org/morpho-blue/commits/mainretrieved 2026-04-27
GitHub
https://github.com/morpho-org/morpho-blue/releasesretrieved 2026-04-27

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol morpho-v1 factor RD-F-001 score green collected_at 2026-04-30 21:19:13