Circuit breaker on price deviation

Morpho V1 (Morpho Blue + MetaMorpho)'s assessment for RD-F-057 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No circuit breaker present. Morpho Blue core and ChainlinkOracleV2 have no price-deviation guard. PAXG/USDC exploit ($230K, Oct 2024) demonstrated: $2.6T oracle mispricing was accepted unconditionally — no circuit breaker triggered. Confirmed by source inspection and realized exploit.

Detail #

Source inspection of Morpho.sol confirms no maxDeviationBps or priceGuard logic. MorphoChainlinkOracleV2.sol price() function has no deviation check. The PAXG/USDC incident showed that a 10^12 price inflation was not caught. Template: red = no circuit breaker.

Sources #

Governance
Retrospective: PAXG/USDC market oracle configurationPAXG/USDC oracle retrospective — $2.6T mispricing uncaughtretrieved 2026-04-27
GitHub
Morpho.solMorpho.sol — no deviation check in oracle call pathretrieved 2026-04-27

Methodology #

Determine whether the protocol halts or reverts if the oracle-reported price deviates by more than X% from a reference within Y blocks.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol morpho-v1 factor RD-F-057 score red collected_at 2026-04-30 21:19:13