Known-exploit function-selector replay

Morpho V1 (Morpho Blue + MetaMorpho)'s assessment for RD-F-095 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Two prior exploits involved distinct oracle misconfigurations (PAXG SCALE_FACTOR decimal error Oct 2024; Aerodrome AMM LP oracle May 2025) — not the same selector-pattern replay. Core immutable contract not vulnerable to replay at protocol level.

Detail #

The PAXG/USDC market was drained and the exploit was market-specific. No documented selector-pattern replay on other markets in 2025-2026. Morpho Blue core contract is immutable — no selectors exist for admin-replay exploits on the core.

Sources #

URL
https://medium.com/coinmonks/decoding-morphoblues-230k-exploit-6296565ced40retrieved 2026-04-27

Methodology #

Detect whether a call-pattern matches a known-exploit replay template (specific selector sequence and calldata shape) against this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol morpho-v1 factor RD-F-095 score green collected_at 2026-04-30 21:19:13