Morpho's immutability ends where your curator's flow caps begin

If you're supplying USDC to a Morpho vault, the protection you're depending on isn't the one the protocol advertises.

Morpho Blue's core contract is 650 lines of immutable Solidity, formally verified by Certora, with no admin keys and no upgrade path. In the March 22 Resolv exploit, none of that protected Gauntlet's depositors. A flow cap value of zero did.

How Morpho Blue actually works

Morpho Blue is one contract. Every market on the protocol lives inside it.

Each market is defined by five parameters set at deployment: loan asset, collateral asset, oracle address, interest rate model, and liquidation LTV. Every parameter is locked permanently, and no governance vote or admin key can change any of them after the market is deployed.

The oracle interface is minimal. One function, price(), returns how many loan tokens one collateral unit is worth. Morpho doesn't verify the oracle source. It doesn't check prices against a circuit breaker. It just calls the function at liquidation time and trusts the number.

This is the design intent, not an oversight. A 650-line contract has a smaller attack surface than a 50,000-line one. The protocol has passed 45 audits and Certora formal verification of its core health invariant. At the base layer, it does exactly what it says.

Isolation holds at that layer too. A bad oracle on one Blue market cannot bleed into another. Bad debt stays within the market where it originated, distributed across that market's lenders and no one else.

The layer most depositors are actually in

Most USDC doesn't go directly into Blue markets. It goes into MetaMorpho vaults: ERC-4626 wrappers managed by curators (Gauntlet, Steakhouse, MEV Capital, Re7 Labs) who allocate across multiple Blue markets in pursuit of yield.

The vault layer is not immutable. Curator configuration changes constantly. Supply caps, market allocations, and Public Allocator flow cap settings are all curator decisions.

The Public Allocator is a permissionless contract that curators can enable on their vaults. When enabled, it automatically routes idle USDC from lower-demand markets into higher-demand ones, capturing spread without manual rebalancing. It runs on chain logic with no oracle failure detection and no pause mechanism when a market is under stress.

The base protocol achieves security through code immutability. The optimization layer achieves security through curator discretion. These are two different guarantees, and you get both when you deposit.

This architecture is not accidental. It's Morpho's answer to the governance-controlled monolithic pool. Aave's governance can update oracles, pause markets, freeze assets. Morpho chose to make that impossible at the base layer and push the responsibility to individual curators. The tradeoff: no governance capture risk, but the security of your deposit depends on the specific curator you chose and their current configuration.

What the exploit showed

On March 22, an attacker compromised Resolv's service key and minted 80 million unbacked USR tokens. USR crashed to $0.14 on secondary markets within hours.

The wstUSR/USDC market on Morpho had a hardcoded oracle that valued USR at $1. The oracle cannot be changed. Arbitrageurs deposited collapsing USR, borrowed USDC at face value, and left the market with bad debt.

Gauntlet's vaults had non-zero Public Allocator flow caps on this market. As USDC demand spiked, the Allocator did exactly what it was configured to do: route idle liquidity in. $5.95M flowed from Gauntlet's vaults into the compromised market in 90 minutes, 96% of the $6.2M total.

Steakhouse had zero flow caps on the wstUSR market. Not lower caps. Zero. Their depositors saw zero exposure to the same exploit on the same protocol on the same day.

Six weeks ago in the economic stress test on Morpho, the key finding was that Public Allocator flows bypassed market isolation at the vault layer. This piece answers the architectural question that raised: the mechanism that made it possible is the immutable oracle, which cannot be corrected when a collateral price assumption breaks. The Public Allocator can't distinguish a healthy market from one with a stale oracle. It routes capital wherever demand is high.

The numbers

$6.2M drained from 15 vaults in 90 minutes.

96% of that total came from Gauntlet, which manages more than $1B in Morpho TVL and had published a favorable institutional risk assessment on Resolv days before the exploit.

$0 in losses for Steakhouse. One configuration variable.

180+ markets exist on Morpho Blue today. Most were created permissionlessly and have no active curator. They will exist with their original oracle parameters forever.

The TVL gap, six weeks later

Morpho's combined TVL peaked at $10B on the day of the exploit. It's currently $7.4B.

$2.6B has not returned in six weeks. No new vulnerability has been disclosed. The base protocol is unchanged. The gap reflects a repricing of curator-layer risk that the protocol itself has no mechanism to address.

MORPHO trades at $1.95, 53% below its January 2025 high of $4.17. Apollo Global has agreed to acquire up to 90 million MORPHO tokens (9% of supply) over 48 months, creating long-term institutional demand. But TVL recovery depends on curator behavior, not on institutional buying.

What this means for allocators

You chose a curator when you deposited. Your curator chose which oracle risk you accept by deciding which markets to enable for Public Allocator flows. Most depositors have never looked at those settings.

Before depositing into any MetaMorpho vault: ask which markets the vault has enabled for Public Allocator flows. Ask what the flow caps are, what justified each one, and when they were last reviewed. The oracle on every one of those enabled markets is permanent and cannot be updated under any conditions.

The risk is not theoretical. Steakhouse had zero exposure because someone made an explicit configuration decision. Gauntlet had $5.95M in exposure because someone else made a different one.

What this means for founders

If you're deploying a Morpho Blue market: your oracle choice is a one-way door. Not difficult to change. Impossible to change.

When collateral liquidity decays, when the pegged asset you built around loses its peg, when your oracle assumptions from six months ago no longer hold, you create a new market and migrate. The old market persists forever with its original parameters, available to any borrower who finds it.

Build the oracle selection into your risk documentation at deployment. Write down the assumptions that justify the oracle you chose, when those assumptions should trigger a market migration, and who is responsible for monitoring them. Most teams do not do this.

What to watch

Watch whether Gauntlet's flow caps on yield-bearing stablecoin markets tightened after March 22. If the caps on USR-class markets (newer protocol stablecoins with exchange rate oracles) remain non-zero, the financial incentive that caused the exposure is unchanged. Yield-maximizing curator configuration is the feature that works until it doesn't.

When Morpho TVL crosses $9B, the market will have priced curator-layer risk as manageable. If it stabilizes below $8B for another two months, serious allocators are treating the configuration gap as an unsolved structural problem, not a one-time event.

Closing

The 650-line contract does exactly what it claims. It is immutable, isolated, and correctly audited. What it cannot guarantee is what your curator configured on top of it. That is a different question, and it is the one that determined the outcome on March 22.

GAM Analysis is independent DeFi protocol research by @galbortam. If someone forwarded this to you, subscribe here.

Building a DeFi protocol? I do independent smart contract + economic reviews. Tell me what you're building.