DeFi protocol token
Morpho MORPHO
Morpho (MORPHO) is a standard ERC-20 governance/utility token for the Morpho DeFi lending protocol, deployed on Ethereum and multiple EVM-compatible chains. Under QRI Section 7.2 (Token Inheritance), the MORPHO token inherits Ethereum's base-layer cryptographic posture for transaction signatures and consensus — meaning all token transfers rely on quantum-vulnerable ECDSA. The token layer itself has no custom cryptographic mechanisms, no post-quantum features, no published quantum risk assessment, and no migration roadmap. Token-specific governance is controlled by a 5/9 Gnosis Safe multisig (morpho.eth) and a 3/5 Rewards multisig, both entirely ECDSA-based. A quantum adversary capable of breaking ECDSA could compromise these multisigs to drain the treasury (~35.7% of 1B total supply allocated to DAO), upgrade the token contract maliciously, or alter protocol parameters. The LayerZero OFT cross-chain bridge (currently paused on Arbitrum) introduces an additional quantum-vulnerable path when active. Morpho Midnight, an upcoming fixed-rate protocol, mentions optional post-quantum signature support in its whitepaper, but this is a design option in a not-yet-deployed system and does not constitute current production protection. The QRI Score of 4 reflects the complete absence of quantum-specific preparedness, protection, migration, or assurance at the token layer, capped at 10 by the lack of any public cryptographic inventory. The Morpho DAO should prioritize publishing a cryptographic inventory, migrating governance multisigs to PQ-safe smart contract wallets once Ethereum supports them (e.g., post-EIP-8141), and developing a token-specific quantum migration plan.
Token Inheritance: Inherits Ethereum L1 QRI ScoreClassical ECC-OnlyNo Quantum Risk Assessment Published by ProjectGovernance Multisig Quantum-VulnerableDeFi Protocol TokenCross-Chain (LayerZero OFT)
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
3.33 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No public cryptographic inventory or quantum threat model published by the Morpho DAO or Morpho Association (Readiness & Risk Cap: 10)
- Governance 5/9 multisig (morpho.eth: 0xcBa28b38103307Ec8dA98377ffF9816C164f9AFa) and Rewards 3/5 multisig (0xF057afeEc22E220f47AD4220871364e9E828b2e9) rely entirely on ECDSA-based Gnosis Safe; a quantum adversary forging signer keys could drain treasury, upgrade the token contract maliciously, or alter protocol parameters
- All MORPHO token transfer authorization relies on Ethereum ECDSA signatures; no PQ or hybrid spend-authorization path exists
- LayerZero OFT bridge (currently paused on Arbitrum) uses classical cryptography for cross-chain message verification; if reactivated without PQ upgrades, creates a bridge-specific quantum-vulnerable path between chains
Key Risks
- Governance multisig compromise via quantum ECDSA break: The 5/9 multisig at 0xcBa28b38103307Ec8dA98377ffF9816C164f9AFa controls the MORPHO token treasury, token contract upgrades, fee parameters, LLTV/IRM whitelisting, and ENS domain management. A quantum adversary who compromises 5 of 9 signer keys could execute arbitrary governance actions.
- Rewards multisig compromise: The 3/5 Rewards multisig at 0xF057afeEc22E220f47AD4220871364e9E828b2e9 controls reward distributions; only 3 signers need to be compromised.
- Token contract upgrade path: The MORPHO token is upgradable (proxy pattern); a compromised governance multisig could deploy a malicious implementation that mints, burns, or freezes tokens arbitrarily.
- Cross-chain bridge exposure: The LayerZero OFT adapter for MORPHO (morpho-org/morpho-token-l0) relies on LayerZero's classical cryptographic verification. When unpaused, a quantum attacker could potentially forge cross-chain messages to mint or unlock MORPHO tokens on destination chains.
- Long-exposure public keys: All MORPHO token holders who have sent transactions from their EOAs have exposed secp256k1 public keys on-chain, vulnerable to offline quantum attack with no time constraint (harvest now, decrypt later).
- No migration path for governance: Neither the Morpho DAO nor the Morpho Association has published any plan, timeline, or design for migrating governance multisigs to post-quantum secure alternatives.
- Inherited Ethereum risk: The MORPHO token is fully exposed to Ethereum's ECDSA vulnerability. While Ethereum has a structured PQ roadmap targeting ~2029, this timeline extends beyond typical quantum threat horizon estimates and does not guarantee timely token-level protection.
Assurance Notes
- Existing smart-contract audits (Certora, Spearbit, OpenZeppelin, Cantina, ChainSecurity, Runtime Verification) cover classical security of Morpho Blue, MetaMorpho vaults, and related contracts, but none address quantum-resistance or post-quantum cryptography.
- A $2.5M bug bounty program exists on Immunefi and Cantina covering DAO-owned contracts; no quantum-specific scope.
- Morpho Midnight whitepaper (May 2026) mentions modular ratifier contracts that could support post-quantum signature schemes, but Midnight is not yet in production (audit competition ongoing as of May 29, 2026) and this capability is a design option, not a deployed feature.
- Morpho Midnight is under active audit competition ($400K prize pool on Cantina) but no quantum-specific audit scope has been identified.
- The MORPHO token contract is upgradable (proxy pattern), which means governance could theoretically deploy PQ-aware upgrades, but no such plan or design exists.
- No formal quantum-specific incident-response playbook, security contact for quantum disclosures, or quantum threat monitoring process is documented.
- Morpho Blue core smart contracts are immutable; governance scope is intentionally limited, reducing the attack surface of a compromised multisig.
Non-Scoring Caveats
- Morpho Midnight whitepaper (May 2026) mentions that ratifier contracts 'let makers use different signature schemes such as passkeys or post-quantum schemes' — this is a design capability in a not-yet-deployed protocol and does not constitute production quantum protection for the MORPHO token or current Morpho Blue protocol.
- The LayerZero OFT bridge for MORPHO on Arbitrum has been paused since ~April 2026 following the KelpDAO/rsETH incident; this reduces current cross-chain quantum exposure but the bridge infrastructure remains quantum-vulnerable when reactivated.
- Morpho's governance-minimized design (immutable Morpho Blue core, limited admin scope) reduces but does not eliminate the impact of a quantum-compromised multisig.
- Ethereum's structured PQ roadmap (Lean Ethereum, targeting ~2029 for core PQ infrastructure, EIP-8141 for account abstraction) provides a future migration path that MORPHO token holders and the Morpho DAO can inherit, but no Morpho-specific migration coordination exists.
- The MORPHO token's upgradable proxy architecture would theoretically allow a future PQ-aware upgrade, but no design, specification, or proposal exists.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: No public cryptographic inventory or quantum threat model has been published by Morpho DAO, Morpho Association, or Morpho Labs.
Coverage basis: Absence of evidence across official documentation, GitHub repositories, governance forum, and public communications.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: cap-applying
Quantum blocker: No public cryptographic inventory; Readiness & Risk Cap: 10
Assurance: Absence verified by comprehensive search of official docs, GitHub org, governance forum, and Morpho blog. No quantum-specific content found in any primary source.
The QRI evaluation itself serves as an initial quantum risk assessment but does not substitute for a project-published cryptographic inventory with attack assumptions and affected layers.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: No quantum-specific evidence record (code references, specs, audits, transaction examples, or reproducible analytics) has been published by the project.
Coverage basis: Absence of quantum-related evidence artifacts in any project-published resource.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Existing audit reports (Certora, Spearbit, OpenZeppelin, Cantina, ChainSecurity, Runtime Verification) are classical smart-contract security reviews with no quantum scope.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: All MORPHO token transfers are authorized by standard Ethereum ECDSA signatures on the secp256k1 curve; no PQ or hybrid signature path exists.
Coverage basis: Token inherits Ethereum's ECDSA-based transaction authorization (QRI Section 7.2 Token Inheritance).
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production spend authorization remains entirely ECDSA-only (Readiness & Risk Cap: 40)
Assurance: Verified from Etherscan token contract, GitHub source code, and official docs. Token is standard ERC-20 with no custom signature verification.
Per QRI Section 7.2, the MORPHO token inherits Ethereum's ECDSA vulnerability for base-layer transaction signatures. No token-specific spend-authorization mechanism exists that could be independently upgraded.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: MORPHO token holders use standard Ethereum EOAs or smart-contract wallets; any EOA that has sent a transaction has an exposed secp256k1 public key on-chain (long-exposure, at-rest attack window).
Coverage basis: Token inherits Ethereum's account model; no PQ-native address format or key-derivation scheme exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value exists with no migration path (Readiness & Risk Cap: 55)
Assurance: Ethereum's account model is well-documented. EOAs that have sent transactions have exposed public keys recoverable from ECDSA signatures.
Per QRI Section 7.3, long-exposure at-rest public keys can be attacked offline with no time constraint (harvest now, decrypt later). All MORPHO holders who have ever transferred tokens from an EOA are in this category.
Production Cryptographic Protection
Consensus-critical authentication (validator signatures, VRFs, randomness, block certificates)
Claim: The MORPHO token has no consensus mechanism of its own; it inherits Ethereum's consensus security.
Coverage basis: N/A — ERC-20 token has no validator set, consensus protocol, or block production mechanism.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
While N/A for token-level scoring, Ethereum's consensus layer (BLS signatures, eventually to be replaced by leanXMSS per the Lean Ethereum roadmap) remains quantum-vulnerable. Token holders are indirectly exposed to this risk.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: The MORPHO token's state (balances, total supply, allowances) is maintained by the Ethereum EVM using standard storage; no token-specific state-integrity or data-availability mechanism exists.
Coverage basis: N/A — ERC-20 token has no independent state-integrity commitments, nullifiers, accumulators, KZG commitments, or bridge verification logic of its own.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Privacy and proof layers
Claim: The MORPHO token has no privacy features, shielded transactions, ZK proof systems, note encryption, viewing keys, or stealth addresses.
Coverage basis: N/A — ERC-20 token has no privacy layer.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: The MORPHO token has no P2P network layer of its own.
Coverage basis: N/A — ERC-20 token has no P2P transport, node discovery, or peer authentication mechanism.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows
Claim: Governance is controlled by ECDSA-based Gnosis Safe multisigs: a 5/9 multisig at 0xcBa28b38103307Ec8dA98377ffF9816C164f9AFa and a 3/5 Rewards multisig at 0xF057afeEc22E220f47AD4220871364e9E828b2e9. No PQ/hybrid wallet, custody, or signing workflow exists.
Coverage basis: Multisig signers use standard Ethereum EOA keys with ECDSA; no PQ-safe smart-contract wallet or HSM path is available for governance operations.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Governance multisig signers use ECDSA-only keys; quantum adversary compromising 5 of 9 signers could drain treasury, upgrade token contract, or alter protocol parameters
Assurance: Multisig addresses verified on Etherscan as Gnosis Safe proxies (Safe 1.3.0). Signer identities are public per Morpho governance docs. No PQ-safe smart contract wallet infrastructure (e.g., EIP-8141 PQ accounts) exists on Ethereum mainnet as of evaluation date.
Morpho Blue core contracts are immutable, and governance scope is limited (fee switch capped at 25%, LLTV/IRM whitelisting, treasury control, token contract ownership, ENS management). This reduces but does not eliminate the impact of a compromised multisig.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: 0% of MORPHO token value-at-risk is protected from quantum key-recovery attacks. All ~1B MORPHO tokens (fully diluted) rely on ECDSA for ownership and transfer authorization.
Coverage basis: All MORPHO tokens exist on EVM chains where ownership is controlled by ECDSA keys. No PQ-protected accounts, migration, or native PQ design exists.
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, burn, recovery, or policy path (Readiness & Risk Cap: 55)
Assurance: Coverage confirmed as 0%: no PQ accounts, no hybrid signatures, no migration of any kind. The <25% coverage threshold applies (score 1 of 20). Even the DAO treasury (~35.7% of total supply) and Morpho Labs/Association/Founder/Investor allocations are held in ECDSA-secured wallets.
Exact circulating supply and distribution of tokens between EOA vs. smart-contract wallets could refine the at-risk analysis but would not change the 0% protected conclusion. Dormant, lost, or unclaimed tokens add to unmigratable vulnerable value.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical Morpho wallets (DAO treasury, governance multisig, rewards multisig, association treasury, bridge contracts) have been migrated to or protected by PQ/hybrid cryptography.
Coverage basis: All identified critical wallets use standard Ethereum ECDSA-based accounts or Gnosis Safe multisigs with ECDSA signers.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Major treasury and governance wallets remain quantum-vulnerable with no migration path (Readiness & Risk Cap: 70)
Assurance: Wallet addresses and multisig configurations confirmed from official Morpho docs and on-chain verification.
The DAO treasury holds ~35.7% of total MORPHO supply plus any accumulated protocol fees. Additional allocations to Morpho Association (6.6%), Morpho Labs (6%), founders (15.2%), and investors (27.6%) represent substantial additional quantum-vulnerable value pools.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No identification, measurement, deprecation, or migration of quantum-vulnerable MORPHO token holdings has been performed or published.
Coverage basis: Complete absence of any legacy-pool identification, measurement, or policy mechanism.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Search of Morpho governance forum, docs, and GitHub reveals no proposal, discussion, or analysis related to quantum-vulnerable token holdings or migration.
Per QRI Section 9.3.2, dormant and unmigratable assets (lost coins, abandoned contracts, unresponsive treasuries) should be counted as unprotected where no policy mechanism exists to address them. Morpho has no such policy.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: No quantum migration or protection roadmap exists for the MORPHO token or Morpho governance.
Coverage basis: Absence of any published roadmap, timeline, activation criteria, or dependency analysis for quantum migration.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Verified absence across all Morpho communication channels. The project's public roadmap focuses on protocol expansion (Midnight, multichain deployments, institutional integrations) with no quantum-security workstream.
Ethereum's Lean Ethereum PQ roadmap (targeting ~2029) provides a potential inherited migration path, but Morpho has not published any plan for how it will leverage or coordinate with Ethereum's PQ upgrades.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, and migration prompts
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user warnings, education, or migration prompts exist for the MORPHO token.
Coverage basis: Complete absence of any user-facing quantum migration tooling, defaults, or education.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The Morpho App (app.morpho.org) and documentation contain no quantum-related warnings, migration prompts, or PQ account creation guidance.
Users can still create new ECDSA-only accounts and acquire MORPHO tokens with no quantum risk warning. Per QRI Readiness & Risk Cap table: 'Users can still create new quantum-vulnerable high-value accounts by default' → Max QRI 60.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination: enforcement mechanisms, exchange/custody/bridge/wallet coordination
Claim: No migration enforcement mechanisms exist, and no exchange, custody, bridge, wallet, or infrastructure coordination for quantum migration has been established.
Coverage basis: Complete absence of enforcement mechanisms or ecosystem coordination for quantum migration.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Morpho has institutional partners (Coinbase, Kraken, Anchorage Digital, Fireblocks, Ledger, Société Générale FORGE) but no public coordination with any of them on quantum migration has been documented.
The LayerZero OFT bridge for MORPHO on Arbitrum is currently paused (since ~April 2026). When reactivated, it creates a bridge-specific quantum-vulnerable path that would require coordination with LayerZero for any PQ upgrade.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No quantum-specific emergency disclosure process, incident-response playbook, or governance procedure exists.
Coverage basis: Absence of any quantum-specific incident-response documentation or process.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Per QRI Section 8.2, lack of a formal quantum-specific incident-response playbook does not by itself create a Readiness & Risk Cap. Recorded as an assurance-only caveat. Morpho has a general bug bounty program ($2.5M on Immunefi/Cantina) and governance processes that could theoretically handle quantum incidents.
While a formal quantum-specific IR playbook is absent, this is classified as an assurance-only caveat per QRI Section 7.4 because the absence does not create, preserve, or make unverifiable a current quantum-enabled attack path — the attack path already exists and is scored elsewhere.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms
Claim: No PQC or hybrid-PQC algorithms are used in the MORPHO token or its governance infrastructure.
Coverage basis: All cryptographic operations (ECDSA for signatures, Keccak-256 for hashing) are classical; no NIST PQC standards (FIPS 203, 204, 205) are implemented.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Source code and on-chain bytecode confirm standard Solidity ERC-20 implementation with no PQC library imports or custom cryptographic primitives.
Morpho Midnight whitepaper (May 2026) mentions 'post-quantum schemes' as an optional ratifier signature type, but this is a design option in a not-yet-deployed protocol and does not constitute current production use of NIST PQC standards.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: No independent cryptographic audit covering quantum resistance or post-quantum implementation has been conducted for any Morpho component.
Coverage basis: Existing audits cover classical smart-contract security only; no audit scope includes quantum threat model, PQC algorithm review, or side-channel analysis.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Per QRI Section 8.2, absence of a quantum-specific audit does not by itself create a Readiness & Risk Cap when the quantum-critical property (absence of PQC) is already verifiable from public code and on-chain evidence. Recorded as an assurance-only caveat. Multiple high-quality classical audits exist from reputable firms.
If Morpho were to deploy PQ/hybrid features (e.g., PQ-aware governance multisig), a quantum-specific audit would become necessary to verify Implementation Score.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: The MORPHO token implementation is open-source under MIT license and verifiable on Etherscan.
Coverage basis: Source code available at github.com/morpho-org/morpho-token; verified contract on Etherscan.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Code is publicly available, buildable, and the on-chain bytecode matches the verified source. This subfactor scores the openness of the implementation, not its quantum security.
Full marks for open-source reproducibility of the classical implementation. This does not imply quantum safety.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: The MORPHO token uses an upgradable proxy pattern, enabling future implementation changes, but no PQ-specific upgrade path, parameter agility design, or cryptographic agility documentation exists.
Coverage basis: Token contract is a Transparent Proxy (EIP-1967) with upgradable implementation; no PQ upgrade specification or cryptographic agility plan exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: The upgradable proxy architecture provides a technical pathway for future PQ-aware upgrades but this is an operational capability, not a quantum-security feature. No PQ-specific parameter agility or cryptographic algorithm negotiation is designed or documented.
This subfactor is scored at 0.00 because no PQ-specific upgrade path, parameter negotiation, or algorithm agility is documented. The mere existence of a proxy upgrade mechanism is insufficient to demonstrate quantum readiness.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks
Claim: No stateful signatures (XMSS/LMS) are in use; no PQ hardware signing or custody infrastructure exists.
Coverage basis: N/A — stateful-signature safety considerations only apply when stateful signature schemes are deployed.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Would become applicable if Morpho were to adopt XMSS/LMS-style signatures (e.g., via Ethereum's planned leanXMSS for validators or similar token-level mechanisms).
Algorithm & Implementation Assurance
Performance and resource-impact analysis for PQ signature/verification costs
Claim: No performance or resource-impact analysis for PQ signature deployment has been published.
Coverage basis: Absence of any gas cost analysis, block validation impact study, or resource benchmarking for PQ operations in the Morpho context.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Per QRI Section 8.2, lack of a formal performance/resource benchmark does not by itself create a Readiness & Risk Cap. Recorded as assurance-only caveat.
Ethereum's PQ research indicates PQ signature verification costs ~200,000 gas vs. ~3,000 for ECDSA (per Vitalik Buterin, Feb 2026). This would materially impact MORPHO token transfer costs if PQ signatures were adopted. No Morpho-specific analysis exists.
Report metadata