sherlock · morpho-blue | Finquill Node

Morpho Blue — Sherlock vault curator audit

[PUBLISHED]

· sherlock · morpho-blue

sherlock · morpho-blue

// sherlockprotocol: morpho-bluepublished: May 10, 2026source →

Sherlock's May 2026 Morpho Blue curator audit identified a high-severity front-running window during pending withdrawals. Curators with access to vault parameter updates should declare a 24h timelock; users with active redemptions should avoid vaults without timelocked curator roles.

// findings · 1

[HIGH]
Curator role can update vault parameters during a pending withdrawal, allowing front-running of redemptions.
MorphoVault.curatorUpdateredemption queue
Curator role can update vault parameters during a withdrawal, front-running a redemption to extract value.
ref: H-01
affects:morpho-curatorvault-supply

// why this might be wrong…

▸This brief was generated by a multi-pass LLM editorial pipeline. Findings reflect public source material at the time of synthesis.
▸Confirm against the original audit firm source before acting on any individual finding.
▸Severity classification has been normalized across firms — the source firm uses its own scale.