My Profile
Published on

Morpho 101: Oracle Risk in Permissionless Markets

0xAleksa
0xAleksa@0xAleksaOpacic

Introduction

xUSD/USDC Market

Last week xUSD depegged from ~$1 to ~$0.26. On Morpho Arbitrum's xUSD/USDC market, the oracle kept reporting ~$1.26. Positions never crossed the 91.5% LLTV threshold, so no liquidations triggered. Utilization hit 100%, withdrawals stalled. This is a perfect example of oracle risk in permissionless markets.

xUSD Depeg

Permissionless Markets

Morpho allows anyone to create lending markets. No governance approval needed. You specify five parameters and the market exists:

struct MarketParams {
  address loanToken;
  address collateralToken;
  address oracle;
  address irm;
  uint256 lltv;
}

The oracle parameter accepts any contract that implements the IOracle interface. This interface has one requirement:

interface IOracle {
  function price() external view returns (uint256);
}

That's it. Any contract with a price() function that returns a uint256 can be used as an oracle. Morpho doesn't validate the oracle's accuracy, data source, or update frequency. It just calls price() and uses whatever value comes back.

Once created, markets are immutable. The oracle you choose at deployment is the oracle the market uses forever.

The Oracle Risk

Oracles determine when liquidations happen. The protocol calculates each position's health by dividing the loan value by the collateral value. When this ratio exceeds the LLTV, liquidation triggers. But both values depend on the oracle's price feed.

If the oracle reports the wrong price, positions that should be liquidated appear safe. Liquidators see no profit in the math, so they don't act. Bad positions accumulate, utilization hits 100%, withdrawals stall. In permissionless markets, users bear this risk entirely.

The Morpho frontend only shows the current oracle price:

Market Details - Oracle Price

To find the oracle address itself, you need to query via GraphQL:

Oracle Address via GraphQL

Even then, reverse engineering which oracle implementation is being used and how it sources data is not straightforward.

Conclusion

In permissionless markets, the oracle presents the biggest risk. The xUSD case proves it. In my previous post, I mentioned adaptive rates operate within the constraints of oracles. This is what happens when those constraints fail.