Published: October 19, 2023
Money markets are one of the few market verticals that have found organic demand and managed to find product-market fit in crypto. Without lending protocols, DeFi would be severely limited. Lending and borrowing protocols allow users to passively earn yield on their deposits, and gain leverage on an asset by providing it as collateral and borrowing against it, hedge positions, or short-sell assets.
However, they are also one of the most complex codebases to build and design from a risk management perspective. Not only do they have to deal with timely and proper incentives liquidations, but they also must manage a large series of parameters, perform frequent risk assessments for collateral assets, regularly monitor and update critical parameters… All of this gets even more complicated when dealing with DAOs and overseeing highly specialized quantitative tasks in a decentralized setting.
Permissionless lending/borrowing is and will continue to be a killer use case for DeFi. In this context, the network effects and resilience of the oldest protocols, Aave and Compound, have helped them stand out against competitors and retain market share, even reaching a state of profitability and removing all sorts of liquidity mining incentives (although not fully in the case of Compound). Even though some protocols like Euler managed to gain some market share in the past they never really disrupted the market leaders, even with incentives and offering highly leveraged strategies.
At this point, the only way to compete against the incumbents is to enable unique features, such as the permissionless ability to create borrow/lending markets for any asset. This is a very powerful value proposition, but it comes with the tradeoff that not all market creators are experts in quantitative finance or risk management.
Another feature that is becoming more prevalent over time is the concept of isolated pools, which allow for better risk management. Not only Morpho Blue, but other upcoming projects like Instadapp Fluid, Euler v2, and Ajna are also implementing this.
Nevertheless, Morpho entered the main stage last year becoming a borrow/lending aggregator or rates optimizer. With its matching engine, Morpho entered the market offering better rates for both borrowers and lenders. The value proposition was simple: lower borrow rates for borrowers and higher supply rates for lenders. Being matched on Morpho is just a better deal for both parties and in the worst case that a match is not found for a position, the capital will be borrowed/supplied from/to the underlying money market (Aave or Compound).
As an example, consider InstadApp’s Lite Vault, which optimizes returns for depositors by actively looking for the lowest borrowing costs. The majority of the TVL is allocated to Morpho as a result.
After so many development efforts and integrations building on top of existing credit markets, Morpho has learned the ins and outs of lending markets. These learnings have materialized in the latest release of the protocol, Morpho Blue.
Since its inception, Morpho has made lending and borrowing more resilient, efficient, and open. Morpho Optimizers were the first step in the right direction, but Morpho’s mission does not stop there.
Initially developed on top of Aave and Compound to improve interest rate modeling efficiency, it became apparent that these existing platforms were not sufficiently scalable, efficient, or resilient for the next level of adoption. This realization prompted the need for Morpho to metamorphose into a fully autonomous platform.
With Morpho Blue, Morpho enters the competitive landscape of money markets in DeFi with a simple yet powerful thesis: decentralized lending needs a trustless base layer. This will be achieved with a modular architecture where market participants will be able to express their risk preferences and set parameters in a permissionless manner.
Morpho Blue introduces a trustless, yet highly efficient primitive. Key features include the separation of core logic from risk management, permissionless market creation, and oracle agnostic pricing. The protocol also facilitates higher collateralization factors, improved interest rates, and reduced gas consumption.
Alongside DEXs and staking, lending markets are one of the core building blocks of DeFi. To understand the potential for growth and room for innovation, we will start by looking into what’s already working and identifying areas where improvement is needed.
On the positive side, Aave and Compound platforms have successfully centralized liquidity, creating a unified pool for users. This consolidated approach benefits borrowers by offering deep liquidity and lenders by ensuring a reliable exit strategy. The user experience is intuitive and frictionless as well, hiding the substantial engineering and risk management efforts required behind the scenes. This makes it possible for users to easily deposit assets to earn interest and withdraw funds without hassle.
On the flip side, there are multiple trust assumptions involved when offering such a passive user experience. Most of the time users tend to underestimate the complexity of monitoring and adjusting risk parameters, which are crucial for platform security. A minor misadjustment in parameters can lead to the protocol accruing bad debt. The Aave DAO alone manages over 600 risk parameters, with limited transparency to the calculation of proposed values.
This “decentralized broker model”, while intuitive and user-friendly, faces increasing challenges as it grows. In this context, balancing centralization, scalability, efficiency, and risk becomes increasingly complex. This results in suboptimal capital efficiency, rate spreads, and ever-growing risks for users.
Most lending protocols rely on a DAO to set a single risk profile for all users. Usually, there is a specialized risk management team with expertise in quantitative finance. This team will run a series of simulations and set up monitoring systems that they use for reference to set risk parameters. A proposal is submitted to the governance forums of the DAO and, after that, token holders will approve or disapprove. This involves a broad spectrum of settings such as liquidation penalties, interest rate adjustment, allocation of debt ceilings, onboarding/offboarding of collateral…
Even though many people associate Aave’s dominance with their brand, we cannot underestimate the importance of execution. For reference, Aave handles 600+ risk parameters, while Compound only handles 100+. This shows that in the current lending pool paradigm, platforms scale with automation and engineering behind the scenes.
After all, there are valid reasons to justify why most lending platforms are managed by DAOs, and this is also a large portion of their historical success:
While there is still room for improvement for traditional lending models, decentralized lending still needs a 100x improvement in order to compete with traditional lending rails.
The growth of decentralized lending has stagnated due to limited use cases outside of looping strategies, often based on using yield-bearing assets as collateral to borrow, and then swapping for the yield-bearing asset to repeat the process over and over again. This is largely influenced by the lack of flexibility to enable different risk profiles. There is an obvious lack of nuance: a user borrowing at 20% LTV is far less risky than a user borrowing at 80% LTV – yet on Aave or Compound they would pay the same borrow rate. This disincentives low-risk borrowers as well as conservative lenders who would like to lend only against blue chip assets like $BTC or $ETH. Additionally, if you are building on top of these money markets, now your application must adopt the underlying one-size-fits-all risk profile as well.
One of the most noticeable challenges in current designs is misaligned incentives. There are situations that make it evident that protocols like Aave and Compound must deal with a clearly defined principal-agent problem. This often results because the risk consultants that advise the DAO must take actions on behalf of end-users and vice versa.
For instance, the risk consultants want their contracts to continue being renewed on a recurrent basis, hence why they protect their intellectual property and don’t publicly share their resources and frameworks. At the same time, token holders are not necessarily experts or have experience dealing with risk management. This makes it difficult for them to determine if risk managers are doing a good job.
Relying on a DAO to set a single risk profile for all users is also inflexible. Perhaps a risk-management service provider like Gauntlet wants the overall risk profile to be moderate while some users might prefer a more risk-taking approach. Similarly, it is also worth asking the question about how sustainable it is over a long period of time to outsource such intrinsic work.
It is not sustainable to rely on DAO governance to continually update protocol parameters. Effective risk management demands both expertise and agility to implement changes in a timely manner. This is often not the case with DAOs, which are slow to make decisions and also suffer from voter apathy.
Even though setting parameters could be automated, the number of parameters is also likely to increase. More risk parameters must be monitored and adjusted as more features and markets are supported. From a service provider’s perspective, this means more headcount and resources, which is an impediment to economies of scale – risk management complexity grows with the number of user options available.
Permissioned asset listings are also a large blocker for scalability. The standard lending market that characterizes Aave and Compound v2s involves cross-collateralized pools where the bad debt from one asset impacts the entire protocol, as we will illustrate with an example in the next section. This results in the DAO being more restrictive about the assets that are listed. Hence, there is a market gap that needs filling: permissionless asset listings.
One of the greatest strengths of DeFi is composability. An example of this is achieved by increasing the overall capital efficiency using yield-bearing assets as collateral. The yield earned by the collateral reduces the borrowing costs as well as the opportunity cost of holding that asset. While it is simple for money markets to come up with conservative risk parameters for large liquid assets like $stETH, there is still a market opportunity for protocols to go the extra mile with yield-bearing assets such as Sommelier’s RYETH or RYUSD, or even tokenized treasuries from RWAs originating from projects like Ondo or OpenEden.
When a protocol attempts to build a base liquidity layer and become a foundation for others to build on top of, it becomes increasingly important to consider what portion of the codebase is truly immutable. More specifically, upgradeable code often results in an unstable base layer where the actual building blocks end up becoming a moving target, breaking integrations with every minor code upgrade.
For integrating protocols it becomes very challenging and resource-intensive to put deliberate efforts into monitoring all code changes and react accordingly. This is why building primitives with immutable code is critical. More specifically, this code must favor simplicity and remain as unopinionated as possible. This helps the protocols build on top by allowing them to make the design choices of their choice.
Additionally, the simplicity of the code will ensure that the codebase can be trusted and increase the degree of confidence that it is bug-free, which is critical when the code is immutable and must last forever. Morpho Blue is only slightly more than ~650 lines of code, 525 of them being in Morpho.sol and the remaining being internal libraries.
To understand the complexity involved with managing the complex codebases underpinning money markets in a decentralized manner, we will start by providing an example.
On June 12th, Gauntlet advised the Aave Dao to freeze $CRV and adjust the LTV for $CRV to zero on Aave v2 in response to a large loan taken by Michael Egorov, the founder of Curve. This wallet address had borrowed approximately $63 million in USDT against collateral of 288 million ($180 million) in $CRV, while the 288 million $CRV tokens represented more than 30% of the circulating supply. By freezing $CRV on Aave v2, Michael would have an incentive to either reduce borrowing or diversify his collateral with other tokens. Essentially, the goal was to prevent Aave from accruing bad debt due to the declining liquidity of $CRV on exchanges.
However, the DAO unanimously voted against this recommendation, despite Gauntlet clarifying that they have no intention to restrict the activity of any particular address. Instead, their idea was to migrate the position to Aave v3, which allows for optimal risk parameters. At the time, the loan maintained a health factor of 1.6, and the community decided to support the Curve founder, indicating that there was no risk of bad debt for Aave.
Weeks later the position was under liquidation pressure as a result of a bug in the Vyper compiler, which affected some Curve pools, along with a decline in the price of $CRV. This resulted in the founder of Curve raising $42.4 million in an OTC deal where he sold $CRV tokens at a price of $0.40 to pay off $80 million in on-chain debt. This amount has continued to increase over time.
The example above already shows evidence of how problematic it can be to rely on a DAO to set such critical parameters. Even if the recommendations of a specialized risk management team are in the right direction, this might go against the interest of the community of token holders.
Some of the prevalent discussions to improve DAO-based risk management have focused on automating the process of setting parameters, as well as redesigning the actual underlying mechanism. On this note, it is worth introducing the concept of market governance, which differs from the standard notion of DAO governance.
The idea of market governance was introduced by OneTrueKirk, founder of former Volt Protocol now rebranded to Ethereum Credit Guild.
“Under token-voting governance, with 51% of the tokens you have 100% control of the protocol. Under market governance, with 51% of the tokens you have 51% control of the protocol”.
Having identified those features that need improving is what allowed protocols like Morpho to identify how decentralized lending can reach its full potential.
From a protocol built atop others, Morpho has initiated its metamorphosis – the transition to become the foundation upon which DeFi lending will be reconstructed.
Morpho Blue introduces isolated lending markets with a minimalistic design. A market can be created by specifying just one loan asset, one collateral asset, a liquidation Loan-To-Value ratio (LLTV), and an oracle.
To create a market, users must simply specify a loan token, a collateral token, an oracle, an LLTV (Liquidation Loan-To-Value ratio), and an IRM (Interest Rate Model). LLTV and IRM options are chosen from governance-defined collections.
Once a market is created, suppliers deposit the loan token into the smart contract, while borrowers provide collateral to secure their loan. The Loan-To-Value ratio (LTV) can go up to the market’s Liquidation Loan-To-Value ratio (LLTV). Beyond this limit, the account becomes eligible for liquidation. Asset prices are determined by the market’s oracle, and borrowers pay interest based on the market’s Interest Rate Model (IRM).
The underlying design is aligned with the ethos of crypto by building a trustless base layer based on immutable code. Under no circumstances can $MORPHO token holders halt the operation of a market or manage funds on behalf of market participants. The protocol does not restrict the availability of oracle sources or impose any specific implementation.
Nonetheless, it is worth noting that Morpho Governance has the ability to expand the range of LLTV and IRM options available for market creation. Additionally, governance can also set a fee ranging from 0 to 25 bps of the total amount of interest paid by borrowers.
Morpho Blue completely separates the protocol itself from the risk management aspects associated with each market. This favors a modular approach where other money markets can build on top of this immutable and primitive layer. The founders of Morpho have reiterated on multiple occasions that “Morpho Blue does less, to enable more extensibility.
As we explained above, one of the paramount challenges in DeFi lending has been the bottleneck created by DAOs responsible for risk management. This approach significantly restricts the number of supported assets and confines users to a single risk-return profile. However, Morpho Blue, as a primitive protocol, eliminates these limitations.
To mitigate the issues of extra complexity in user experience and liquidity fragmentation, Morpho Blue allows for the rebuilding of management layers on top of its foundational framework. These management layers can serve to re-aggregate liquidity and offer users a passive and diversified exposure experience, catering to those who prefer a less involved approach.
In the context of a lending protocol, having precise price information is crucial. This information is typically derived from trading markets, whether they exist within the protocol itself or externally.
External price feeds come in various designs, each with its own accuracy and security properties. Some oracles can provide frequent and accurate price updates, but they may be criticized for their centralization or susceptibility to manipulation, making them less suitable as the core pricing mechanism for a lending protocol.
Some DeFi protocols have sought to enhance resilience by eliminating reliance on oracles and directly incorporating pricing mechanics into their core functionality. However, this approach introduces complexity, increases gas costs, and limits the protocol’s auditability and security because it must simultaneously manage trading and lending mechanisms.
Morpho Blue maintains a distinct focus on lending, rather than combining trading and lending functionalities. As a result, Morpho Blue is not an oracleless protocol. Instead, Morpho Blue also externalizes oracle risk. This ensures that the protocol remains robust and reliable in obtaining asset prices from oracles, without being burdened by direct oracle management.
As a primitive layer, the protocol does not include a built-in oracle or trading mechanism. The choice of which oracle to rely on is left entirely to the users, who select the corresponding markets to interact with based on their preference for a particular oracle’s reliability and performance.
In the context of Morpho Blue, the Loan-To-Value ratio (LTV) represents the current ratio of the value of the borrower’s debt to the value of their collateral. Additionally, the Liquidation Incentive Factor (LIF) determines the bonus percentage awarded to the liquidator during a liquidation event.
The health of a borrower’s position is categorized as follows:
For example, in a market with LLTV = 0.8 and LIF = 1.1, consider a position with $1000 as collateral and a $750 debt. Initially, it cannot be liquidated. However, if the debt grows to $850, liquidators can repay all the debt and retrieve part of the collateral. If the debt further increases to $950, liquidators can take all the collateral, repaying only a portion of the debt, which results in bad debt.
The impact of bad debt on lending platforms and the approach to managing it vary across different mechanisms. Aave and Compound, for instance, do not account for bad debt. In such cases, the last lenders to withdraw from the pool bear the entire loss, potentially leading to a bank run on the lending pool and the platform’s collapse. Their respective DAOs managing lending pools have implemented various measures to mitigate this existential risk, such as compensating for bad debt through fees or treasury funds like in the case of stkAAVE, purchasing insurance, or building a trusted brand.
Morpho Blue, however, takes a distinct approach by accounting for bad debt. When a liquidation occurs on Morpho Blue, if the borrower has outstanding debt but no collateral, the losses are socialized proportionately among lenders, resulting in an immediate loss for lenders. In the event that liquidators do not fully liquidate the position and do not account for bad debt, lenders can temporarily withdraw their funds (if there is enough liquidity) to cover the default without incurring losses. As for future users, if there is unaccounted bad debt in the pool, they can account for it before safely entering the market. This allows Morpho Blue markets to continue running indefinitely in a trustless manner, regardless of market conditions.
In conventional lending pools, governance has the authority to establish supply caps. These caps serve to limit the total amount of a specific collateral that can be supplied to the pool. One common use of supply caps is to manage the exposure of lenders’ funds to each collateral, especially in scenarios where multiple collaterals are involved. Additionally, supply caps are sometimes employed to ensure that the size of the market remains below a certain threshold, which can help guarantee sufficient liquidity for liquidations.
However, relying solely on supply caps has limitations. For instance, an external market composed of the same assets as the lending pool can grow independently, challenging the assumptions made about liquidity and rendering supply caps less effective. This dynamic can make the guarantees provided by supply caps irrelevant in certain situations.
Morpho Blue takes a fundamentally different approach by not implementing supply caps in its lending markets. Instead, the protocol empowers lenders to achieve granular control over their exposure to different collateral assets by distributing their supplied volume across various Morpho Blue markets.
This way, lenders have the option to delegate the management of their exposure and risk to experts in the field. This delegation allows users to effectively manage their exposure without the need for supply caps, ensuring that they maintain control over their lending activities in a manner that aligns with their risk preferences and objectives.
While only having ~650 lines of code, the codebase represents an open and highly expressive layer for advanced DeFi integrations. Morpho Blue introduces a singleton contract that encompasses all protocol pools, callback functions, free flash loans, and account management.
One of the primary challenges in multi-asset lending pools is the imperative to maintain continuous liquidity in the markets. Since collateral assets lent out may need to be liquidated at any given time, it’s essential to ensure a consistent level of liquidity within the pool. Failure to do so puts other markets at risk of bad debt, potentially leading to adverse consequences for users. This scenario typically arises when markets are highly utilized for extended periods, resulting in larger spreads and spikes in interest rates.
In Morpho Blue, a pivotal distinction is that borrowers’ collateral is not lent out to other borrowers but instead remains fully liquid within Morpho Blue’s smart contract.
This approach has several notable advantages:
Loan-to-Value Ratios (LLTVs) play a critical role in multi-asset lending pools, determining the level of collateral required for each loan. In traditional setups, a single LLTV is typically assigned to each collateral asset, irrespective of the specific loan asset being used. However, this approach can lead to certain challenges and trade-offs:
To address these challenges, some lending protocols, such as Aave in its v3 version, introduced efficiency and isolation modes. These modes offer partial solutions by allowing for different LLTVs based on the loan asset and collateral asset pair. Similarly, Euler introduced the concept of a “borrow factor” to account for these variations.
In contrast, Morpho Blue adopts a distinct approach by defining LLTVs for each market with one specific loan asset and one collateral asset. This approach eliminates the need to compromise between risk on uncorrelated loan assets and inefficiency on correlated assets. Instead, it allows for more precise and tailored collateral ratios for borrowers.
This results in:
Liquidations are a critical aspect of decentralized lending protocols, ensuring the safety and stability of their markets. In Morpho Blue, the protocol employs a specific approach for determining the liquidation incentive and close factor, balancing the interests of borrowers and lenders while prioritizing safety and efficiency.
The most important concept is the LIF (Liquidation Incentive Factor), which defines the reward given to a liquidator when they perform a liquidation by repaying the borrower’s debt and receiving collateral in return.
Setting the right LIF involves a fundamental trade-off between the interests of borrowers, liquidators, and lenders:
Morpho Blue takes a static approach to set the liquidation incentive factor per market. The chosen LIF value depends on the Liquidation Loan-To-Value ratio (LLTV) of the market, following this formula:
Where maxLIF=1.15 and cursor=0.3
This formula aims to strike a balance between incentivizing liquidators adequately and ensuring there’s a sufficient margin to liquidate the borrower without incurring bad debt. Morpho Blue’s approach ensures that the liquidation process remains attractive to liquidators while safeguarding the interests of lenders
In contrast to some protocols that implement a “close factor” to determine the proportion of debt that can be repaid during liquidation, Morpho Blue does not have a close factor. This means that when an account is liquidatable, its entire position can be fully repaid.
Morpho Blue utilizes a singleton contract design, where all markets of a given chain reside within a single smart contract.
This architectural pattern offers several advantages:
On the flip side, there might be some security tradeoffs:
As well as some disadvantages such as reduced flexibility, as it can be difficult to make changes to the contract without affecting all of the markets that it supports. However, this is not a concern in Morpho Blue because of the code immutability.
In Morpho Blue’s ‘supply,’ ‘supplyCollateral,’ ‘repay,’ and ‘liquidate’ functions, a callback to the user can be executed before the token transfer to Morpho Blue. This callback enables users to perform custom actions before the token transfer takes place, including re-entering the Morpho Blue protocol.
Callbacks allow users and integrators to customize their interactions and perform advanced operations, usually benefitting from reduced gas costs as well. For instance, this eliminates the need for external flash loans.
Morpho Blue’s singleton architecture includes a free flash loan function. Flash loans are a unique feature of DeFi that allows borrowers to access loans without collateral, provided they are repaid in the same transaction.
The singleton design grants flash loans access to the liquidity and collateral of all markets simultaneously. This feature is valuable for various DeFi activities, such as liquidations, leveraged trading, and arbitrage.
Morpho Blue incorporates a robust authorization system that empowers users to grant permissions on their positions to any address. Authorized addresses can perform actions on behalf of the authorizer, including borrowing, withdrawing, and managing collateral.
This authorization system can be managed in two ways:
In terms of licensing, the code is released as BSL 1.1 (Business Source License) under the name of the nonprofit Morpho Association but controlled by Morpho Governance. Unless it is changed by governance, the license will convert to GPL after two years. The code turns into GPL if fee is activated as well.
Critics have noted that externalizing risk management might carry out negative and unforeseen consequences, as a result of pushing risks too much to the edges.
Morpho Blue separates risk management from the protocol. Anyone is free to create a lending market and build risk management abstractions on top to enable passive and risk-adjusted lending. Aave, Compound, or any other money market can, therefore, be built on top of Morpho Blue.
Building an open and permissionless base layer with immutable code is an ambitious goal and certainly won’t be simple to achieve, but even if Aave v4 is not built on top of it, it is still a worthwhile effort.
Repeat after me anon:
Dropping 👏 the 👏 risk-management 👏 hot potato 👏 to your clueless users 👏 is not "DeFi 3.0" 👏 nor an upgrade of any kind. 👏
— Marc “Chainsaw” Zeller 👻 🦇🔊 (@lemiscate) October 10, 2023
Ultimately, distilling lending protocols down to an immutable layer requires others to provide risk management or even permissioned services on top. In the end, the base layer is intended to remain agnostic, since it provides the necessary infrastructure for risk managers to do their job.
The current $MORPHO token is non-transferrable, but that can be enabled through governance.
In just a year, Morpho became the third-largest lending protocol on Ethereum, with over $850 million in supplied assets. You might have even used Morpho and not realized that you were using it. However, under the hood, Morpho underpins a large part of the DeFi activity that takes place on Ethereum.
Morpho is integrated into Smart Wallets and DeFi hubs like Instadapp, OKXWeb3, Indexcoop or DeFiSaver, yield protocols like Sommelier (RYETH and RYUSD), Enzyme, Origin Protocol ($OUSD and $OETH), Idle Finance
The ecosystem is poised to grow exponentially due to the nature of Morpho Blue since the code is meant to build on top of it.
Morpho raised ~$18M in a funding round co-led by a16z and Variant.
All protocol fees, coming from interest paid by borrowers currently go to depositors, and the protocol does not collect any revenue
Current models for money markets do not unlock the full potential to reach economies of scale and satisfy borrowing demand that goes beyond leverage and looping strategies.
There is no one-size-fits-all strategy for all market participants. As a result, a DeFi primitive must be built to explicitly enable lending markets to develop and thrive in a permissionless setting where each lender/borrower will define its own risk preferences.
Designing from first principles, Morpho Blue enables the creation of any risk profile. By building a trustless base layer for lending and borrowing, Morpho Blue unlocks more demand for decentralized lending and satisfies the full spectrum of risk appetites, making it one of the most versatile solutions to date.
Just like the Internet, Morpho Blue now joins Uniswap v4 and their vision that DeFi should operate with specialized layers built on open, trustless, and immutable protocols.
Revelo Intel has never had a commercial relationship with Morpho and this report was not paid for or commissioned in any way.
Members of the Revelo Intel team, including those directly involved in the analysis above, may have positions in the tokens discussed.
This content is provided for educational purposes only and does not constitute financial or investment advice. You should do your own research and only invest what you can afford to lose. Revelo Intel is a research platform and not an investment or financial advisor.