In lending protocols, what is the lifeline? It's not LTV, it's not the interest rate curve, it's the oracle. The oracle is the 'voice of God'; it tells the protocol 'your collateral is worth this much right now.' Once this voice is wrong, the entire protocol will be liquidated and drained.
Aave's attitude towards oracles is 'strict defense.' It has established a robust governance mechanism to review, approve, and manage the sources of oracles, essentially locking them to Chainlink.
The design of Morpho Blue took my breath away: it decentralized the oracle's 'granting authority.'
The first insight: 'oracle' is just a parameter creator.
In Aave, oracles are 'protocol-level.' In Morpho Blue, oracles are 'market-level.'
When anyone creates a Blue market, the createMarket function requires you to pass in several parameters, one of which is the oracle. This is an address.
This means that you can decide which oracle to use.
You can use Chainlink, you can use Redstone, or you can use an address of some contract written by your neighbor and deployed on the testnet (as long as it implements the IOracle interface).
The flexibility brought by this design is terrifying.
For example, I want to create a 'BAYC / APE' market. Chainlink does not have this price feed. But I can write my own oracle to read the floor price and use this oracle to launch the market. Aave can never do this.
The second insight: extreme isolation of risk, and the LPs' due diligence responsibilities.
This flexibility also brings extreme risk.
If I create a "WBTC / USDC" market with an LTV of 90%, but the oracle used is one I control.
As an attacker, I can deliberately set the price() of WBTC in my oracle to 100 million dollars. Then I deposit 0.1 WBTC (worth 10 million dollars) and borrow all the USDC in this pool.
Or conversely, I can set price() to 1 dollar. All those who collateralized WBTC in this market will be instantly liquidated, and their collateral will be seized.
Morpho's defense mechanism is still the same: risk isolation.
This 'fake oracle' market collapsed, and the losses were only for those LPs who (naively) provided USDC liquidity to this specific market. It would not affect the adjacent 'true' market of "WBTC / USDC" that uses the Chainlink oracle.
This raises a critical question: LPs' responsibilities have increased.
In Aave, you don't have to worry about oracles; the DAO manages that for you. In Morpho, you (or the MetaMorpho manager you trust) must conduct due diligence before depositing money into a Blue market: which oracle is being used for this market's TM?
This design of Morpho shifts the trust of 'protocol governance' entirely to trust in 'market parameters.' It assumes that market participants are rational and professional, and will verify themselves.
This makes Morpho feel like a 'dark forest.' Inside, there is gold, and there are toxic baits.
Therefore, the core competitiveness of the future MetaMorpho Vault may not just be the yield, but also 'risk control capabilities.' Which Vault can identify those 'toxic' Blue markets (like those using suspicious oracles) the fastest and most accurately, and blacklist them, is the one that will survive.
@Morpho Labs 🦋 Labs 🦋