Skip to main content
Morpho is built on a non-custodial architecture: your assets are held by smart contracts on-chain, not by Morpho DAO or Dynamo DAO. That design is the foundation of how your funds stay safe, but it also means you carry responsibility for understanding the risks that remain.

Morpho’s audited contracts

Dynamo provides access to markets and vaults run on Morpho smart contracts, one of the most audited and battle-tested lending infrastructures in DeFi. Morpho’s core contracts have been reviewed by multiple independent security firms, and their audit reports are publicly available. By building on Morpho, Dynamo inherits that security foundation rather than reinventing it.
Dynamo does not and cannot modify Morpho’s smart contracts. The same audited smart contracts that power Morpho.org power Dynamo Finance.

Dynamo-specific audits

In addition to Morpho’s upstream audits, Dynamo’s own contracts, including fee splitters, reward distribution logic, and access control mechanisms, are independently audited before deployment. No Dynamo contract goes live without a completed audit from a reputable security firm.

Multisig controls

All sensitive protocol actions, changing fee settings, or moving treasury funds, require approval from a multi-signature wallet. No single key or team member can unilaterally make changes.

Bug bounty program

Dynamo operates a bug bounty program that rewards security researchers for responsibly disclosing vulnerabilities. If you discover a potential issue, report it through official channels before disclosing publicly, this gives the team time to investigate and patch without putting user funds at risk.
Do not attempt to exploit a vulnerability. Unauthorized exploitation, even with intent to return funds, may have legal consequences.

Non-custodial architecture

When you deposit into Dynamo, your assets move into audited smart contracts that execute autonomously on the blockchain. Dynamo has no ability to freeze, seize, or redirect your funds. Access to your assets is controlled by your wallet keys alone.
You retain custody of your assets at all times through your wallet keys. As long as you control your private key or seed phrase, you control your funds.
This is meaningfully different from centralized finance. No counterparty holds your assets on your behalf, and no platform policy can block your withdrawal.

Limitations of audits

Audits substantially reduce risk, but they do not eliminate it.
A completed audit does not guarantee the contract is free of vulnerabilities. Auditors review the code available at a point in time, new code, new integrations, or novel attack vectors discovered later are not covered by past audits.
No DeFi protocol has ever been made risk-free by an audit. Treat audits as evidence of diligence, not a warranty.

Liquidation mechanism

The liquidation mechanism is what keeps the protocol solvent. When a borrower’s position becomes undercollateralized, their debt value rises too close to their collateral value, liquidators can repay part of the debt in exchange for a portion of the collateral at a discount. This process protects all suppliers in the market by ensuring debts don’t exceed the collateral backing them.

How Dynamo mitigates risk

RiskMitigation
Smart contract bugsIndependent audits, ongoing security reviews
Market over-concentrationRisk Dashboard
Collateral mispricingVerified oracle integrations
Bad debtLiquidation mechanism
Unverified tokensPermissioned market listing process
Even with all mitigations in place, diversifying across multiple protocols and asset types reduces your exposure to any single point of failure.