Regarding the "Morpho lost about $230,000 due to oracle configuration errors", Morpho responded on X: "The protocol provides a permissionless infrastructure and an open market for risk curation. Although the risk management layer occasionally makes mistakes, the underlying protocol remains secure and resilient. We will continue to equip managers (curators) with powerful tools to reduce such possibilities and impacts.
This isolated issue stems from an unlicensed market and a misconfigured price oracle. As far as we know, the risk manager has recovered most of the funds and is working to ensure that all lenders are repaid.
Looking forward, we believe it is important to distinguish between potential smart contract vulnerabilities and mistakes in the risk management layer, just as misconfigurations on Uniswap are not considered attacks on the protocol itself."
Earlier today, Chaos Labs founder omer said on the X platform that the PAXG/USDC market on Morpho lost about $230,000 due to oracle configuration errors.
Specifically, the Oracle SCALE_FACTOR on Morpho was misconfigured and failed to take into account the difference between USDC (6 decimal places) and PAXG (18 decimal places), which resulted in a 12-digit inflation of the PAXG price. The attacker deposited $350 in PAXG and borrowed $230,000 in USDC.