# Morpho's First Security Competition, Hosted by Cantina By [Morpho](https://paragraph.com/@morpho) · 2023-11-08 --- Morpho Labs has teamed up with [Cantina](https://cantina.xyz/welcome) for the inaugural security review competition hosted on their new platform built by security researchers for security researchers. The competition at a glance: * November 13th 10:00 UTC to December 4th 10:00 UTC * $200k total prize pool * 3000 lines of immutable code The scope includes [Morpho Blue](https://x.com/MorphoLabs/status/1711744126184747077?s=20), [MetaMorpho](https://x.com/MorphoLabs/status/1716816745221271652?s=20), and their relevant peripheries, which we will dive into further detail below. Not only is this competition a first of its kind for Morpho, Cantina, and the community, but it also brings us one step closer to the launch of Morpho Blue on Mainnet. ### Morpho Blue and MetaMorpho Morpho Blue and MetaMorpho form part of the vision to rebuild decentralized lending in layers, with MetaMorpho enabling any lending experience to be rebuilt on a shared and immutable base layer: Morpho Blue. Morpho Blue is a trustless lending primitive that offers unparalleled efficiency and flexibility. It enables the creation of isolated lending markets by specifying any loan asset, any collateral asset, a liquidation LTV (LLTV), an oracle, and an interest rate model. MetaMorpho is a protocol for lending vaults built on Morpho Blue. Anyone can create a vault that allocates to multiple Morpho Blue markets. Each vault is curated to provide suppliers with tailored risk exposures, better yields, and greater transparency. For more information visit the [documentation hub](https://morpho-labs.notion.site/Morpho-Blue-Documentation-Hub-External-00ff8194791045deb522821be46abbdc). ### The scope The scope includes ~3000 LOC consisting of the core contracts for Morpho Blue and MetaMorpho plus the Interest Rate Model (IRM), Oracle implementation, bundler contracts, rewards distributor, and ERC20 gated wrappers: 1. [Morpho Blue](https://github.com/morpho-org/morpho-blue) — 847 LOC 2. [Morpho Blue IRM](https://github.com/morpho-org/morpho-blue-irm) — 134 LOC 3. [Morpho Blue Oracles](https://github.com/morpho-org/morpho-blue-oracles) — 92 LOC 4. [MetaMorpho](https://github.com/morpho-org/metamorpho) — 642 LOC 5. [Morpho Blue Bundlers](https://github.com/morpho-org/morpho-blue-bundlers) — 983 LOC 6. [Universal Rewards Distributor](https://github.com/morpho-org/universal-rewards-distributor) — 181 LOC 7. [ERC20Permissioned](https://github.com/morpho-org/erc20-permissioned) — 55 LOC ### Prize distribution and scoring Of the total prize pool, $100k is allocated to the Morpho Blue core contract, with the remaining $100k assigned to the rest of the scope. The prize distribution works as follows: * Security reviewers will score points for each finding. * Prizes are distributed proportionally to the number of points scored. * A High Severity is worth 9 points, and a Medium Severity 3 points. * Duplicate findings will be resolved using a scoring formula that incentivizes unique findings. * 10% of the prize pot is reserved for Low Severity or informational findings that will be ranked and awarded on a curve. All details on the scoring formula will be available on the Cantina competition page before going live. [Cantina](https://twitter.com/cantinaxyz) is also hosting a live code walkthrough this Thursday at 6.00 PM CEST. Remember, you need an invitation to join the Morpho security competition. So, reach out to [Merlin](https://twitter.com/MerlinEgalite) to get an invite if you are interested in participating! To stay up to date with Morpho and future announcements, follow [Morpho Labs.](https://twitter.com/MorphoLabs) --- *Originally published on [Morpho](https://paragraph.com/@morpho/morpho-s-first-security-competition-hosted-by-cantina)*