Security Insights

Deep dive into DeFi security research, vulnerability analysis, and best practices from the Taichi Audit team.

Internals SeriesNew Drop

Morpho source code walkthroughs

Purpose-built notes for DeFi engineers: annotated flows, risk handoffs, and math behind Morpho Blue.

5 parts live • Morpho Blue

Internals series

A deep-dive into the Morpho codebase. This is a line-by-line level walkthrough that you rarely find elsewhere.

View the seriesStart at Part 1
Pendle Internals • coming soonBalancer V2 Internals • coming soon

All Articles(10)

Why Anchor Accounts Go Stale After CPI (and When to Reload)
Solana

Why Anchor Accounts Go Stale After CPI (and When to Reload)

In Anchor, `Account<T>` is a cached snapshot of account data. After CPI, the runtime account changes but your cached view does not—unless you `reload()`.

SolanaSecurityAnchor
January 09, 2026
10 min read
How init and init_if_needed work under the hood and the associated token account griefing attack
Solana

How init and init_if_needed work under the hood and the associated token account griefing attack

A deep dive into how Anchor’s #[account(init)] and #[account(init_if_needed)] are parsed and code-generated, what “needs initialization” really means at runtime, and how using init with associated token accounts can enable griefing/DoS via pre-created ATAs.

SolanaSecurityAnchor
January 05, 2026
30 min read
Morpho Internals Part 5: Integration Security Guide
DeFi

Morpho Internals Part 5: Integration Security Guide

A security-focused guide for integrating with Morpho: an expanded walkthrough of the official integration checklist, with concrete pitfalls and code-level explanations for core and MetaMorpho vault flows.

MorphoLendingSource Code Walkthrough
January 04, 2026
30 min read
Morpho Internals Part 4: MetaMorpho
DeFi

Morpho Internals Part 4: MetaMorpho

How MetaMorpho wraps Morpho markets into a single ERC4626 vault with supply/withdraw queues, role-gated caps, and fee/timelock design.

MorphoLendingSource Code Walkthrough
January 02, 2026
30 min read
Morpho Internals Part 3: Oracle
DeFi

Morpho Internals Part 3: Oracle

A deep dive into Morpho's oracle surface area and MorphoChainlinkOracleV2: ERC4626 vault conversions, base/quote feed wiring, two-hop unit cancellation, and the 1e36 SCALE_FACTOR derivation.

MorphoLendingSource Code Walkthrough
December 31, 2025
30 min read
Pre-Funding DoS in Solana: Breaking create_account with Non-Zero Lamports
Solana

Pre-Funding DoS in Solana: Breaking create_account with Non-Zero Lamports

A system-level Solana DoS pattern: pre-funding a predictable address (e.g., a PDA) makes `create_account` fail with AccountAlreadyInUse. Includes mitigations and how Anchor avoids it.

SolanaSecurityAnchor
December 29, 2025
10 min read
Morpho Internals Part 2: IRMs
DeFi

Morpho Internals Part 2: IRMs

How Morpho Blue computes borrow rates: FixedRate warm-up and a deep dive on AdaptiveCurve with utilization-driven anchor updates.

MorphoLendingSource Code Walkthrough
December 25, 2025
1 hour read
Morpho Internals Part 1: Morpho Blue
DeFi

Morpho Internals Part 1: Morpho Blue

Deep dive into Morpho Blue's core contract—market creation, supply/borrow/collateral flows, liquidation math, and interest accrual mechanics.

MorphoLendingSource Code Walkthrough
December 24, 2025
30 min read
How Uniswap V3 handles liquidity better than V2
DeFi

How Uniswap V3 handles liquidity better than V2

A deep dive into the mathematical principles behind liquidity provision in Uniswap V2 and V3, exploring how concentrated liquidity revolutionizes capital efficiency while maintaining protocol consistency.

UniswapDeFiLiquidity+3 more
September 06, 2025
30 min read
Elliptic curve attacks - from small subgroup attack to invalid curve attack
Cryptography

Elliptic curve attacks - from small subgroup attack to invalid curve attack

How missing public-key validation in ECDH enables small-subgroup and invalid-curve attacks, and what robust defenses look like.

Elliptic CurvesCryptography
April 12, 2024
30 min read