Leaked credential on paste/sentry site

Morpho V1 (Morpho Blue + MetaMorpho)'s assessment for RD-F-164 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No public reports of Morpho Labs infrastructure credentials on paste/sentry sites in 2025-2026. SECURITY.MD absent from morpho-blue GitHub repo (data cache: security_md_present: false).

Detail #

Cannot assess credential leakage from public search results alone. Requires paste-site monitoring feed. SECURITY.md absence means no GitHub-native disclosure channel — a minor operational gap. Immunefi active program provides an alternative channel.

Sources #

GitHub
https://github.com/morpho-org/morpho-blueretrieved 2026-04-27

Methodology #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol morpho-v1 factor RD-F-164 score gray collected_at 2026-04-30 21:19:13