1/ Every architecture involves tradeoffs. Good design allows you to design a system where, for every unit of risk you take, you earn the most reward, and for every unit of reward you take, you incur the least risk. From a liquidity risk PoV, Morpho's model is suboptimal.

3/ Redemption risk is manifested when users can’t withdraw collateral. Morpho markets itself as an “isolated” lending alternative, where curators manage vaults and users pick between distinct risk profiles. But "isolation" is misleading, as we'll see; liquidity risk is shared.

5/ This is important to understand because, as a user, your ability to withdraw your capital depends on it. Let’s see an example: Let’s imagine an ultra-prudent, responsible curator on Morpho, Curator A.

6/ Similarly, let’s imagine an aggressive curator, Curator B. Even if you deposit into a “low-risk” vault, if it allocates to a market that higher-risk curators also use, your ability to redeem depends on the same shared pool in that market, not just on your vault.

7/ When a risky overlapping market depegs, redemptions surge, and utilization can reach 100%. As a result, withdrawals become a first-come, first-served race from that shared pool, allowing fast-moving curators to consume liquidity and leaving others temporarily unable to honor withdrawals.

8/ That’s how a conservative user can wake up to frozen or delayed redemptions, not because their vault took on that asset’s credit risk, but because others drained shared market liquidity.

9/ This is the core issue: liquidity risk is socialized, not isolated. And because Morpho allows permissionless asset listings, any new, under-collateralized, or experimental token can potentially contaminate shared liquidity pools. But do other risk levers exist?

10/ Once redemptions on Morpho are bricked, a risk manager’s toolkit is empty. Normally, you’d want to: - Raise interest rates to incentivize repayments and restore liquidity - Update oracles to reflect real market prices during stress events - Alter risk parameters to minimize collateral exposure

11/ But on Morpho, interest-rate models, risk configurations, and oracles are immutable. They can’t be changed after deployment. So when conditions shift, as they constantly do in financial markets, you can’t adapt: you can only withdraw.

12/ Aave addresses this with @chaoslabs Risk Oracles Will potentially dive deeper into this topic in a different thread.

13/ In Aave: assets are permissioned, listing is governed through rigorous DAO review, and risk parameters can be dynamically adjusted in response to market stress.

14/ That’s how the system has remained solvent and liquid through every major DeFi shock. Over the past year, Aave Core maintained deep buffers, averaging roughly $750M USDC and $1.0B USDT, while handling daily outflows of $300-400M on average. Even when outflows topped $2 billion a day, liquidity rebounded to typical levels within hours.

15/ On Morpho, the opposite is true: shared liquidity, permissionless listings, and immutable parameters make redemption risk inherently difficult to underwrite. And that’s the fundamental point: When redemption risk cannot be anticipated, it cannot be reliably priced. If it can’t be accurately priced, it can’t be responsibly managed.

16/ This isn’t meant to be a Morpho doomer post. Morpho is pushing the frontier in many ways, and the team is great. But we do have to recognize that this is the simplest onchain finance will ever be. We still need better architectures, risk infra, oracles, etc.

17/ At @chaoslabs, we're trying to make the next version smarter. Some issues can be fixed by iterating on core architectures. Others can be fixed with dynamic, real-time risk infra and oracles. Both are needed to be on DeFi's efficient frontier.