nv# 22/05 **Spent**: Around 9 hours **What did I do?** Read about the protocol, skimmed through Morpho's hooks and found a vulnerability. I also started to explore the AcrossV3 adapter flow to see if something feels out of place but I just got more lost than what I already was honestly. I need to read the ERCs and shit. **Any Findings?** https://cantina.xyz/code/ba62fa4e-f933-4eec-b9ac-868325f4a694/findings?finding=59 **How do I feel?** Pretty good, a bit overwhelmed because I didn't find anything else but tomorrow is a new day. **What to do next?** - check inflow / outflow hooks execution flow - understand SuperNativePaymaster **File**: `src/core/validators/SuperDestinationValidator.sol` **Function**: `isValidDestinationSignature()` 1. **Merkle Proof Bypass**: Can you provide an invalid proof that still passes verification? 2. **Chain ID Validation**: Line 175 checks `chainId != block.chainid` - any edge cases? 3. **Timestamp Manipulation**: Line 117 `validUntil >= block.timestamp` - what about `block.timestamp` manipulation? 4. **Signature Recovery Issues**: Line 143 uses ECDSA.recover - any malleability attacks? # 23/05 **Spent**: Around 5 hours **What did I do?** A lot about the whole user flow regarding INFLOW/OUTFLOW/NONACCOUTYING hook types and trying to find some weird edge case around the SuperDestinationExecutor which I think I found something interesting but I have no PoC yet.