Skip to main content

Tenor Smart Contracts

The Tenor smart contracts extend Morpho Midnight with additional capabilities, grouped into callbacks, ratifiers, and gates. See the developer documentation for a full breakdown.

The Tenor smart contracts are open source under a Business Source License (BSL).

The contracts have undergone security reviews from leading security firms and independent researchers, and are covered by an active bug bounty offering up to $200,000 for critical findings. See Bug Bounty for details.

Design Principles

Tenor follows the same design philosophy as Morpho: keep the core minimal and unopinionated, and push opinionated logic — rate policies, renewal rules, gating, callbacks — into periphery contracts that users opt into. The core Tenor contracts are immutable and cannot be upgraded once deployed, which keeps the trusted surface small and removes governance risk from the protocol itself. Periphery contracts can be pausable, where pause functions apply only to the users who opted into them. See Pausable Functions for the full list.

The same opt-in model bounds the impact of any periphery contract. Gates apply only to the markets and vaults that set them, and callbacks and ratifiers act only on the positions that invoke them. Behavior added by one contract cannot affect markets or positions that don't use it.