Skip to main content

Morpho Midnight Allowlist Gate

The Morpho Midnight Allowlist Gate gives a market owner full control over who can lend into, borrow from, and liquidate a Morpho Midnight market. It combines IEnterGate (controlling who can take offers) and ILiquidatorGate (controlling who can liquidate) in a single contract, with three independent permission flags per address.

For example, an institution or fund can deploy a market with this gate set as both the enterGate and the liquidatorGate, then allowlist a curated set of verified lenders and borrowers while authorizing only a small set of trusted liquidators. Anyone outside the allowlist is rejected at take time and at liquidation time.

Setup

Midnight Allowlist Gates are deployed via the MidnightAllowlistGateFactory using CREATE2 for deterministic addresses. After deployment, the gate blocks all takes and liquidations by default because every permission flag defaults to false.

Setup takes two steps:

  1. Deploy the gate via the factory, passing the owner address and a salt.
  2. The owner calls setAllowlist(roles[]) to configure permissions for participating addresses.

The owner can later call renounceOwnership() to make the allowlist permanently immutable.

Role-Based Permissions

Each allowlisted address has three independent permission flags.

  • canIncreaseCredit: Whether the address can lend into the market (taking a sell offer or otherwise increasing credit).
  • canIncreaseDebt: Whether the address can borrow from the market (taking a buy offer or otherwise increasing debt).
  • canLiquidate: Whether the address can call liquidate() on the market.

Flags are independent: an address can be permitted to lend but not borrow, or to liquidate but not lend. The owner can set multiple roles in a single setAllowlist call.

Gate Interface

The gate implements three view functions that Morpho Midnight queries:

  • canIncreaseCredit(address) → bool: checked before any take that increases credit (lend side).
  • canIncreaseDebt(address) → bool: checked before any take that increases debt (borrow side).
  • canLiquidate(address) → bool: checked before any liquidation.

Each returns the corresponding flag from the allowlist mapping. There is no fee-recipient exemption: unlike the Vault V2 Allowlist Gate, the Midnight allowlist gate does not auto-permit any address outside the explicit allowlist.

Ownership

The gate uses OpenZeppelin's Ownable2Step for safe two-step ownership transfers.

  • The owner is the only address that can call setAllowlist to update permissions.
  • The owner can call renounceOwnership() to permanently lock the allowlist, making it immutable.

Use Cases

  • Permissioned markets for institutional users.
  • Compliance-controlled markets that restrict participation to KYC-verified addresses.
  • Specialist liquidator setups where only pre-approved keepers can seize collateral.