Supervisor v2 enforces the non-custodial guarantees that institutional DeFi infrastructure requires: explicit delays on material vault changes, independent veto paths, and auditable governance operations.

The goal is is to remove counterparty risk on the curator side and put depositors in control.

Why Supervisor v2

Our operating principle has not changed: depositors should never have to trust a curator’s good intentions when verifiable constraints are available.

Morpho v2 vaults ship with two non-custodial features: timelocks (a delay window before material vault parameter changes take effect) and flash-loan in-kind redemption (which allows depositors to exit a vault by receiving the vault’s underlying assets directly, even if secondary liquidity is thin). Both are meaningful protections, but they assume the depositor is actively monitoring the vault. A user interacting through a non-custodial wallet who checks their position once a month may not catch a pending change before the timelock expires.

Supervisor v2 closes this gap with the guardian role. A guardian is an independent third party authorized to veto any material vault change during the timelock window. If a curator submits a parameter change, such as adding a new collateral market or adjusting an allocation cap, the guardian can block it before it takes effect.

For Steakhouse vaults, each guardian is an Aragon DAO composed of depositors, giving them a direct governance path to reject curator decisions they consider misaligned.

It is worth distinguishing the guardian from the sentinel role that already exists in Morpho’s design. A sentinel can also flag or block certain actions, but it can be revoked at will by the vault owner. That revocability makes the sentinel useful for operational monitoring but insufficient as a depositor protection. An owner under pressure (or acting opportunistically) could simply remove the sentinel and proceed. The guardian cannot be removed during an active timelock, making it a harder guarantee.

Steakhouse remains the only large curator where depositors and independent third-party guardians can veto curator actions during the timelock window.

Migration Approach

Mainline Steakhouse v2 vaults will be migrated progressively to the Supervisor v2 model. As with any material change, depositors will be able to veto the migration itself through the existing guardian mechanism during the timelock period.

Partnership vaults may remain under a different governance model depending on the terms of each integration.

No impact on vault operations or depositor positions is expected during the migration.

Deployed Contracts

The Supervisor v2 contract addresses are as follows:

Ethereum: 0x4D7bd498Bb24098Ca281C05519629c605407f71d

Base: 0x639bfA26472906Ccd40513408284a8aD292bC5D6

Arbitrum One: 0xca9f621aAFD28d0F2decFb69Db0d9e6393A9f5ee

The Supervisor v2 contracts are public on Github Repo and have been audited by Cantina audit.

Looking Forward

Risk cannot be removed, but it can be managed. Supervisor v2 is our current best answer to the question of how a curator earns trust without asking for it: by making its own power legible, constrained, and subject to override.

We will continue to favor verifiable non-custodial guarantees over discretionary authority.

For more detail on Steakhouse vault architecture and risk frameworks, consult the Information Hub.