Today, Morpho Labs has released Bundler3, an open-source smart contract that enables externally-owned accounts (EOAs) to execute a sequence of arbitrary calls atomically, including actions requiring approvals or callbacks.

Bundler3 can call protocols directly or through wrappers named "adapters” which are useful for performing atomic checks, manage slippage, and safely execute actions that require authorizations. This release includes a number of pre-built adapters, however, anyone can create and use custom adapters, further expanding Bundler3’s utility.

Bundler3 was originally developed to streamline user transaction flows, introduce new features, and strengthen security within Morpho’s products, particularly the Morpho App. However, in line with Morpho’s mission to make financial infrastructure a public good, Bundler3 is now available to the broader ecosystem, offering a practical solution for projects with similar use cases.

The Bundler3 code has been audited by Spearbit and OpenZeppelin, with the full reports available here. Key properties of the code have also been formally verified with Certora, which you can access here.

Bundler3: a more powerful Multicall

A major limitation of externally owned accounts (EOAs) is their inability to perform multiple contract calls simultaneously. This restriction results in a fragmented user experience and hinders the ability to simplify complex transaction flows into a seamless, “one-click” process.

While Multicalls allow multiple contract calls to be executed within a single transaction, they often fall short for many DeFi use cases. Critical requirements, such as atomic checks or granting approvals for a contract to act on behalf of an EOA, are not feasible with basic Multicall implementations.

The purpose of Bundler3 is to provide a more powerful multicall solution. It allows users to combine a sequence of smart contract calls atomically—ranging from simple to complex—into a single, efficient transaction, including those that require approvals or use callbacks. It achieves this by using transient storage to store an address as the "initiator" the first time it interacts with the bundlers. Additionally, a callback hash ensures that any reentry into the bundler contract uses predefined data, preventing actions not originally specified in the bundle.

The following chart illustrates how Bundler3 enables an EOA to perform multiple actions, including call back flows, in a single transaction:

The entry point for Bundler3 is the multicall(Call[] calldata bundle) function. Each call within the bundle is defined by the following parameters:

• to: The address of the smart contract to call.

• data: The calldata to pass to the contract.

• value: The amount of native currency to send with the call.

• skipRevert: A boolean indicating whether the multicall should continue or revert if this specific call fails.

• callbackHash: A hash representing the expected argument for reentrance (0 if no reentrance is required).

These features enhance Bundler3’s flexibility and security, making it especially effective for advanced transaction flows and adapter-based integrations.

Adapters and their capabilities

Adapters are protocol wrappers designed to extend the functionality of Bundler3. They are particularly useful for:

• Atomic checks, such as checking slippage.

• Slippage management, for example, during migrations.

• Executing actions requiring user authorizations.

To ensure secure user interactions, adapters can restrict specific function calls based on the initiator. For instance, an adapter requiring token approvals might only allow calls to token.transferFrom where the from parameter matches the initiator.

Since these functions often involve moving user funds, only Bundler3 is permitted to call adapters. If an adapter requires additional actions after being called back—such as during a flash loan—it can utilize other adapters by calling the Bundler's reenter(Call[] calldata bundle) function.

The following three adapters have been deployed, but integrators are free to create and use custom adapters in a Bundler3 transaction:

All three adapters — GeneralAdapter1, EthereumGeneralAdapter1, and ParaswapAdapter — inherit the code from CoreAdapter, which provides essential features like access to the current initiator address.

Integrating Bundler3

Bundler3 is an immutable, unowned, and open-source contract that has been deployed on Ethereum and Base. To start integrating, read the following doc.

Similarly to other contracts developed by Morpho Labs, the Bundler3 code base will be part of the existing bug $1.5M bounty program on Immunefi and Cantina.