Spark Protocol
DAMASCUSLending / Borrowing · Ethereum · $4B+ TVL · 15 contracts
Confidence 69%Z-Factor 0.78Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
818
BRI Score
3004756508251000
Security Profile
Access Control
82
82
Economic Soundness
80
80
Oracle Integrity
82
82
Compositional Risk
72
72
Governance
75
75
Maturity
80
80
Resilience
61
61
Supply Chain
85
85
Op Security
52
52
Cascade Exposure
71
71
Access Ctrl
82
82
Economic
80
80
Oracle
82
82
Compos.
72
72
Govern.
75
75
Maturity
80
80
Resilience
61
61
Supply Ch.
85
85
OpSec
52
52
Cascade
71
71
Min
52
Avg
74
Max
85
Audit History
ChainSecurity
2023-04
Cantina
2024-02
Bug Bounty Program
$10,000,000
Max payout on Immunefi
Assessment
Strong score driven by MakerDAO org maturity (D6=80), Aave V3 base code, and dual oracle infrastructure. Compositional risk (D4=72) from deep Maker integration is the main drag.
Dimension Breakdown
How scores work →Access Control
Weight 18%82% conf
82
arrow_forwardStrong
+20Aave V3 fork with proven access control model
+20MakerDAO integration adds admin surface complexity
+20Emergency admin via MakerDAO governance
+20Pool configurator and bridge executor from Aave
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%80% conf
80
arrow_forwardStrong
+20Inherits Aave V3 economic model (well-tested)
+20DAI-first design with Maker PSM providing stability anchor
+20SparkVault/PSM3 for stablecoin operations
+20DSR integration provides floor yield
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%80% conf
82
arrow_forwardStrong
+20Chainlink primary + Chronicle oracles (Maker oracle infra)
+20Dual oracle infrastructure provides redundancy
+20Inherited Aave V3 oracle validation
+20Maker oracle security team provides additional oversight
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%82% conf
80
arrow_forwardStrong
+16SparkLend live since mid-2023 (~2 years)
+16MakerDAO org maturity 5+ years (battle-tested through multiple crises)
+16Aave V3 base code is extensively battle-tested
+16Audited via Maker pipeline (ChainSecurity, ABDK)
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%82% conf
75
arrow_forwardGood
+19MakerDAO governance (MKR holders) provides oversight
+19SubDAO structure with SPK token governance maturing
+19Timelocks via Maker governance (GSM delay)
+19Some centralization in SubDAO executive decisions
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
61
Moderate
- Score derived from continuous adversarial security research
Operational Security
Weight 10%60% conf
52
arrow_forwardConcerning
-12No branch protection detected
+13Active CI/CD (100% success rate)
+13Commit signing: 52% verified
+13Strong PR review culture (70% reviewed)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%76% conf
72
arrow_forwardGood
+24Deep integration with MakerDAO (D3M, PSM, DSR)
+24MakerDAO failure would cascade to Spark
-28Correlated risk with DAI/USDS stability
+24Growing integration surface (Morpho vaults, etc.)
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%75% conf
71
arrow_forwardGood
+24Appears in 5 cross-protocol cascade chain(s)
+24Member of 3 dependency cluster(s)
-29Score: 71/100 (higher = more isolated from systemic risk)
+24Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%84% conf
85
arrow_forwardStrong
+28Aave V3 codebase is extensively audited base
+28Standard OpenZeppelin libraries
+28Maker integration libraries add some dependency
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Operational Security52
Adversarial Resilience61
Cascade Exposure71
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "spark"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("spark")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.