Spark Protocol
DAMASCUSLending / Borrowing · Ethereum · $4B+ TVL · 15 contracts
Official site: spark.fi ↗
818
3004756508251000
Confidence69%
Z-Factor0.78
Updated 2026-05-27Public scoreSecurity Profile
Access Control
82
82
Economic Soundness
80
80
Oracle Integrity
82
82
Compositional Risk
72
72
Governance
75
75
Maturity
80
80
Resilience
61
61
Supply Chain
85
85
Op Security
52
52
Cascade Exposure
71
71
Access Ctrl
82
82
Economic
80
80
Oracle
82
82
Compos.
72
72
Govern.
75
75
Maturity
80
80
Resilience
61
61
Supply Ch.
85
85
OpSec
52
52
Cascade
71
71
Min
52
Avg
74
Max
85
Audit History
ChainSecurity
2023-04
Cantina
2024-02
Bug Bounty Program
$5,000,000
Max payout on Immunefi
Assessment
Strong score driven by MakerDAO org maturity (D6=80), Aave V3 base code, and dual oracle infrastructure. Compositional risk (D4=72) from deep Maker integration is the main drag.
Dimension Breakdown
MethodologyAccess Control
82Weight 18% · 82% confidence
+20Aave V3 fork with proven access control model
+20MakerDAO integration adds admin surface complexity
+20Emergency admin via MakerDAO governance
+20Pool configurator and bridge executor from Aave
Provenance
Economic Soundness
80Weight 13% · 80% confidence
+20Inherits Aave V3 economic model (well-tested)
+20DAI-first design with Maker PSM providing stability anchor
+20SparkVault/PSM3 for stablecoin operations
+20DSR integration provides floor yield
Provenance
Oracle Integrity
82Weight 13% · 80% confidence
+20Chainlink primary + Chronicle oracles (Maker oracle infra)
+20Dual oracle infrastructure provides redundancy
+20Inherited Aave V3 oracle validation
+20Maker oracle security team provides additional oversight
Provenance
Battle-Tested Maturity
80Weight 12% · 82% confidence
+16SparkLend live since mid-2023 (~2 years)
+16MakerDAO org maturity 5+ years (battle-tested through multiple crises)
+16Aave V3 base code is extensively battle-tested
+16Audited via Maker pipeline (ChainSecurity, ABDK)
Provenance
Governance & Upgradeability
75Weight 10% · 82% confidence
+19MakerDAO governance (MKR holders) provides oversight
+19SubDAO structure with SPK token governance maturing
+19Timelocks via Maker governance (GSM delay)
+19Some centralization in SubDAO executive decisions
Provenance
Adversarial Resilienceredacted
61Weight 10% · 95% confidence
- Score derived from continuous adversarial security research
Provenance
Operational Security
52Weight 10% · 60% confidence
-48No branch protection detected
+10Active CI/CD (100% success rate)
+10Commit signing: 52% verified
+10Strong PR review culture (70% reviewed)
Provenance
Compositional Risk
72Weight 5% · 76% confidence
+18Deep integration with MakerDAO (D3M, PSM, DSR)
+18MakerDAO failure would cascade to Spark
+18Correlated risk with DAI/USDS stability
+18Growing integration surface (Morpho vaults, etc.)
Provenance
Cascade Exposure
71Weight 5% · 75% confidence
+24Appears in 5 cross-protocol cascade chain(s)
+24Member of 3 dependency cluster(s)
+24Source: cross_protocol_composition.json dependency analysis
Provenance
Supply Chain
85Weight 4% · 84% confidence
+28Aave V3 codebase is extensively audited base
+28Standard OpenZeppelin libraries
+28Maker integration libraries add some dependency
Provenance
Top Score Drivers
Dimensions with the greatest marginal impact on BRI.
Operational Security
52+35 potential
No branch protection detected
Adversarial Resilience
61+26.3 potential
Access Control
82+18.8 potential
Aave V3 fork with proven access control model
Economic Soundness
80+15.2 potential
Inherits Aave V3 economic model (well-tested)
Governance & Upgradeability
75+15.1 potential
MakerDAO governance (MKR holders) provides oversight
Adversarial Risk Signals
Publicly verifiable security posture indicators.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:5...
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "spark"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("spark")Reduce exploitable risk
Continuous adversarial analysis, vulnerability detection, and verified reassessment.
Embed this score
Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.
Style
Theme
Format
Preview
Copy iframe code
<iframe
src="https://blackhart.io/embed/oracle/spark?variant=card&theme=dark"
title="BlackHart Risk Index: Spark Protocol"
width="340"
height="290"
frameborder="0"
loading="lazy"
style="border:0; max-width:100%;"
></iframe>