Spark Protocol

Stage 1
TVL $2.4B
spark.fi
2026-01-28
Chains ethereum base arbitrum

Risk Assessment

Upgradeability
48h+ Timelock
Admin Control
DAO Governance
Fund Access
Restricted
Audits
Extensive
Oracle
Decentralized
Track Record
2 years

Spark Protocol Risk Assessment

Overview

Spark Protocol is MakerDAO’s (now Sky) official lending platform, built as a soft fork of Aave V3. It serves as the primary venue for DAI/USDS borrowing with deep liquidity and governance-set interest rates, forming a core component of the Maker Endgame plan.

Unlike Aave’s utilization-based rates, Spark uses governance-set flat interest rates that remain constant regardless of utilization, up to debt ceilings.

Smart Contract Risk

Contract Architecture:

  • Aave V3 fork with custom modifications
  • Isolated collateral pools prevent systemic failures
  • SparkLend core contracts handle lending logic
  • Integration with Maker’s PSM and D3M modules

Code Quality:

  • Audited by CertiK, Trail of Bits, and others
  • $5M bug bounty program (one of largest in DeFi)
  • Bi-annual Proof-of-Reserves reports
  • Open source codebase on GitHub

Attack Surface:

  • Inherits Aave V3’s proven architecture
  • Custom rate model introduces unique considerations
  • Deep integration with Maker ecosystem
  • Liquidation mechanisms from battle-tested code

Admin/Governance Risk

Governance Structure:

  • Inherited from MakerDAO/Sky governance
  • SKY token holders vote on proposals (formerly MKR)
  • Spark Proxy Spell executes approved changes
  • SPK token for Spark-specific governance

2025 Governance Transition:

  • MKR-to-SKY upgrade (24,000:1 ratio)
  • New Chief Contract for SKY voting
  • Spark Freezer MOM authority transferred
  • Protego contract can cancel pending governance actions

Admin Controls:

  • Governance Security Module (GSM) delay on changes
  • Spark Freezer can pause operations
  • Rate parameters set by governance
  • Debt ceilings controlled by Maker governance

Trust Assumptions:

  • Full integration with Maker governance system
  • Governance can modify parameters and rates
  • Emergency functions provide pause capability
  • KYC checks optional for high-risk jurisdictions

Oracle Risk

Chainlink Integration:

  • Primary price feeds from Chainlink
  • Decentralized oracle network
  • Asset-specific configurations
  • Fallback mechanisms for critical assets

Oracle Security:

  • Inherits Aave V3’s oracle infrastructure
  • Multiple node operators
  • Price deviation protections
  • Governance can update oracle sources

Economic Risk

Liquidity Risk:

  • $6.5B+ TVL with deep USDS/DAI liquidity
  • Direct integration with Maker’s D3M
  • Governance-controlled debt ceilings
  • PSM provides stability mechanism

Operational History:

  • Launched May 2023
  • Part of Maker Endgame restructuring
  • Rapid growth to top lending protocol
  • No major exploits

Stage Assessment

Stage 1 Criteria Met:

  • Governance-controlled upgrades with GSM delay
  • Decentralized governance inherited from Maker
  • Restricted admin fund access
  • Extensive audits with large bug bounty
  • Strong operational track record (via Maker heritage)

Why Not Stage 2:

  • Contracts upgradeable via governance
  • Emergency pause functions exist
  • Tight coupling with Maker governance decisions
  • Relatively newer protocol (2 years)

Justification: Spark Protocol achieves Stage 1 (Limited Trust) status due to its battle-tested Aave V3 foundation, strong security practices including a $5M bug bounty, and integration with Maker’s mature governance system. The GSM delay provides meaningful timelock protection. While the protocol is newer, it inherits significant security properties from both Aave and Maker ecosystems.