DeFiPunk'd

Spark

3 deployments · $8.0B aggregate TVL · Lending

Deployments

Each deployment is rated independently. Pick one to see its rating, risk analysis, and stage.
TVL $3.6B
Type Lending
Chains Ethereum, xDai
View on DeFiLlama ↗
Control — tentative orange (2/3 models submitted) Ability to exit — tentative red Autonomy — tentative red Open Access — tentative orange (2/3 models submitted) Verifiability — tentative green Control Exit Autonomy Open Access Verifiable
Control criteria
Upgradeability Upgradeable Bug bounty immunefi.com Governance forum forum.makerdao.com Docs docs.spark.fi
About

SparkLend is a decentralized non-custodial lending protocol forked from Aave V3. Users supply assets to liquidity pools to earn interest or borrow against collateral. SparkLend benefits from direct stablecoin liquidity provided by the Sky Protocol (formerly MakerDAO), enabling large-scale DAI/USDS borrowing at governance-set rates. Governed by Sky Governance with emergency controls delegated to a 3-of-5 multisig via the SparkLendFreezerMom contract.

Risk analysis

One card per dimension, sorted by severity. Only Verifiability and Autonomy carry automated signals in Phase 0. See methodology for scope.

Audit a dimension yourself · DEFI@home Contribute an LLM-run assessment — any model, any dimension. Three agreeing runs merge automatically into the public record.

DEFI@home is a distributed audit network modeled on SETI@home: instead of CPU cycles, it crowdsources LLM reasoning. Paste a slice prompt into Claude, ChatGPT, Gemini, or any browsing-capable model, and submit the JSON output as a pull request. The quorum bot merges it once ≥3 independent runs (from different models) reach the same grade — no single model, and no single contributor, can move the needle alone. How it works →

  • Address discovery 23 addresses on file · 1 run Submit run ↗
  • Verifiability ✓ 3/3 models agree AI-only weak green — weak consensus margin; only 0/3 sources have a public chat share link; total support weight 0.72 below confidence floor (1.5) Submit run ↗
  • Control 2/3 submitted Submit run ↗
  • Ability to exit ✓ 3/3 models agree AI-only weak red — only 0/3 sources have a public chat share link; total support weight 0.09 below confidence floor (1.5) Submit run ↗
  • Autonomy Submit run ↗
  • Open Access 2/3 submitted Submit run ↗
  • Audit all 5 dimensions · one prompt Submit run ↗
  1. Verifiability tentative 3/3 models agree AI-only 0/3 with chat share link
    Core contracts verified on Etherscan, public GitHub repo, and ChainSecurity deployment-verification plus multi-round Aave v3 audits from recognized firms
    Verdict

    Choosing green because (1) both the proxy contract and its current implementation are verified on Etherscan (the proxy page resolves and displays the implementation ABI, per evidence from the Etherscan search result), (2) a public source repo with a pinned release commit exists at sparkdotfi/sparklend-v1-core, (3) ChainSecurity — a recognized firm — conducted a deployment verification confirming bytecode-repo correspondence at the April 2023 launch, and (4) the Aave v3 codebase underlying SparkLend was audited by Trail of Bits, OpenZeppelin, PeckShield, SigmaPrime, and Certora. The orange steel-man (post-audit implementation upgrade) is noted in unknowns but is insufficient to downgrade without evidence of material drift from a fund-custody-critical change, given the extensive layered audit coverage and the stable nature of the Aave v3 core.

    Steelman argument
    Steelman argument Pool proxy and PoolAddressesProvider are confirmed verified on Etherscan; the implementation ABI is resolved by the proxy page indicating implementation verification; the public GitHub repo (sparkdotfi/sparklend-v1-core) exists with pinned commit SHA 8120e49 at v1.0.0; ChainSecurity (recognized firm) performed a deployment verification confirming bytecode-to-repo match; multiple further recognized-firm audits cover Aave v3 core and Spark-specific extensions.
    Evidence (6)
    V1
    Pool proxy 0xC13e21B648A5Ee794902342038FF3aDAB66BE987 is marked 'Contract: Verified' on Etherscan using the EIP-1967 Transparent Proxy pattern. Etherscan resolves and displays the ABI for the implementation contract at 0x5aE329203E00f76891094DcfedD5Aca082a50e1b, indicating the implementation is also verified. PoolAddressesProvider 0x02C3eA4e34C0cBd694D2adFa2c690EECbC1793eE is separately confirmed 'Contract: Verified' on Etherscan. Direct Etherscan fetch of the implementation page was blocked in this run, so implementation verification is derived from the proxy page's ABI resolution rather than a direct fetch.
    V2
    Public source repo exists at https://github.com/sparkdotfi/sparklend-v1-core, a fork of Aave v3 core with Spark-specific changes. Release v1.0.0 is pinned to commit SHA 8120e49. The repo structure (Aave v3 base with custom interest rate strategy and oracle for sDAI) corresponds to the explorer-visible source remappings referencing lib/aave-v3-core/. Bytecode diff not performed this run; recorded as V2 scope limit.
    V3
    ChainSecurity conducted a deployment verification of SparkLend dated April 26, 2023, confirming bytecodes matched the repository at deployment time. The sparklend-v1-core repo's v1.0.0 release explicitly lists 'Add ChainSecurity audit'. The base Aave v3 codebase received audits in October 2021 (ABDK, OpenZeppelin, Trail of Bits, PeckShield), December 2021 (SigmaPrime), November 2021–January 2022 (Certora formal verification), and December 2022 (PeckShield, SigmaPrime). SparkLend Advanced and Cap Automator infrastructure have additional ChainSecurity audits. The docs also note Cantina audits. Audit links repository URLs confirmed accessible.
    V4
    Auditors include ChainSecurity, OpenZeppelin, Trail of Bits, PeckShield, SigmaPrime, and Certora — all broadly recognized Solidity security firms listed in the rubric. This satisfies the recognized-firm requirement.
    V5
    ChainSecurity's April 2023 deployment verification confirmed bytecodes matched the repository at deployment. SparkLend is described as based on Aave v3 3.0.1 and 3.0.2 with custom sDAI oracle and DAI interest rate strategy. The docs audit page lists multiple additional ChainSecurity and Cantina audits of SparkLend Advanced, covering oracles and governance components added after initial deployment. Whether the currently-deployed implementation (0x5aE329203E) has drifted materially from the audited commit could not be verified via a GitHub diff this run; this is recorded in unknowns but does not downgrade given the depth of audit coverage and the known-stable nature of the Aave v3 core codebase.
    V6
    Pool proxy (0xC13e21B648A5Ee794902342038FF3aDAB66BE987) uses EIP-1967 Transparent Proxy. Etherscan shows the ABI is served for the implementation at 0x5aE329203E00f76891094DcfedD5Aca082a50e1b (Pool), indicating the implementation is verified on the explorer. Direct fetch of the implementation page was blocked; verification is derived from the proxy page's ABI resolution.
    Why is this consensus tentative?
    • weak consensus margin
    • only 0/3 sources have a public chat share link
    • total support weight 0.72 below confidence floor (1.5)

    A fresh independent run can strengthen (or overturn) the verdict.

    Run your own prompt Submit run ↗
    Sources claude-sonnet-4-6 (autorun) no url gpt-5.5 no url gemini-3-flash-preview no url View raw submissions ↗
  2. Control 2/3 models submitted
    Ethereum SparkLend is upgradeable through Sky's Pause Proxy, but the live governance delay, multisigs, emergency roles, and xDai admin path were not fully resolved.
    Tentative grades
    • gpt-5.5 unknown
    • gemini-3-flash-preview orange

    No quorum yet — verdict and steelman hidden until ≥3 models agree.

    Evidence (12)
    C1
    The Ethereum SparkLend Pool proxy is 0xC13e21B648A5Ee794902342038FF3aDAB66BE987, and its proxy-admin constructor argument points to the Spark PoolAddressesProvider at 0x02C3eA4e34C0cBd694D2adFa2c690EECbC1793eE.
    C1
    The PoolAddressesProvider ownership was transferred on-chain from Spark: Deployer 0xd1236a6A111879d9862f8374BA15344b6B233Fbd to 0xBE8E3e3618f7474F8cB1d074A26afFef007E98FB, labeled by Etherscan as Sky: MCD Pause Proxy.
    C2
    The verified PoolAddressesProvider source shows it is an Ownable registry and factory for protocol proxies; setPoolImpl and setPoolConfiguratorImpl are onlyOwner functions that route through _updateImpl, which creates or upgrades InitializableImmutableAdminUpgradeabilityProxy instances with the provider as immutable admin.
    C2
    The SparkLend Pool contract is shown by Etherscan as a proxy with a current implementation address, so the assessed Ethereum core is not immutable.
    C7
    The PoolAddressesProvider owner path reaches T1 fund-critical powers on Ethereum because onlyOwner functions include setPoolImpl, setPoolConfiguratorImpl, and setPriceOracle, allowing replacement of Pool/accounting/configuration logic or the oracle used by the lending market.
    C1
    The PoolAddressesProvider on Ethereum (0x02C3...93eE) is owned by the Spark Proxy (0x9659...48ad), which is in turn owned by the MakerDAO PauseProxy (0xBE8E...58d4). On Gnosis Chain, the PoolAddressesProvider (0xA98C...03A8) is owned by a 4/8 Gnosis Safe (0x4859...abb0).
    C2
    SparkLend uses Transparent Proxies for core contracts including the Pool and PoolConfigurator. The upgrade admin is the owner of the PoolAddressesProvider.
    C3
    The execution path on Ethereum involves MakerDAO governance voting followed by a 16-hour delay in the Governance Security Module (GSM). The GSM (0xac34...919a) delay is set to 57,600 seconds.
    C4
    On Gnosis Chain, a 4/8 multisig (0x4859...abb0) holds direct T1 control. Signers include Karpatkey, Gnosis, and Protofire. This multisig fails the Security Council criteria as its 50% threshold is below the required 51%.
    C5
    MakerDAO governance uses MKR token-weighted voting. While the voting period is typically 3 days, the final execution timelock (GSM) is only 16 hours, totaling less than the 7-day requirement for Green.
    C6
    The EmergencyAdmin role, held by the Spark Proxy on Ethereum and the 4/8 multisig on Gnosis, can pause the pool immediately via ACLManager.setEmergencyPaused().
    C7
    The highest reachable power is T1 (Fund-Critical), as the admin can call setPoolImpl() on the PoolAddressesProvider to replace the core lending logic.
    Why is this slice uncertain?
    • only 2 of 3 model submissions on record — quorum requires ≥3 agreeing models
    • submitted models do not yet agree on a single grade

    A fresh independent run can establish (or overturn) a verdict.

    Run your own prompt Submit run ↗
    Sources gpt-5.5 no url gemini-3-flash-preview no url View raw submissions ↗
  3. Ability to exit tentative 3/3 models agree AI-only 0/3 with chat share link
    Indefinite pause power held by 3-of-5 multisig with no time cap
    Verdict

    Choosing red because the 3-of-5 freezer multisig holds permanent ward authorization to call pauseAllMarkets(true) without a time limit. The GitHub documentation explicitly states the FreezerMom contract allows 'bypass[ing] the 2-day GSM window' but nowhere specifies a maximum pause duration. The contract code shows pauseMarket and pauseAllMarkets accept a boolean parameter with no timestamp check or auto-expiry logic. While governance CAN reverse a pause through an executive vote (subject to the 30-hour GSM delay per the April 2024 governance decision), the multisig itself can maintain the pause indefinitely without governance action. This means a 3-of-5 actor set can unilaterally block all user exits for an unlimited period, which falls squarely into the red category under the rubric: 'ANY actor can pause CLAIMS of finalized exits indefinitely.'

    Steelman argument
    Steelman argument A 3-of-5 multisig (freezer multisig) can pause all markets indefinitely, blocking both new withdrawals and claims of finalized positions, with no coded time cap or auto-expiry.
    Evidence (8)
    E1
    The SparkLend pool contract (0xC13e21B648A5Ee794902342038FF3aDAB66BE987) exposes withdraw(address,uint256,address), repay(address,uint256,uint256,address), and repayWithATokens(address,uint256,uint256) as public exit functions for lenders and borrowers.
    E2
    The pool configurator (0x542DBa469bdE58FAeE189ffB60C6b49CE60E0738) includes write methods setReservePause(address,bool) and setPoolPause(bool). These are callable through the pool configurator, which is controlled by governance and emergency admin roles.
    E3
    SparkLendFreezerMom (0x237e3985dD7E373F2ec878EC1Ac48A228Cf2e7a3) holds EMERGENCY_ADMIN_ROLE and RISK_ADMIN_ROLE. It exposes pauseMarket(address,bool), pauseAllMarkets(bool), freezeMarket(address,bool), and freezeAllMarkets(bool). These functions are callable by the hat in MakerDAO's Chief governance contract (0x929d9A1435662357F54AdcF64DcEE4d6b867a6f9), authorized wards (including the 3-of-5 freezer multisig at 0x44efFc473e81632B12486866AA1678edbb7BEeC3), OR the MakerDAO PauseProxy.
    E3b
    The freezer multisig (0x44efFc473e81632B12486866AA1678edbb7BEeC3) is a 3-of-5 Gnosis Safe with threshold 3. The GitHub documentation states this contract can 'bypass the 2-day GSM window to freeze or pause any SparkLend markets' but does NOT specify a maximum pause duration. The contract code shows no auto-expiry mechanism for pause or freeze states.
    E4
    There is NO distinction in the code between emergency pause and governance pause. A single pauseMarket or pauseAllMarkets call sets the pause state, which can only be reversed by calling the same function with false. The 3-of-5 multisig holds a ward authorization, allowing it to pause indefinitely without requiring a governance vote to initiate OR to extend the pause.
    E5
    SparkLend is an Aave V3 fork with standard instant withdrawal mechanics. There is no documented queue system for redemptions, no daily withdrawal cap mentioned in the documentation, and the withdraw function is not gated by any queue-checking logic in the ABI.
    E6
    No forced-exit or escape-hatch mechanism was found in the pool contract, configurator, or FreezerMom. The only exit path is the standard withdraw/repay flow, which is subject to pause controls.
    E7
    The withdraw function is a standard public method on the pool contract and is directly callable via block explorers (Etherscan write interface) or any wallet. There is no frontend dependency for exit.
    Why is this consensus tentative?
    • only 0/3 sources have a public chat share link
    • total support weight 0.09 below confidence floor (1.5)

    A fresh independent run can strengthen (or overturn) the verdict.

    Run your own prompt Submit run ↗
    Sources claude-sonnet-4-5 (autorun) no url gpt-5.5 no url gemini-3-flash-preview no url View raw submissions ↗
  4. Autonomy tentative 2/2 models agree AI-only 0/2 with chat share link
    A bad oracle/source failure can impair ~100% of SparkLend TVS; live checks do not bound positive misprices
    Verdict

    Choosing red because the strongest red case directly matches the deployed oracle architecture: both the large Ethereum module and the active Gnosis module rely on external, mutable price sources, the live fallback only handles missing or nonpositive prices, and a positive misprice can affect borrowing and liquidation solvency. Module weighting: Ethereum Pool holds ~95%+ of identifiable TVS and is red, with more than $1.4B visible in only spwstETH, spDAI, and spWETH cash balances; Gnosis Pool is ~<5%/not fully measured and is also red; weighted overall = red because the worst unmitigated oracle dependency can affect essentially all collateralized SparkLend TVS.

    Steelman argument
    Steelman argument SparkLend deserves red because the deployed AaveOracle accepts latestAnswer() from mutable external price sources without bounding positive misreports, and a bad collateral or debt price can create protocol bad debt affecting supplier principal across the shared lending pools.
    Evidence (9)
    A1
    The Ethereum SparkLend Pool at 0xC13e21B648A5Ee794902342038FF3aDAB66BE987 is live and handles supply, withdraw, borrow, and repay transactions, while its deployed AaveOracle at 0x8105f69D9C41644c6A0803fDA7D03Aa70996cFD9 maps assets to AggregatorInterface sources and returns source.latestAnswer() for prices. Positive but wrong external source prices are accepted, so a bad price source can misprice collateral and debt, enabling undercollateralized borrowing or bad liquidations.
    A2
    The material off-chain reporting surface is the oracle-provider side of the price feeds consumed through AaveOracle; the deployed Spark contracts expose aggregator addresses and latestAnswer() consumption, but the allowed Spark and explorer sources did not expose the current reporter committee sizes, quorums, or member-selection rules.
    A3
    SparkLend has a separate active Gnosis/xDai pool at 0x2Dae5307c5E3FD1CF5A72Cb6F698f915860607e0, with recent GnosisScan events for Pool reserve updates. The Gnosis deployment is a separate module rather than a bridge required for Ethereum users, but several Gnosis reserve assets are bridged or wrapped assets, so failures there are chain/module-scoped.
    A4
    Current SparkLend reserves include receipt or wrapper assets such as wstETH and sDAI/sUSDS-era savings assets; these create at least one layer of nested collateral risk for users who opt into those reserves, and because SparkLend is a shared lending pool rather than isolated per-market silos, a severe collateral/oracle failure can propagate through bad debt.
    A5
    SparkLend is an Aave v3 codebase fork; Spark docs state it is based on Aave v3 including the 3.0.1 and 3.0.2 upgrades, and the ChainSecurity deployment verification describes it as a fork of Aave V3 with Spark-specific differences.
    A6
    The deployed AaveOracle has a live fallback path only when a source is missing or returns a nonpositive value; this does not catch stale or adversarial positive prices. Spark also has deployed FreezerMom/KillSwitchOracle-style addresses in the registry, but their live wiring and thresholds were not fully verified, so they were not counted as mitigation.
    A7
    The Ethereum module has no additional L2 sequencer dependency beyond Ethereum itself. The Gnosis module is on Gnosis/xDai rather than an L2 sequencer system; no separate sequencer or DA committee dependency was identified from the allowed sources.
    A8
    Liquidations are an external liveness dependency in the normal Aave-style sense: the ChainSecurity deployment report observed regular pool operations including liquidationCall, and if permissionless liquidators disappear, bad debt can accumulate, but no privileged keeper-only liquidation bot was identified.
    A9
    The external dependency surface is governance-mutable: AaveOracle exposes setAssetSources and setFallbackOracle to asset-listing or pool admins, and the address provider/config-engine interfaces expose price-oracle and price-feed update paths. This is specifically oracle/source mutability, not merely generic proxy upgradeability; the allowed sources did not verify a >=7-day exit window for users before oracle-source changes.
    Why is this consensus tentative?
    • weak consensus margin
    • only 0/2 sources have a public chat share link
    • total support weight 0.02 below confidence floor (1.5)

    A fresh independent run can strengthen (or overturn) the verdict.

    Run your own prompt Submit run ↗
    Sources gpt-5.5 no url gemini-3-flash-preview no url View raw submissions ↗
  5. Open Access 2/3 models submitted
    Core SparkLend actions are open onchain; official frontend restrictions found were passive legal terms
    Tentative grades
    • gpt-5.5 green
    • gemini-3-flash-preview orange

    No quorum yet — verdict and steelman hidden until ≥3 models agree.

    Evidence (15)
    A1
    The deployed Ethereum Pool implementation exposes supply, supplyWithPermit, withdraw, borrow, repay, repayWithPermit, repayWithATokens, collateral, liquidation, and flash-loan functions as public/external user actions without whitelist/KYC modifiers; bridge/admin/configurator powers are separate privileged functions. Searches of the verified source found no onlyWhitelisted, onlyRole, allowlist, isAccredited, or isKYCed matches.
    A2
    Core admission is enforced by onchain protocol state, not off-chain operator approval: supply checks reserve status and caps, withdraw checks reserve status and balance, borrow checks reserve status, collateralization, caps, and a global priceOracleSentinel isBorrowAllowed hook if configured.
    A3-passive
    The official Terms contain passive eligibility and sanctions language, including the clause "not be an individual or entity subject to national or international sanctions", and reserve discretion to limit site access based on factors such as address, IP, or location.
    A3-active
    I found no fetched evidence of an active runtime block: no quoted live rejection banner, HTTP 451 observation, KYC wall, or named Chainalysis/TRM/Elliptic integration was observed in the fetched app/site/terms sources, so no A3-active restriction is asserted.
    A3b
    The protocol's own Terms document direct non-site access through block explorers, nodes, and user-signed wallet transactions; the official spark-interface IPFS path is an official redistribution, while cp0x's separate permissionless Spark interface is an independently operated alternative path.
    A4
    No onchain OFAC, sanctions, blacklist, blocklist, or Chainalysis-style address-screening check was found in the deployed Pool source; the sanctions signal found is off-chain Terms language.
    A5
    Read access is public through Pool view getters, and write access to core user functions is public subject to balance, collateral, cap, pause/freeze, and reserve-state checks; Etherscan shows live Supply, Withdraw, Borrow, and Repay calls against the Pool proxy.
    A6
    The official legal link is https://spark.fi/terms-of-use and contains the sanctions/eligibility quote recorded under A3-passive.
    A1
    The core Pool.sol contract, forked from Aave V3, contains no whitelist or allowlist modifiers on user-facing entry points such as supply(), borrow(), or withdraw().
    A2
    Admission to the protocol is unconditional at the contract level; no off-chain operator, keeper, or sequencer approval is required to admit a user's deposit or borrow transaction.
    A3-active
    The official frontend at app.spark.fi actively enforces IP-based geo-blocking, specifically targeting users in the United States and other restricted jurisdictions with a blocking overlay.
    A3b-ii
    Independent access paths exist, most notably the cp0x pi-spark-fi-interface (spark.cp0x.com), which is an open-source, community-operated frontend not bound by the official Spark ToS.
    A4
    No evidence of on-chain sanctions enforcement (e.g., Chainalysis oracle integration) was found in the core Pool or ValidationLogic contracts.
    A5
    The protocol maintains permissionless read access to all state variables and permissionless write access for all standard lending/borrowing functions at the contract level.
    A6
    The Terms of Service explicitly state: 'Access to the Interface is not available to any person or entity that is located in, or is a citizen or resident of, the United States of America...'
    Why is this slice uncertain?
    • only 2 of 3 model submissions on record — quorum requires ≥3 agreeing models
    • submitted models do not yet agree on a single grade

    A fresh independent run can establish (or overturn) a verdict.

    Run your own prompt Submit run ↗
    Sources gpt-5.5 no url gemini-3-flash-preview no url View raw submissions ↗

Stage

Preview of the Phase-3 maturity framework. DeFiPunk'd will adopt DeFiScan v2's stages verbatim; the section is rendered below in its intended shape so the structure is visible today.

SparkLend has not yet been assessed under the DeFiScan v2 stage framework.
The walkaway test is the central criterion. Once stages land, protocols reach Stage 1 only if users can exit in the presence of malicious operators even when the emergency council disappears.
Scope of assessment
Stages are assessed per-protocol against DeFiScan v2's criteria: governance structure, upgradeability path, timelock durations, emergency-council scope, and the walkaway test. The analysis depends on onchain discovery (roles, owners, timelocks) and deeper review of deployed contracts — neither of which DeFiPunk'd automates at Phase 0.
Stage 0 requirements pending
Governance is largely off-chain, contracts are upgradeable with short or no timelock, and the protocol depends on a multisig or team with full discretion. At Phase 0 DeFiPunk'd does not automatically evaluate these; the assessment lands with crawler-based onchain discovery.
Stage 1 requirements pending
Users can exit or opt out on their own terms even if the team disappears. Upgrades run through a meaningful timelock with an emergency security council clearly scoped. The walkaway test is the headline criterion.
Stage 2 requirements pending
Protocol is fully permissionless and immutable, or upgrades require a supermajority of token holders with a long timelock and no emergency override. This is the terminal stage of the DeFiScan v2 framework.
Learn more about DeFiScan v2 stages →
Stages are an opinionated assessment of maturity, not a rating of security or safety. A protocol can sit at Stage 2 and still carry substantial technical or economic risk; the framework exists to incentivize decentralization, not to rank protocols.

Contract surface

Every contract in scope for this protocol — pooled from DeFiLlama's TVL adapter (mechanical) and DEFI@home discovery submissions (LLM-curated). Verified-source flags come from Etherscan + Sourcify; owner / multisig metadata is read on-chain when available. Reviewer audit context, not a slice score. A lending protocol's adapter set will list third-party collateral tokens alongside its own contracts; attribution is the grader's job.

  • 15addresses
  • 0verified source
  • 0proxies

TVL adapter pinned at 683d369. Sourcecode fetched 2026-05-06. Control fetched 2026-05-14.

Ethereumfreezer/security multisig (emergency pause authority)0x44ef…eec3discoverymultisig
EthereumFreezerMom authority0x929d…a6f9discovery
EthereumFreezerMom owner0x3300…f8c4discovery
Ethereummultisig signer (freezer multisig member)0x3126…0cc8discoverymultisig
Ethereummultisig signer (freezer multisig member)0x52a8…e12ediscoverymultisig
Ethereummultisig signer (freezer multisig member)0x8541…0e68discoverymultisig
Ethereummultisig signer (freezer multisig member)0x8a71…0742discoverymultisig
Ethereummultisig signer (freezer multisig member)0xcff2…f656discoverymultisig
Ethereumpool0xc13e…e987discovery
Ethereumpool (implementation)0x5ae3…0e1bdiscovery
Ethereumpool configurator0x542d…0738discovery
EthereumPoolAddressesProvider0x02c3…93eediscovery
EthereumSpark Proxy (pool admin)0x1bb9…f0dcdiscovery
EthereumSpark Risk Council (emergency admin)0x7274…953bdiscoveryguardian
EthereumSparkLendFreezerMom (pause/freeze helper)0x237e…e7a3discovery

Protocol Info

Links

[defillama] Source: DeFiLlama [:] Source: DEFI@home quorum
Website
https://app.spark.fi/points/KNQ5HD
Twitter
@sparkdotfi
GitHub
4 repositories
Docs
https://docs.spark.fi/
Governance forum
https://forum.makerdao.com/c/spark/
DefiScan
DefiScan · Stage 0

Security

[:] Source: DEFI@home quorum
Audits
17 audits
Bug bounty
https://immunefi.com/bug-bounty/sparklend/information/
Security contact
https://github.com/marsfoundation/spark-protocol/blob/main/SECURITY.md

Technical

[:] Source: DEFI@home quorum
Voting token
MKR Ethereum: 0x9f8F72aA9304c8B593d555F12eF6589cC3A579A2
Deployed contracts
https://docs.spark.fi/dev/deployments/
Upgradeability
Upgradeable

Provenance

[defillama] Source: DeFiLlama
Review status
listed
Updated
2026-06-01 11:27 UTC