Summary
The most critical subjects covered in our audit are functional correctness, manipulation resiliency and the integration of the CapAutomator into the existing SparkLend protocol. A notable issue was identified in the original code where setting caps to zero is not restricted, leading to the potential bypass of the cooldown period and risks of lifting the cap (see Cap of 0 ignores increase cooldown).
After the intermediate report, all identified issues have been addressed or acknowledged.
The general subjects covered are optimizations and adherence to the specifications.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO Sparklend cap automator
SparkLends CapAutomator manages supply and borrow caps for assets in SparkLend. It allows anyone to trigger updates to these caps based on predetermined parameters, with the new cap values calculated using the current supply and a specified gap, subject to maximum limits and cooldown periods.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”