MakerDAO

Spark ALM CCTP & Swap Logic Audit

Cantina Security Report

Organization

@makerdao

Engagement Type

Cantina Reviews

Period

-


CCTP and Swap Flow Logic Review of Spark ALM

MakerDAO built the Spark ALM Controller to manage cross-chain stablecoin flows using CCTP and rate-limited transfer systems. This includes USDC transfers, token swaps, and proxy execution logic, supporting the broader Maker ecosystem's goal of stable, automated liquidity operations across chains.

To reinforce safety in early-stage deployments, MakerDAO engaged Cantina for a security audits review of the Spark ALM codebase. The audit focused on controller rate limit granularity, function clarity in token swap parameters, and initialization consistency within the Mainnet and Foreign Controllers to ensure secure setup and avoid unintended execution paths.

Cantina also offers continued protection for MakerDAO’s liquidity and governance systems through bug bounty programs, crowdsourced security competitions, and multisig security, reinforcing secure capital flow across permissioned bridges and automated vault infrastructure.


Findings

Low Risk

1 findings

1 fixed

0 acknowledged

Informational

6 findings

5 fixed

1 acknowledged