MakerDAO

MakerDAO Spark ALM Init Script Audit

Cantina Security Report

Organization

@makerdao

Engagement Type

Cantina Reviews

Period

-


Initialization and Governance Logic Review of Spark ALM

MakerDAO deployed the Spark ALM Controller to manage liquidity, governance, and rate limits across its stablecoin ecosystem. This deployment relies on multi-chain coordination, proxy-controlled access, and domain-specific token bridges. A robust initialization process is critical to ensure correct administrative roles and validator integrity across components like the MainnetController and ForeignController.

To validate this infrastructure, MakerDAO engaged Cantina for a security audits review focused on the controller initialization logic. The audit examined role revocation, PSM token validation, admin consistency, and error handling across CCTP domain assignments, ensuring the system boots safely and avoids silent setup failures.

Cantina also supports stablecoin liquidity infrastructure with layered defenses like bug bounty programs, crowdsourced security competitions, and multisig security, helping MakerDAO deliver secure cross-domain deployments.


Findings

Informational

5 findings

4 fixed

1 acknowledged