SpaceFi is the DeFi hub on zkSync Era with DEX+NFT+Spacebase+Launchpad, exploring the Layer2 ecosystem.

Risk Rating

High Risk
Assessment: 2024-03-25
Risk Assessment
Security History

Overall Score

  • Assessor
    Kop, Supergu
  • Assessment Date
Not yet undergone Underwriting review

The project showcases initial technical promise with its pre-launch testnet phase and the proven mechanics of Uniswap V2. However, significant concerns persist, primarily due to unverified smart contracts, insufficient documentation, and lack of internal testing, which obscure its security profile. Economically, while the absence of a native token minimizes one type of risk, the protocol's untested resilience in facing extreme market conditions raises doubts about its long-term stability. Operationally, the lack of transparency about the team and centralized governance further complicates trust and strategic clarity. Overall, these factors collectively tilt the assessment towards a cautious outlook.


Forked from Uniswap V2, leveraging a well-known and battle-tested AMM mechanism.
The absence of a native token eliminates risks associated with token market fluctuations.
Launched in October 2023, the protocol has yet to experience extreme market cycles or significant events, questioning its durability.
The lack of verified contracts makes it difficult to confirm if common attacks have been effectively mitigated.


Boasts a large and active community on Twitter and Discord, indicative of good user engagement and support.
Faces relatively low legal and regulatory risks, easing operational challenges.
The absence of disclosed information about the team and founders raises questions about accountability and leadership quality.
Governance remains centralized with no clear roadmap, potentially affecting long-term project evolution and stakeholder trust.


The version of contract was deployed a year ago and exhibits high levels of activity, suggesting robust user interaction.
Initially launched on testnet, allowing comprehensive testing prior to mainnet deployment, which enhances reliability.
The smart contract is not verified on ScrollScan, creating uncertainty about whether the deployed version matches the audited one.
Documentation on source code, architecture, and access control is poorly executed, hindering understanding and safe usage.