★ Admin has mint() with unlimited max

mETH Protocol's assessment for RD-F-042 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

METH.sol forceMint(address account, uint256 amount, bool excludeBlockList) is callable by MINTER_ROLE holder with NO supply cap in the token contract. The maximumMETHSupply check is in Staking.sol's stake() path only — forceMint() bypasses it entirely. MINTER_ROLE holder could mint unbounded mETH. Identity of current MINTER_ROLE holder is not publicly confirmed from on-chain reads or docs. Scored yellow (not red) because MINTER_ROLE holder identity is unverified — if holder is a timelocked multisig, severity reduces; if an EOA, this becomes critical.

Sources #

GitHub
mETH Protocol METH.sol forceMint() function sourceMETH.sol source: forceMint() with onlyRole(MINTER_ROLE) — no maximumMETHSupply check. mint() only callable by stakingContract address, not forceMint(). No supply cap enforced in token contract.retrieved 2026-05-16
Etherscan
mETH Token Etherscan — MINTER_ROLE not publicly confirmedmETH token proxy 0xd5F7838... — MINTER_ROLE holder not determinable from Etherscan readProxyContract at assessment timeretrieved 2026-05-16

Methodology #

Determine whether an admin-callable `mint` on a protocol token has no supply cap or an unlimited maximum supply.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meth-protocol factor RD-F-042 score yellow collected_at 2026-05-16 02:17:50