★ Admin has mint() with unlimited max

PancakeSwap's assessment for RD-F-042 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

CAKE token mint() restricted to onlyOwner (MasterChef). MasterChef has no per-call mint cap at the contract level. Governance-level 400M hard cap (passed Jan 2026) is a social/governance constraint, not enforced in contract code. Contract-level mint authority is unlimited subject only to the governance cap. MasterChef owner is unconfirmed (likely team multisig) but holds effective CAKE inflation authority.

Sources #

Docs
CAKE TokenomicsPancakeSwap tokenomics docs — 400M hard capretrieved 2026-04-28
Governance
CAKE Supply Reduction ProposalForum — CAKE cap reduction to 400M (Jan 2026) — governance vote, not contract enforcementretrieved 2026-04-28
Etherscan
CAKE Token Contract — BscScanCAKE token source — mint() onlyOwner, no supply cap checkretrieved 2026-04-28

Methodology #

Determine whether an admin-callable `mint` on a protocol token has no supply cap or an unlimited maximum supply.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pancakeswap factor RD-F-042 score red collected_at 2026-04-28 19:10:57