★ Admin has mint() with unlimited max
A governance & admin factor in the v1.7.0 rubric. Measured per protocol on a s cadence.
Methodology how we score #
**What this measures** This factor identifies whether a protocol's admin role holds the ability to call a mint() function on the protocol's token with no enforced supply cap — meaning the admin can issue an arbitrary quantity of tokens at will. Static analysis of the token contract determines whether a mint function exists with admin or owner access control and no explicit maximum supply check. The critical condition is not the existence of mint itself but the absence of any on-chain ceiling on the quantity that can be minted in a single administrative transaction.
**Why it matters** Unlimited admin mint is a structural rug-pull vector that bypasses all smart contract code quality safeguards. An attacker who gains admin credentials — through key compromise, insider action, or a governance takeover — can immediately mint tokens in unlimited quantities, sell them into available liquidity pools, and drain collateral or liquidity from the protocol without triggering any code-level protection. The T-01 dataset documents approximately eight in-sample hacks linked to this pattern. Several Solana protocol exploits (Gala Games, $21.8M in 2024) proceeded via unauthorized exercise of an admin mint function after key compromise. The pattern is particularly dangerous in protocols where the minted token is also accepted as collateral or provides governance voting power, as the attacker can simultaneously drain liquidity and claim governance control.
**Green / Yellow / Red** Green is assigned when no admin-callable mint function exists on live token contracts, or when mint is subject to a hard-coded supply cap enforced on-chain with no admin override. Yellow covers cases where mint is gated behind a timelock of at least 24 hours, or where the supply cap can only be increased via governance with a meaningful quorum requirement. Red is assigned when an admin or owner role can call mint() with no supply ceiling, no timelock, and no additional social check — including cases where the cap is stored in an admin-modifiable state variable.
**Common gray cases** This factor is grayed when the token contract source is unverified and bytecode-level analysis is inconclusive, or when the protocol uses a complex multi-token architecture where mint authority is distributed across non-obvious contract relationships.
**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.
**★ Critical factor** This factor alone is sufficient to trigger a D or F grade under rubric v1.7.0 — a single red assessment here overrides all other category scores. Unlimited admin mint is a latent total-loss vector: any key compromise event converts it into an instantaneous and irreversible dilution or drain of all user positions.
Measurement what to look for #
Determine whether an admin-callable `mint` on a protocol token has no supply cap or an unlimited maximum supply.