defirisk.co
rubric v1.7.0

Admin has mint() with unlimited max

Hyperlane's assessment for RD-F-042 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

U18 PARTIALLY RESOLVED. HYPER token implementation (0x6eA7A6aE...) has mint(address,uint256) callable by MINTER_ROLE with no supply cap. The HYPER token's DEFAULT_ADMIN_ROLE was transferred from deployer EOA to an OZ AccessManager contract (0x3D079E977d644c914a344Dcb5Ba54dB243Cc4863). The AccessManager has a TimelockController (0xfA842f02439Af6d91d7D44525956F9E5e00e339f) as its admin (roleId=0) and two Safe-type contracts as role holders with 7-day and 30-day execution delays (0xec2EdC01a2Fbade68dBcc80947F43a5B408cC3A0 = Safe 1.4.1; 0xE8055e2763DcbA5a88B1278514312d7C04f0473D = Safe 1.4.1). The deployer EOA renounced DEFAULT_ADMIN_ROLE on the HYPER token on 2025-04-19. The minting authorization chain is: MINTER_ROLE on token → governed by AccessManager → admin is a TimelockController → proposers are Safes with multi-day delays. This is sophisticated access-controlled architecture, not a bare-EOA minter. MINTER_ROLE holder at the contract level not individually confirmed (AccessManager m

Sources #

Methodology #

Determine whether an admin-callable `mint` on a protocol token has no supply cap or an unlimited maximum supply.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-042 score yellow collected_at 2026-05-16 23:03:56