★ Admin has mint() with unlimited max
Lista DAO's assessment for RD-F-042 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
lisUSD (hay.sol) enforces a supplyCap in mint(). Cap exists and is enforced. However, setSupplyCap() is callable by MANAGER role (auth modifier) without timelock — admin can raise cap atomically then mint. Cap management not timelocked; functional cap is mutable instantly by authorized role.
Sources #
- GitHubLista DAO hay.sol mint cap and setSupplyCap — GitHubhay.sol: setSupplyCap(uint256 wad) public auth — no timelock guard; mint() checks totalSupply + wad <= supplyCapretrieved 2026-05-12
- Lista DAO lisUSD implementation analysis — BscScanlisUSD impl 0xF5bd9b19: LisUSD contract with MINTER/MANAGER/ADMIN roles; supplyCap enforcedretrieved 2026-05-12
Methodology #
Determine whether an admin-callable `mint` on a protocol token has no supply cap or an unlimited maximum supply.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol lista-dao factor RD-F-042 score yellow collected_at 2026-05-12 17:54:05