★ Admin has mint() with unlimited max

OpenEden's assessment for RD-F-042 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

USDO token mint(address to, uint256 amount) requires MINTER_ROLE; no supply cap enforced (implementation source confirms no maxSupply or cap() function). USDO unlimited mint for MINTER_ROLE holder with no timelock gating. TBILL vault V5 removed the admin mintTo() function (commit 47a77ab) — TBILL minting is now demand-driven via deposit flow, not directly admin-mintable. USDO unlimited MINTER_ROLE mint is the critical risk. [★ CRITICAL]

Sources #

Etherscan
USDO implementation — unlimited MINTER_ROLE mintUSDO implementation 0x87e3Ba92: mint(address to, uint256 amount) with MINTER_ROLE; no maxSupply or cap() function in sourceretrieved 2026-05-16
GitHub
Vault V5 commit — mintTo removedCommit 47a77ab: removed mintTo() and burnFrom() from vault V5 — confirms TBILL no longer has admin-direct mint pathretrieved 2026-05-16

Methodology #

Determine whether an admin-callable `mint` on a protocol token has no supply cap or an unlimited maximum supply.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol openeden factor RD-F-042 score red collected_at 2026-05-16 10:11:45