Static-analyzer high-severity count

PancakeSwap's assessment for RD-F-010 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No published Slither/Mythril/Semgrep output for PancakeSwap deployed contracts found in public sources. Static tool run not performed in this assessment. V3 Pool source review confirms no user-controlled delegatecall, no selfdestruct, and lock-modifier reentrancy on core functions. Five+ years of live V2/V3 operation without core-AMM exploit and 6 audit firms finding no critical unresolved issues provides medium-confidence proxy signal. Yellow assigned due to lack of published tool output.

Sources #

GitHub
PancakeV3Pool.solV3 Pool source — lock modifier, no selfdestruct, no user-controlled delegatecallretrieved 2026-04-29
Etherscan
PancakeSwap V3 Factory BscScanBscScan V3 Factory verified sourceretrieved 2026-04-29

Methodology #

Count the number of unique high-severity detector findings from Slither + Mythril + Semgrep run against the deployed verified source (after deduplication across tools).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pancakeswap factor RD-F-010 score yellow collected_at 2026-04-28 19:10:57