defirisk.co
rubric v1.7.0

Bridge rate-limiter / chain-pause as positive mitigant

PancakeSwap's assessment for RD-F-185 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No automated rate-limiter on core AMM. BCE/USDT pool was manually paused by developers post-exploit (not automated). LayerZero OFT CAKE bridge does not have a documented per-window rate-limiter. BSC chain-level pause exists via validator set but is not a protocol-specific mechanism. Manual pause capability exists but is not a formal rate-limiter.

Sources #

  • URL
    PancakeSwap BCE/USDT ExploitBCE/USDT exploit — pool paused manually by team post-incidentretrieved 2026-04-28
  • Docs
    PancakeSwap GovernancePancakeSwap governance docs — team emergency intervention rights (manual, not automated)retrieved 2026-04-28

Methodology #

Determine whether the bridge implements a per-window outflow rate-limiter (and at what cap), and whether the protocol team can trigger a chain-level or validator-set emergency pause.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pancakeswap factor RD-F-185 score yellow collected_at 2026-04-28 19:10:57