★ Admin has mint() with unlimited max

stHYPE (Valantis Labs)'s assessment for RD-F-042 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

mint(address to, uint256 amount) on stHYPE implementation restricted to MINTER_ROLE held by Safe and OverseerV1. No maxSupply or cap function confirmed in ABI. No timelock on mint. Safe can mint unbounded stHYPE via MINTER_ROLE. LST design does not inherently cap supply. [CRITICAL]

Sources #

Docs
stHYPE Roles and Controls Registrydocs.valantis.xyz/stakedhype/roles-and-controls-registry — MINTER_ROLE: held by Safe / OverseerV1retrieved 2026-05-17
URL
HyperEVMScan — stHYPE implementationhyperevmscan.io 0xe71cAF5c — ABI shows mint(address,uint256) with MINTER_ROLE restriction; no cap/maxSupply function in ABIretrieved 2026-05-17

Methodology #

Determine whether an admin-callable `mint` on a protocol token has no supply cap or an unlimited maximum supply.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol staked-hype factor RD-F-042 score red collected_at 2026-05-17 13:02:38