★ Admin has mint() with unlimited max

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-042 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

SUSHI token (0x6B3595...) has uncapped mint(address _to, uint256 _amount) function restricted to onlyOwner. Current owner is MasterChef contract (0xc2EdaD668740f1aA35E4D8f227fB8E17dcA888Cd). MasterChef has an owner (believed to be Ops Multisig or DevFund; not confirmed on-chain in this pass). No hard supply cap per docs: 'Although SUSHI lacks a hard cap.' Scored yellow: owner is a contract intermediary (MasterChef), adding one hop, but uncapped mint authority via admin chain remains a structural risk.

Sources #

URL
MasterChef LP Staking Pool — EtherscanWeb search: 'MasterChef contract is the SUSHI token owner and controls minting'retrieved 2026-05-17
Etherscan
SushiToken (SUSHI) — EtherscanSUSHI Token contract — mint(address _to, uint256 _amount) onlyOwner, no supply cap visibleretrieved 2026-05-17
Docs
Sushi Tokenomics Docsdocs.sushi.com/dao/tokenomics — 'Although SUSHI lacks a hard cap, its emission rate is subject to community governance'retrieved 2026-05-17

Methodology #

Determine whether an admin-callable `mint` on a protocol token has no supply cap or an unlimited maximum supply.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-042 score yellow collected_at 2026-05-16 19:50:37