Possible backdoor using mint function in PancakeSwap (CAKE) contract?

I am learing about smart contracts and I tried to audit smart contract of the PancakeSwap (cake) token which is made on the binance smart chain which is just the copy of the etherium chain so erc-20 standards should apply.

I am wondering what is the meaning of this mint function which could only be called by the owner? To me it looks like backdoor for minting new tokens whenever owner of the contract want it. Can anybody explain meaning of this code to me?

Whole contract source code can be find here: https://bscscan.com/address/0x0e09fabb73bd3ade0a17ecc321fd13a19e81ce82#code

1 Like

Hey, I am not familiar with the BSC-Chain, so maybe you had better ask in their forum about this.

Yeah, you are right, the function mint can only be called by the owner, so if the owner is an Externally Owned Accounts(EOA), he can mint new tokens anytime, so you have got to believe in the owner that he would not do this.
But for this contract, you can see, the owner of the cake token is the masterchef contract, so I think the actual process should be when you stake some token in the masterchef contract, you will get cake token as the rewards, and when you want to claim these rewards, they just be minted by the masterchef contract and then transfer them to you.

2 Likes