PancakeSwap

About

PancakeSwap is a multi-chain decentralized exchange (DEX) operating across ten chains including BNB Chain, Ethereum, Solana, Base, Arbitrum, Aptos, ZKsync, opBNB, Linear, and Monad, offering spot swapping, cross-chain bridging, perpetual trading (up to 1001x leverage), and fiat on-ramp. Beyond trading, it provides yield-generation products such as concentrated-liquidity V3 pools and V2 liquidity pools, yield farms (staking LP tokens for CAKE rewards), Syrup Pools (staking CAKE for partner-project tokens), Prediction markets, a Lottery, and a token launchpad (CAKE.PAD). The platform is powered by the native CAKE token, which has a governance-voted hard cap and deflationary mechanics driven by buy-back-and-burn from multiple product fee streams.

Where Does Yield Come From?

Yield on PancakeSwap comes from several different products. Here's how each one works.

1. Trading Fees (Liquidity Pools)

When people swap tokens on PancakeSwap, they pay a small fee. That fee is shared with users who deposited tokens into liquidity pools — pools of tokens that make the trades possible.

V3 Pools (advanced, more flexible): You choose a price range and a fee tier. You earn fees only while the trading price stays inside your chosen range. If the price moves outside it, you stop earning until you adjust.

On EVM chains (like BNB Chain, Ethereum, Arbitrum):
- 67–68% of each swap fee goes to liquidity providers (in-range)
- 15–23% is burned (permanently removed, shrinking CAKE supply)
- 9–18% goes to the protocol treasury
On Solana:
- 84% to liquidity providers
- 8% burned
- 8% to treasury

V2 Pools (simpler, fixed): A flat 0.25% fee on every swap.

0.17% (68%) goes to all liquidity providers (proportional to their share)
The rest funds CAKE burns and the treasury

2. Yield Farms

Users who provide liquidity and receive LP tokens (receipts showing their share of the pool) can stake those tokens in a farm. This earns them extra CAKE token rewards on top of the trading fees they already collect.

Each farm has a multiplier that decides how much of the total CAKE emissions it receives. The farm's total yield comes from two parts:

Farm Base Reward APR — CAKE rewards from the farm, weighted by multiplier and how much liquidity is staked
LP Reward APR — the ongoing trading fees from the underlying pool

3. Syrup Pools (Staking CAKE)

Instead of earning more CAKE, you stake CAKE to earn free tokens from partner projects. Those projects deposit their own tokens into the pool, and CAKE stakers get a proportional share paid out weekly. No new CAKE is created here — the yield comes entirely from third parties.

4. Perpetual Trading

PancakeSwap offers high-leverage trading (up to 1001x) on assets like Bitcoin and Ethereum, built with a partner called Aster. 20% of all profits made from these trades go toward buying back and burning CAKE.

5. Prediction Markets

Users predict whether the price of BNB, BTC, or ETH will go up or down in 5-minute rounds. 3% of each round's total prize pot is taken as a protocol fee and burned (removing CAKE from circulation).

6. Lottery

Users buy tickets for a chance to win CAKE prizes. 20% of all CAKE played in the lottery is burned.

7. CAKE.PAD (Token Launchpad)

New projects launch their tokens through CAKE.PAD. 100% of all fees collected from these launches go toward buying back and burning CAKE.

8. How CAKE Supply Shrinks Over Time

CAKE has a hard cap of 400 million tokens, approved by community governance. The goal is an annual deflation rate of about 4% and a total supply reduction of around 20% by 2030.

New CAKE is still emitted carefully — mainly to multichain farms, lottery incentives, and ecosystem growth. But those new tokens are offset by burns from trading fees, perpetual trading profits, CAKE.PAD fees, predictions, and the lottery. The overall effect is designed to reduce the circulating supply over time.

Persons

Chef Kids
Head Chef
Chef Miso
Product
Chef Maroon
BD Lead
Chef Doxie
Business Development
Chef Madeline
Business Development
Chef Leo
Business Development
Chef Mustard
Ops
Chef Pau
Ops
Chef Cyrus
Data
Chef Jackson
Dev Lead
Chef Ryan
Frontend Dev Lead
Chef Eric
Frontend Dev
Chef Jerry
Frontend Dev
Chef Philip
Frontend Dev
Chef Penguin
Frontend Dev
Chef Taco
Backend Dev Lead
Chef Sanji
Backend Dev
Chef Curry
Backend Dev
Chef Kiwi
Backend Dev
Chef Bob
Backend Dev
Chef Toast
Backend Dev
Chef Snoopy
Smart Contract Dev Lead
Chef Omelette
Smart Contract Dev
Chef Shiba
Smart Contract Dev
Chef Carb
Smart Contract Dev
Chef Ramen
Smart Contract Dev
Chef Ruby
QA
Chef Liam
QA
Chef Rei
Security
Chef Salade
Design Lead
Chef Cecy
3D Artist
Chef Waffles
Designer
Chef Noodles
Brand / Motion Designer
Chef Cola
HR
Chef Cocoa
Marketing Lead
Chef Pixie
Product Marketing Manager
Chef Marcus
Social Media
Chef Boba
Community
Chef Croissant
Events and PR

Audits

Audit / Date	Findings	Verdict
BlockSec27-11-2023	Critical0 High3 Medium0 Low3 Info0	All identified vulnerabilities were remediated in follow-up versions (High and Low risks fixed in Versions 2 and 3), and the centralization risk is acknowledged with a planned multisig control, reflecting a thorough and responsive audit process.
PeckShield01-04-2023	Critical0 High0 Medium2 Low0 Info0	The audit found no critical or high-severity issues; both medium-severity findings were promptly confirmed, with one fixed and the other acknowledged by the team, indicating a generally well-designed codebase with residual governance risk from privileged admin keys.
SlowMist16-03-2023 - 22-03-2023	Critical0 High0 Medium1 Low1 Info1	The audit identified only one medium and one low finding plus a suggestion, all acknowledged and addressed by the project team, with no critical or high-risk vulnerabilities, indicating a solid security posture for the PancakeSwap V3 Phase2 contracts before mainnet deployment.
PeckShield28-03-2023	Critical0 High0 Medium1 Low0 Info3	The audit found no critical or high-severity vulnerabilities, with only one medium-severity issue (admin key centralization risk, acknowledged by the team) and three informational recommendations that were all promptly fixed, indicating the PancakeSwap V3 codebase is well-structured and reasonably secure for deployment.
SlowMist07-03-2023 - 13-03-2023	Critical0 High0 Medium1 Low0 Info4	The audit found one medium-risk vulnerability (excessive authority) which the team fixed by committing to multisig control, and four suggestions that were either fixed or acknowledged; since the code had not been deployed to mainnet at audit time, no live funds were at risk.
SlowMist Security Team19-09-2022 - 23-09-2022	Critical0 High1 Medium1 Low4 Info0	The audit found one high and one medium severity vulnerability alongside several lower-risk issues; all critical-path risks were remediated except a low-risk finding and a minor suggestion that the project team acknowledged and chose not to fix. The contracts' non-deployment status mitigated any immediate on-chain risk.
PeckShield28-09-2022	Critical0 High0 Medium1 Low1 Info1	The codebase is well-structured with no critical or high-severity issues; the single medium-severity finding (admin key trust) was confirmed but not yet mitigated in the reviewed commit, so residual governance risk remains if the admin role is not transitioned to a multi-sig or timelock-controlled account before mainnet deployment.
BlockSec28-09-2022	Critical0 High0 Medium1 Low3 Info0	The single medium-severity vulnerability (double deposit/withdrawal in fallback via front-running) was fixed, while the three low-severity items were acknowledged as design trade-offs, reflecting a reasonable security posture for the cross-farming system.
SlowMist22-08-2022 - 25-08-2022	Critical0 High0 Medium0 Low0 Info1	The audit found only one minor suggestion (missing event records) which was fixed, and no exploitable vulnerabilities were identified; the contract passed the audit with a clean security result, though it had not yet been deployed to mainnet.
PeckShield30-07-2022	Critical0 High0 Medium2 Low1 Info0	The report found no critical or high-severity vulnerabilities; the two medium issues and one low issue were either fixed before final deployment or acknowledged with a planned mitigation (timelock + multisig), indicating the codebase was well-organized and the identified risks were responsibly addressed.
PeckShield19-04-2022	Critical0 High0 Medium1 Low2 Info1	The PeckShield audit found 1 medium-severity issue (admin key trust), 2 low-severity issues (open pool initialization and reentrancy pattern violations), and 1 informational finding, all of which were either resolved or confirmed with acknowledged mitigations, resulting in a generally well-designed CakePool contract with manageable residual risk.
SlowMist28-03-2022 - 01-04-2022	Critical0 High0 Medium1 Low0 Info0	The audit found only one medium-risk issue and one suggestion, both of which were fixed before deployment, and the contract was not yet live on mainnet, indicating a clean bill of health for the CakePool contract.
PeckShield23-03-2022	Critical0 High0 Medium2 Low2 Info0	The audit found no critical or high-severity issues; the 2 medium and 2 low findings have been either fixed or acknowledged with mitigation plans (timelock, multi-sig), indicating the MasterChefV2 contract is well-designed and safe for deployment with proper operational controls.
SlowMist11-03-2022 - 17-03-2022	Critical0 High0 Medium1 Low1 Info1	The audit identified one medium and one low severity vulnerability, both of which were fixed, while the sole suggestion was acknowledged and ignored by design; with all findings addressed before mainnet deployment, the MasterChef v2 contract presents a reasonable security posture.
PeckShield20-08-2021	Critical0 High0 Medium0 Low1 Info2	The audit found no critical, high, or medium severity issues; the single low-severity admin-key trust concern was acknowledged and mitigated via multi-sig governance, while two informational gas/code-cleanup improvements were promptly fixed, making the protocol safe for deployment with the recommended controls in place.
PeckShield07-07-2021	Critical0 High0 Medium1 Low3 Info0	The audit found no critical or high severity vulnerabilities; the single medium-severity admin key trust issue was mitigated by a planned multi-sig setup, and all three low-severity issues were resolved or acknowledged, indicating a well-engineered codebase with manageable residual risks.
SlowMist16-06-2021 - 24-06-2021	Critical0 High0 Medium0 Low1 Info0	The audit identified only one low-severity finding, which was fixed, and the overall result was "Passed," indicating that the PancakeSwap Lottery contracts had no material security issues at the time of review.
SlowMist06-05-2021 - 12-05-2021	Critical0 High0 Medium0 Low0 Info1	The audit found no critical, high, medium, or low severity vulnerabilities; only a single gas-efficiency suggestion (missing pair existence check in removeLiquidity functions) was identified and confirmed by the PancakeSwap team, indicating the core contract logic was secure at the time of the audit.
OtterSec05-12-2022 - 12-12-2022	Critical0 High0 Medium0 Low0 Info2	The audit found no vulnerabilities with immediate security impact; the two informational suggestions (token supply limits and centralization risk awareness) were minor best-practice recommendations that the responsive PancakeSwap team could address at their discretion.
Zellic14-11-2022 - 17-11-2022	Critical0 High3 Medium0 Low0 Info1	The audit uncovered no critical vulnerabilities, and all three high-impact findings were remediated before or shortly after the assessment; the codebase was well-organized with reasonable test coverage, and the fixes addressed the identified risks adequately.
Halborn14-11-2022 - 02-12-2022	Critical1 High1 Medium0 Low4 Info3	The two most severe issues (critical wallet lock and high-risk transaction invalidation) were fixed by PancakeSwap, while the remaining low and informational items were either accepted with operational mitigations or acknowledged, indicating that the in-scope contracts were deployed with the core vulnerabilities resolved.
SlowMist10-10-2022 - 19-10-2022	Critical0 High0 Medium1 Low2 Info0	The audit reveals a manageable risk profile with one medium-severity excessive-authority finding addressed by the team's multi-signature and timelock setup, and all other findings fixed or pending confirmation; the code had not yet been deployed to mainnet, providing an opportunity to resolve all remaining items before launch.
OtterSec10-10-2022 - 24-10-2022	Critical0 High0 Medium0 Low1 Info5	The audit identified only one low-severity vulnerability (already resolved) and five code-quality suggestions, with no critical, high, or medium issues found, indicating that PancakeSwap's swap core logic was sound at the time of review.
Hexens01-07-2024 - 31-10-2024	Critical1 High1 Medium2 Low18 Info0	The Hexens audit identified one critical share-manipulation vulnerability and one high-severity double-spend vector, both of which were remediated, along with a range of medium and low issues addressed or acknowledged across three iterative review cycles, resulting in a materially improved security posture for PancakeSwap Infinity.
OtterSec08-07-2024 - 29-08-2024	Critical0 High2 Medium1 Low0 Info4	The audit found two high-severity issues (rounding manipulation and token-sync double-spend) that were both patched, leaving the core protocol in a remediated state for launch.
Zellic09-07-2024 - 21-08-2024	Critical0 High1 Medium1 Low2 Info0	The audit uncovered no critical vulnerabilities, and both the high-severity and medium-severity issues were addressed by PancakeSwap during the assessment period, reflecting a responsive development process. The residual low-severity items and discussion topics represent design-level considerations rather than exploitable threats at the core contract layer.
Hexens—	Critical1 High0 Medium1 Low1 Info4	The audit uncovered a critical slippage-check flaw that could have enabled direct asset theft via sandwich attacks, along with several lower-severity issues; all findings were remediated and validated by Hexens, making the overall security posture sound for deployment.
OtterSec (Otter Audits LLC)08-07-2024 - 29-08-2024	Critical0 High2 Medium1 Low0 Info4	The audit uncovered two high-severity and one medium-severity vulnerabilities, all of which were patched before the report was finalized, along with four informational improvements. The protocol's critical attack surfaces—rounding manipulation in BinPool and dual native/ERC20 token representation exploits—have been addressed, leaving residual design recommendations for ongoing hardening.
Zellic09-07-2024 - 21-08-2024	Critical0 High0 Medium0 Low2 Info0	The assessment found only two low-severity issues, both acknowledged and remediated by PancakeSwap, indicating no critical or high-risk vulnerabilities in the reviewed code at the time of the engagement.

Backers

No information about institutional investors, venture capital backers, or formal fundraising rounds was found on any official PancakeSwap source (website, documentation, blog, about/team pages, or tokenomics). PancakeSwap launched as a community-driven DEX on BNB Chain and does not appear to have raised venture capital funding. The project is operated by an anonymous team ("The Chefs") and governed by its CAKE token holders.

Legal

Legal form

Not disclosed on any official source

Registration jurisdiction

Not disclosed; Terms of Service specify Hong Kong law and Hong Kong International Arbitration Centre for dispute resolution, but no registration jurisdiction for an operating entity is stated.

Status and notes

PancakeSwap is a community-driven DEX operated by an anonymous team ("The Chefs") with no disclosed legal entity name. Terms of Service (last modified Feb 28, 2023) at pancakeswap.finance/terms-of-service govern use of the website, specifying Hong Kong governing law and arbitration via HKIAC. No imprint, legal notice, or privacy policy page was found on the official website. Dispute contact email: [email protected].