defirisk.co
rubric v1.7.0

Bridge ecrecover checks result ≠ address(0)

A cross-chain & bridge factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Critical factor. A Red on this factor alone is sufficient to gate a protocol to grade D or F regardless of other category rollups.

Methodology how we score #

**What this measures** This factor checks whether a bridge verifier explicitly tests that does not return . In Solidity, returns the zero address for invalid ECDSA signatures rather than reverting; a verifier that omits this check treats any malformed signature as belonging to . This factor applies only to bridge-touching protocols; non-bridge protocols show this factor as N/A.

**Why it matters** If appears in a bridge guardian or signer set — as it did in Wormhole's original code — an attacker can forge a valid-looking signature for any message using malformed ECDSA inputs, enabling unbacked minting bounded only by destination liquidity. The Wormhole February 2022 exploit demonstrated how a single signer-set integrity flaw can threaten hundreds of millions in bridge TVL. Security auditors consistently flag a missing as high-severity precisely because the omission is visually unobtrusive: one missing line converts a cryptographically sound scheme into a no-authentication bypass.

**Green / Yellow / Red** Green is scored when the verifier explicitly asserts across all verification paths. Yellow is scored when the check exists but applies only to a subset of paths or is delegated to a library whose zero-address handling cannot be confirmed. Red is scored when no zero-address assertion is present in any signature verification path.

**Common gray cases** Gray is applied when the bridge verifier is closed-source or delegates to a third-party module whose implementation cannot be inspected.

**Notable historical examples** No cross-hacked incidents are currently linked in the database for this factor.

**★ Critical factor** This factor alone is sufficient to trigger a D or F grade under rubric v1.7.0. A missing check provides a direct path to arbitrary message forging and unbacked minting — one of the narrowest code-level omissions with the largest possible loss surface in bridge architecture.

Measurement what to look for #

Determine whether the bridge verifier code rejects `ecrecover` returns of `address(0)`.

Data & output #

Data source
Slither `ecrecover-malleable` detector + source inspection of bridge verifier on Etherscan-verified source
Output format
Green / Yellow / Red · critical gate active
Evidence artifact
Source excerpt of signature verification + `!= address(0)` check presence
Confidence signal
green = all ecrecover calls check for address(0); red = any ecrecover call does not check for address(0); gray = bridge source unverified

Scored protocols 80 carry this factor #

Protocol RD-F-151
Aave v3 ethereum green Across Protocol ethereum green Aerodrome Finance base not_applicable Axelar Network ethereum green Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum not_applicable Beefy Finance ethereum green BENQI avalanche not_applicable BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum not_applicable Centrifuge ethereum yellow Chainlink CCIP ethereum green Circle USYC binance not_applicable Compound V3 (Comet) ethereum green Concrete ethereum green Convex Finance ethereum not_applicable crvUSD (Curve Stablecoin) ethereum not_applicable Curve Finance ethereum not_applicable deBridge ethereum yellow Dolomite ethereum green dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum not_applicable Ethena ethereum gray ether.fi ethereum green Euler V2 ethereum not_applicable Falcon Finance ethereum not_applicable Fluid ethereum green Frax Finance ethereum yellow GMX v2 (GMX Synthetics) arbitrum not_applicable Hyperlane ethereum green Hyperliquid arbitrum green Jito solana green Jupiter solana not_applicable Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana not_applicable Kinetiq hyperliquid not_applicable Lido ethereum yellow Liquid Collective (LsETH) ethereum not_applicable Liquity V1 + V2 (LUSD / BOLD) ethereum not_applicable Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum yellow Maple Finance ethereum yellow Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum green Midas ethereum not_assessed Morpho V1 (Morpho Blue + MetaMorpho) ethereum not_applicable Multipli ethereum gray Ondo Finance ethereum green OpenEden ethereum not_applicable Orca solana not_applicable PancakeSwap bsc not_applicable Pendle Finance ethereum green Polymarket polygon not_applicable QuickSwap polygon not_applicable Raydium solana not_applicable Rocket Pool ethereum not_applicable Sanctum solana not_applicable Save (formerly Solend) solana not_applicable Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum green Spiko stellar not_applicable Stake DAO ethereum not_applicable StakeWise v3 ethereum not_applicable Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid not_applicable SUNSwap (sun.io) tron not_applicable Superstate ethereum not_applicable Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum not_applicable Symbiotic ethereum not_applicable Synapse Protocol ethereum green Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron not_applicable Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum green Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum not_applicable
0 red · 8 yellow · 22 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-151 category 10 carried 80 critical yes