ecrecover zero-address return unchecked

BENQI's assessment for RD-F-019 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No ecrecover calls identified in the core Compound V2 qiToken lending contracts from source inspection. The base cToken/qiToken pattern does not include permit/signature-based flows. QI token governance functions may use permit but are not in the lending critical path reviewed. No ecrecover-related finding in any audit report.

Sources #

GitHub
BENQI Lending Contracts — no ecrecoverBENQI lending directory — no ecrecover calls in core contracts reviewed (QiToken.sol, QiErc20Delegate.sol, Comptroller.sol)retrieved 2026-05-16

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol benqi factor RD-F-019 score green collected_at 2026-05-16 11:02:12