ecrecover zero-address return unchecked

Lombard Finance's assessment for RD-F-019 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GitHub search for 'ecrecover' in evm-smart-contracts returns 0 results — no direct ecrecover calls in the codebase. Consortium.sol uses OpenZeppelin ECDSA.tryRecover() which handles zero-address returns internally and is a safe wrapper. BridgeV2.sol uses no ecrecover. No raw ecrecover call exists to create a zero-address bypass risk.

Sources #

GitHub
Consortium.sol signature verificationConsortium.sol uses ECDSA.tryRecover() (safe OZ wrapper)retrieved 2026-05-05
GitHub
GitHub codebase search for ecrecoverGitHub search for ecrecover in evm-smart-contracts: 0 resultsretrieved 2026-05-05

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-019 score green collected_at 2026-05-05 12:03:08