★ Bridge ecrecover checks result ≠ address(0)

Lombard Finance's assessment for RD-F-151 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL — GREEN] BridgeV2/Mailbox path: Consortium.checkProof() calls ECDSA.tryRecover() (OpenZeppelin library). Error handling: 'if (err != ECDSA.RecoverError.NoError) continue'. OZ ECDSA.tryRecover internally handles address(0) via the RecoverError enum — returns RecoverError.InvalidSignature for zero-address recovery cases (not NoError), so the guard catches it. No raw ecrecover call found in Consortium.sol or Mailbox.sol. CCIP path: LombardTokenPool.sol delegates to Chainlink's CCIP infrastructure; no ecrecover in Lombard's own source. LayerZero path: paused — not in active use. No unguarded raw ecrecover found in any active bridge path. Wormhole-class vulnerability not present.

Sources #

GitHub
Lombard Consortium.sol sourceConsortium.sol — ECDSA.tryRecover with RecoverError guardretrieved 2026-05-05
GitHub
Lombard GMP Mailbox.sol sourceMailbox.sol — no raw ecrecoverretrieved 2026-05-05
GitHub
Lombard CCIP TokenPool adapter sourceTokenPool.sol — delegates ecrecover to Chainlink CCIP infrastructureretrieved 2026-05-05

Methodology #

Determine whether the bridge verifier code rejects `ecrecover` returns of `address(0)`.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-151 score green collected_at 2026-05-05 12:03:08