ecrecover zero-address return unchecked

mETH Protocol's assessment for RD-F-019 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Source inspection of Staking.sol, Oracle.sol, OracleQuorumManager.sol found no ecrecover usage. OracleQuorumManager uses role-based access control (AccessControlEnumerable) not signature verification. METH.sol ERC20PermitUpgradeable delegates to OZ's battle-tested implementation which correctly checks ecrecover results.

Sources #

GitHub
OracleQuorumManager.sol — no ecrecover usageOracleQuorumManager.sol source — AccessControlEnumerable used, no ecrecover callsretrieved 2026-05-16

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meth-protocol factor RD-F-019 score green collected_at 2026-05-16 02:17:50