defirisk.co
rubric v1.7.0

ecrecover zero-address return unchecked

Midas's assessment for RD-F-019 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No ecrecover usage in the core mToken/vault architecture — the deposit/redemption flow uses role-based access control, not signature verification. No audit finding references ecrecover. Architecturally not applicable to this protocol type.

Sources #

  • GitHub
    Sherlock 2024-08 READMESherlock 2024-08 README — scope is access-control + vault + token with no sig-based authretrieved 2026-05-16

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-019 score not_applicable collected_at 2026-05-16 09:34:55