defirisk.co
rubric v1.7.0

Bridge ecrecover checks result ≠ address(0)

PancakeSwap's assessment for RD-F-151 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ N/A-pattern] LayerZero V1 does NOT use ecrecover for message verification. V1 security model is block-header oracle + tx-proof relayer. No ECDSA signature over cross-chain messages in this architecture. TrustedRemote uses keccak256 comparison for source contract verification. F151 (Wormhole-class ECDSA zero-address check) is structurally inapplicable.

Sources #

  • Etherscan
    CakeProxyOFT — source codeCakeProxyOFT receive path: keccak256(_srcAddress) == keccak256(trustedRemote) — no ecrecover in receive pathretrieved 2026-04-28

Methodology #

Determine whether the bridge verifier code rejects `ecrecover` returns of `address(0)`.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pancakeswap factor RD-F-151 score not_applicable collected_at 2026-04-28 19:10:57