★ Bridge ecrecover checks result ≠ address(0)

Sky Lending (formerly MakerDAO)'s assessment for RD-F-151 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

LayerZero v2 OFT uses DVN attestation at the endpoint level, not raw ecrecover in the application layer. The Wormhole-class ecrecover bug pattern does not directly apply. Cannot confirm endpoint-level verification without source inspection. Assessed yellow (not confirmed red; pattern structurally distinct).

Sources #

Curator note
LayerZero v2 OFT uses DVN attestation at the endpoint level, not raw ecrecover in the application layer. The Wormhole-class ecrecover bug pattern does not directly apply. Cannot confirm endpoint-levelretrieved 2026-04-27

Methodology #

Determine whether the bridge verifier code rejects `ecrecover` returns of `address(0)`.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sky-lending factor RD-F-151 score yellow collected_at 2026-04-28 00:43:18