ecrecover zero-address return unchecked

Spiko's assessment for RD-F-019 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Token.sol inherits ERC20PermitUpgradeable from OZ v5.4.0. OZ ECDSA library in v5.x includes the address(0) check for ecrecover by construction. No direct ecrecover calls in Token.sol. OZ 5.x Permit implementation is well-audited.

Sources #

GitHub
spiko-tech/contracts package.jsonpackage.json OZ v5.4.0 dependencyretrieved 2026-05-16
GitHub
Spiko Token.sol ERC20PermitUpgradeableToken.sol imports ERC20PermitUpgradeable from OZ v5.4.0retrieved 2026-05-16

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol spiko factor RD-F-019 score green collected_at 2026-05-15 22:52:13