ecrecover zero-address return unchecked

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-019 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No ecrecover usage found in core v2/v3 AMM contracts (factory, swap path). UniswapV2Factory source (Etherscan verified) and UniswapV3Factory source contain no ecrecover calls. If ecrecover is used in peripheral contracts (MasterChef permit, governance), those are not assessed here. Peripheral contracts not in scope of current review. Scoring green for core AMM contracts.

Sources #

Etherscan
SushiV2Factory Etherscan sourceUniswapV2Factory 0xc0aEe478 source — no ecrecover call identifiedretrieved 2026-05-17
Etherscan
SushiV3Factory Etherscan sourceUniswapV3Factory 0xbaceb8ec source — no ecrecover call identifiedretrieved 2026-05-17

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-019 score green collected_at 2026-05-16 19:50:37