ecrecover zero-address return unchecked

Uniswap (v2 + v3)'s assessment for RD-F-019 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V3: UniswapV3Pool.sol has no ecrecover calls in core pool. Permit2 implements ecrecover, audited by ABDK + Chainsecurity. V2: No ecrecover in core pair. No unchecked ecrecover return in core contracts. Green.

Detail #

Source inspection of UniswapV3Pool.sol confirms no ecrecover usage. The core AMM contracts for both V2 and V3 do not perform signature verification — that functionality is isolated to periphery contracts (Permit2, NonfungiblePositionManager). Permit2 was specifically audited by ABDK and Chainsecurity for signature verification correctness.

Sources #

GitHub
Permit2 audits directory — ABDK + ChainsecurityPermit2 audits (ABDK + Chainsecurity)retrieved 2026-04-29
GitHub
UniswapV3Pool.sol source — no ecrecover callsUniswapV3Pool.sol — no ecrecoverretrieved 2026-05-12

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-019 score green collected_at 2026-05-12 10:36:11