ecrecover zero-address return unchecked

Veda (BoringVault)'s assessment for RD-F-019 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

LayerZeroTeller.sol uses LayerZero OApp messaging, not ECDSA ecrecover directly. BoringVault.sol uses Solmate ERC20 permit() which implements the standard EIP-2612 ecrecover with address(0) guard (Solmate's confirmed implementation pattern). No unguarded ecrecover calls identified in reviewed source files.

Sources #

GitHub
BoringVault.sol — Solmate ERC20 importBoringVault.sol uses Solmate ERC20 (permit with address(0) guard in Solmate implementation)retrieved 2026-05-17
GitHub
LayerZeroTeller.sol — messaging patternLayerZeroTeller.sol — no direct ecrecover; uses LayerZero OApp messagingretrieved 2026-05-17

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-019 score green collected_at 2026-05-17 12:41:22