defirisk.co
rubric v1.7.0

ecrecover zero-address return unchecked

A code & audits factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor detects whether any use of ecrecover() in the protocol's deployed code fails to validate that the returned address is not address(0). In Solidity, ecrecover() returns address(0) when the signature is invalid rather than reverting. If the calling code uses the return value without a != address(0) check, an invalid or malformed signature passes as valid, with address(0) treated as the signer. The detection is performed by static analysis of the verified source.

**Why it matters** A missing zero-address check on ecrecover() enables signature forgery: any attacker can submit a malformed signature and be treated as having been signed by address(0). If address(0) has any special permissions in the protocol (a common pattern in early contracts), the attacker gains those permissions. This pattern underpins the Wormhole-class signature validation failures -- Wormhole ($326M, 2022) involved a guardian signature verification bypass where the zero-address edge case was not handled. The vulnerability is simple to detect and fix but can be catastrophic when present in a signature-gated permission system.

**Green / Yellow / Red** Green: all uses of ecrecover() are followed by a require(signer != address(0)) check, confirmed by static analysis. Yellow: the check is absent in ecrecover() calls for non-critical signature paths (e.g., permit() functions without admin privilege), but all admin or governance signatures are correctly validated. Red: any ecrecover() call in an admin, governance, or fund-movement path lacks the != address(0) validation.

**Common gray cases** This factor is gray for protocols that do not use ecrecover() or ECDSA signature verification in any function path.

**Notable historical examples** The Wormhole bridge exploit ($320M, 2022) is the primary motivating case for this factor class.

Measurement what to look for #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

Data & output #

Data source
Slither `ecrecover-malleable` detector + source search for `ecrecover` calls
Output format
Green / Yellow / Red
Evidence artifact
Slither output JSON + function location
Confidence signal
green = all ecrecover results guarded; red = any unguarded ecrecover result used as an address; gray = source unverified

Scored protocols 80 carry this factor #

Protocol RD-F-019
Aave v3 ethereum green Across Protocol ethereum green Aerodrome Finance base green Axelar Network ethereum green Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche green BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum gray Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum yellow Circle USYC binance gray Compound V3 (Comet) ethereum green Concrete ethereum gray Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum not_applicable Curve Finance ethereum green deBridge ethereum yellow Dolomite ethereum green dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum green Fluid ethereum not_applicable Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum green Hyperliquid arbitrum green Jito solana not_applicable Jupiter solana not_applicable Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana not_applicable Kinetiq hyperliquid green Lido ethereum green Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc yellow Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum green Midas ethereum not_applicable Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum green Ondo Finance ethereum green OpenEden ethereum gray Orca solana not_applicable PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon green QuickSwap polygon green Raydium solana not_applicable Rocket Pool ethereum green Sanctum solana not_applicable Save (formerly Solend) solana not_applicable Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum not_applicable Spiko stellar green Stake DAO ethereum gray StakeWise v3 ethereum green Stargate Finance ethereum green stHYPE (Valantis Labs) hyperliquid gray SUNSwap (sun.io) tron not_applicable Superstate ethereum gray Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum gray Synapse Protocol ethereum not_applicable Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron yellow Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum green Venus Protocol bsc green Wormhole ethereum green Yearn Finance ethereum green
0 red · 5 yellow · 47 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-019 category 1 carried 80 critical no