defirisk.co
rubric v1.7.0

ecrecover zero-address return unchecked

Circle USYC's assessment for RD-F-019 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Standard ERC-20 token pattern; ecrecover calls unlikely in primary transfer/mint path. CrossChainTeller may use signed messages. Source verified but no Slither ecrecover-malleable detector run available.

Sources #

  • Etherscan
    CrossChainTeller - EtherscanCrossChainTeller 0x5dbeCcECEbCdC2ce3258f6E638373d2923560c7d source verified v0.8.26; no published ecrecover analysisretrieved 2026-05-16

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol circle-usyc factor RD-F-019 score gray collected_at 2026-05-15 21:56:43