★ Bridge ecrecover checks result ≠ address(0)

Dolomite's assessment for RD-F-151 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL] Chainlink CCIP v1.5 RMNRemote.sol (Code4rena 2024-11 codebase) includes explicit guard: 'signerAddress = ecrecover(digest, ECDSA_RECOVERY_V, signatures[i].r, signatures[i].s); if (signerAddress == address(0)) revert InvalidSignature();' Zero-address ecrecover return is explicitly rejected. Wormhole-class bug is not present in CCIP's signer verification layer.

Sources #

Internal
Process learnings chainlink-ccip fill — F151 baselineprocess-learnings.md §chainlink-ccip 2026-05-16 — F151 green: zero-address ecrecover guard confirmed in CCIP v1.5retrieved 2026-05-16
GitHub
CCIP RMNRemote.sol — Code4rena 2024-11code-423n4/2024-11-chainlink/blob/main/contracts/src/ccip/rmn/RMNRemote.sol — ecrecover == address(0) revert InvalidSignature confirmedretrieved 2026-05-16

Methodology #

Determine whether the bridge verifier code rejects `ecrecover` returns of `address(0)`.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-151 score green collected_at 2026-05-16 11:12:56