★ Bridge ecrecover checks result ≠ address(0)

Hyperliquid's assessment for RD-F-151 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

CONFIRMED GREEN. Signature.sol (imported by Bridge2) contains explicit check: require(signerRecovered != address(0), 'Invalid signature, recovered the zero address'). Zero-address signatures cause revert. Wormhole-class ecrecover bypass is not possible in this implementation.

Sources #

Audit
Hyperliquid Bridge2 Audit — Zellic August 2023Zellic Audit August 2023 — Bridge2 scoperetrieved 2026-04-28
URL
Signature.sol — hyperliquid-dex/contracts (raw GitHub)Signature.sol — recoverSigner function with address(0) checkretrieved 2026-04-28

Methodology #

Determine whether the bridge verifier code rejects `ecrecover` returns of `address(0)`.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-151 score green collected_at 2026-04-28 13:58:49