ecrecover zero-address return unchecked

JustLend DAO's assessment for RD-F-019 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Slither ecrecover-malleable detector not available on TVM. JustLend governance uses WJST checkpointing, not ecrecover-based signature verification in core contracts. Structural not_applicable for TVM substrate.

Sources #

GitHub
JustLend GovernorBravoDelegate.sol — checkpoint voting confirmedGovernorBravoDelegate.sol — uses wjst.getPriorVotes() checkpoint, not ecrecoverretrieved 2026-05-17

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol justlend factor RD-F-019 score not_applicable collected_at 2026-05-17 10:25:32