ecrecover zero-address return unchecked

Liquid Collective (LsETH)'s assessment for RD-F-019 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No ecrecover calls found in River.1.sol, Oracle.1.sol, RedeemManager.1.sol, or OracleManager.1.sol. TLC.1.sol uses OZ ERC20Permit which inherits OZ ECDSA library that includes the zero-address guard. No unguarded ecrecover usage identified.

Sources #

GitHub
TLC.1.sol — Liquid CollectiveTLC.1.sol uses OZ ERC20Permit with guarded ecrecoverretrieved 2026-05-17
GitHub
River.1.sol — Liquid CollectiveRiver.1.sol and Oracle.1.sol — no ecrecover callsretrieved 2026-05-17

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquid-collective factor RD-F-019 score green collected_at 2026-05-16 19:46:23