ecrecover zero-address return unchecked

Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-019 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v1 LUSDToken permit() uses ecrecover with standard guard (recoveredAddress != address(0)) confirmed from GitHub source. v2 BOLD token uses OZ ERC20Permit which internally handles ecrecover correctly. No audit finding of unchecked ecrecover return in either version.

Sources #

GitHub
Liquity v1 LUSDToken.sol sourcev1 LUSDToken.sol permit() uses ecrecover with != address(0) guardretrieved 2026-05-16
GitHub
Liquity v2 BoldToken.sol sourcev2 BoldToken imports OZ ERC20Permit (ecrecover handled correctly)retrieved 2026-05-16

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquity factor RD-F-019 score green collected_at 2026-05-16 10:35:50