defirisk.co
rubric v1.7.0

Bridge ecrecover checks result ≠ address(0)

Ondo Finance's assessment for RD-F-151 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

**GREEN — LayerZero v2 DVN architecture does not use raw `ecrecover` in the OFT adapter.** The `OndoMintBurnAdapter` validates messages through `lzReceive()` + `OnlyEndpoint` enforcement — the calling validation is that messages must originate from the authorized LayerZero EndpointV2. The DVNs call `verify()` on the destination Message Library at the protocol level. If individual DVN implementations internally use secp256k1 multisig (they may use ecrecover-style internally), the OFT adapter i...

Sources #

  • Docs
    Ondo Finance docs (verified: covers OUSG + USDY)https://docs.ondo.financeretrieved 2026-05-12
  • Docs
    LayerZero v2 docs (DVN architecture, OFT spec)https://docs.layerzero.network/v2/retrieved 2026-05-12

Methodology #

Determine whether the bridge verifier code rejects `ecrecover` returns of `address(0)`.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ondo-finance factor RD-F-151 score green collected_at 2026-05-14 12:01:55