ecrecover zero-address return unchecked

Stake DAO's assessment for RD-F-019 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

vlSDT and core contracts do not use ecrecover (Ownable2Step pattern, no sig-based auth). Zach Obront Votemarket audit found no ecrecover issues. Without Slither on all contracts, cannot confirm universally.

Sources #

GitHub
Zach Obront Stake DAO AuditZach Obront audit reports/stakedao.md — no ecrecover findingsretrieved 2026-05-16

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stake-dao factor RD-F-019 score gray collected_at 2026-05-16 12:29:20