defirisk.co
rubric v1.7.0

ecrecover zero-address return unchecked

StakeWise v3's assessment for RD-F-019 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Keeper contract uses EIP-712 and OZ ECDSA for oracle signature verification. Standard OZ ECDSA `recover()` includes zero-address check. Etherscan confirms `eip712Domain()` function in Keeper read interface. No ecrecover-unchecked finding in any audit.

Sources #

  • Etherscan
    Keeper Etherscan verified sourceKeeper contract 0x6B5815467da09DaA7DC83Db21c9239d98Bb487b5 — eip712Domain() function confirms EIP712 + ECDSA patternretrieved 2026-05-16

Methodology #

Determine whether any `ecrecover` call result is used without a `!= address(0)` guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stakewise factor RD-F-019 score green collected_at 2026-05-16 01:03:28