★ Bridge ecrecover checks result ≠ address(0)

Stargate Finance's assessment for RD-F-151 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Bridge signature verification checks ecrecover != address(0) | LayerZero v2 does NOT use ecrecover in the Wormhole/traditional sense. DVN verification works via hash commitments: DVNs call `ReceiveUln302.verify()` to store `payloadHash` indexed by their address. There is no `ecrecover` call that could return `address(0)`. The Wormhole bug class (unsigned message accepted because ecrecover(invalid_sig) = address(0)) does not apply to this architecture. However, the analogous risk — whether a D...

Sources #

Curator note
Extracted from 03-oracle-deps.md — RD-F-151; no URL citedretrieved 2026-04-28

Methodology #

Determine whether the bridge verifier code rejects `ecrecover` returns of `address(0)`.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stargate factor RD-F-151 score gray collected_at 2026-04-28 01:38:41