Hi Chronicle / Scribe team — you're arguably the best-matched eyes for this anywhere, because we use the same ecrecover-trick Schnorr technique Scribe ships in production.
We built a small on-chain BIP-340 (secp256k1 Schnorr) verifier for a verifiable agent-recovery escrow (part of the trustless-ai agent-standards work). It recovers sG = R + eP via a single ecrecover (the trick Scribe popularized) + a modexp even-Y lift of R from its x-coordinate — no oracle, ~7.5k gas. Live end-to-end on Sepolia, passes all 15 official BIP-340 vectors incl. every invalid case (pubkey-off-curve, odd-Y R, negated msg/s, infinite point, rx≥p, s≥n, x≥p).
Scribe is the production reference for exactly this technique (and was audited by Spearbit/Cantina + ChainSecurity + ABDK on it), so you know the soundness traps cold — the malleability/edge cases, the domain checks. Would you be open to a clean, well-scoped public-good review? ~120 lines, one link with everything to start in ~5 min — the file, a reviewer brief (the ecrecover algebra + full domain-check checklist), the official vectors wired as on-chain assertions, the live deploy + a real tx, one-command repro, and the 6 confirm-items:
https://github.com/TMerlini/hack-ens-recovery/blob/wyriwe-receipt/contracts/audit/REVIEW-PACKAGE.md
No pressure, no rush — pre-mainnet by design, so a cred-based pass strengthens confidence rather than underwriting funds (a formal/grant-funded audit is the later mainnet gate). We'd credit you publicly. Totally fine to close this or point me to someone better-placed.
Either way — Scribe's Schnorr is one of the references we benchmarked against. 🙏
Hi Chronicle / Scribe team — you're arguably the best-matched eyes for this anywhere, because we use the same ecrecover-trick Schnorr technique Scribe ships in production.
We built a small on-chain BIP-340 (secp256k1 Schnorr) verifier for a verifiable agent-recovery escrow (part of the trustless-ai agent-standards work). It recovers
sG = R + ePvia a singleecrecover(the trick Scribe popularized) + a modexp even-Y lift of R from its x-coordinate — no oracle, ~7.5k gas. Live end-to-end on Sepolia, passes all 15 official BIP-340 vectors incl. every invalid case (pubkey-off-curve, odd-Y R, negated msg/s, infinite point, rx≥p, s≥n, x≥p).Scribe is the production reference for exactly this technique (and was audited by Spearbit/Cantina + ChainSecurity + ABDK on it), so you know the soundness traps cold — the malleability/edge cases, the domain checks. Would you be open to a clean, well-scoped public-good review? ~120 lines, one link with everything to start in ~5 min — the file, a reviewer brief (the ecrecover algebra + full domain-check checklist), the official vectors wired as on-chain assertions, the live deploy + a real tx, one-command repro, and the 6 confirm-items:
https://github.com/TMerlini/hack-ens-recovery/blob/wyriwe-receipt/contracts/audit/REVIEW-PACKAGE.md
No pressure, no rush — pre-mainnet by design, so a cred-based pass strengthens confidence rather than underwriting funds (a formal/grant-funded audit is the later mainnet gate). We'd credit you publicly. Totally fine to close this or point me to someone better-placed.
Either way — Scribe's Schnorr is one of the references we benchmarked against. 🙏