diff --git a/contracts/Orchestrator.sol b/contracts/Orchestrator.sol
index 801407ed..0da45400 100644
--- a/contracts/Orchestrator.sol
+++ b/contracts/Orchestrator.sol
@@ -4,12 +4,16 @@ import "./_external/Ownable.sol";
 
 import "./UFragmentsPolicy.sol";
 
+import "openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+
 /**
  * @title Orchestrator
  * @notice The orchestrator is the main entry point for rebase operations. It coordinates the policy
  * actions with external consumers.
  */
 contract Orchestrator is Ownable {
+    using ECDSA for address;
+
     struct Transaction {
         bool enabled;
         address destination;
@@ -53,6 +57,26 @@ contract Orchestrator is Ownable {
         }
     }
 
+    /**
+     * @notice Based on the hashed message and the signature (which is composed of v, r, s),
+     * erecover can return the address of the signer and since only EOAs can create valid
+     * signatures, this guarantees that the beneficiary address is not a contract but an EOA
+     * @param hash hashed message
+     * @param v {27 or 28}
+     * @param r 32 bytes of the first half of signature
+     * @param s 32 bytes of the second half of the signature
+     */
+    function verifyAddressOfSignature(
+        bytes32 hash,
+        uint8 v,
+        bytes32 r,
+        bytes32 s
+    ) internal returns (bool) {
+        bytes32 prefixedHash = ECDSA.toEthSignedMessageHash(hash);
+
+        return ECDSA.recover(prefixedHash, v, r, s) == msg.sender;
+    }
+
     /**
      * @notice Adds a transaction that gets called for a downstream receiver of rebases
      * @param destination Address of contract destination
diff --git a/package.json b/package.json
index 4efbf8b1..dca559f2 100644
--- a/package.json
+++ b/package.json
@@ -55,6 +55,7 @@
     "typescript": "^4.0.2"
   },
   "dependencies": {
+    "@openzeppelin/contracts": "^3.4.0",
     "hardhat-gas-reporter": "^1.0.4"
   }
 }
diff --git a/yarn.lock b/yarn.lock
index d4b386ab..09b1b778 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1040,6 +1040,11 @@
     "@types/sinon-chai" "^3.2.3"
     "@types/web3" "1.0.19"
 
+"@openzeppelin/contracts@^3.4.0":
+  version "3.4.0"
+  resolved "https://registry.yarnpkg.com/@openzeppelin/contracts/-/contracts-3.4.0.tgz#9a1669ad5f9fdfb6e273bb5a4fed10cb4cc35eb0"
+  integrity sha512-qh+EiHWzfY/9CORr+eRUkeEUP1WiFUcq3974bLHwyYzLBUtK6HPaMkIUHi74S1rDTZ0sNz42DwPc5A4IJvN3rg==
+
 "@openzeppelin/hardhat-upgrades@^1.4.3":
   version "1.4.3"
   resolved "https://registry.yarnpkg.com/@openzeppelin/hardhat-upgrades/-/hardhat-upgrades-1.4.3.tgz#dfd0f7668cbc343455c2a6b2d3ba4d68034e5dc2"