Security issue: outdated cryptography is used
paulmillr opened this issue · comments
Paul Miller commented
You're using elliptic, which has long been unmaintained, and has a few cases where it produces invalid outputs, which means in blockchain context "users lose money".
It is advised to replace it with audited @noble/curves
.
Shin Yoshiaki commented
Thanks for the advice. I'll try to migration.
Shin Yoshiaki commented
done it #358
Paul Miller commented
not done. you didnt remove elliptic
Shin Yoshiaki commented
finally #359