BitGo/BitGoJS

Security issue: replace non-secure cryptography

paulmillr opened this issue · 0 comments

You're using elliptic, which has long been unmaintained, and has a few cases where it produces invalid outputs, which means in blockchain context "users lose money".

It is advised to replace it with audited @noble/curves.