Closed tmpfs closed 2 years ago
Oh it looks like libsecp256k1
is only used for testing so I created #169 to add some clarity if anyone else stumbles upon this.
Thanks for reporting. I'll remove this dependency altogether in exchange for the original secp256k1 library.
The version of
libsecp256k1
in use is vulnerable to overflowing signatures: https://rustsec.org/advisories/RUSTSEC-2021-0076.html.An upgrade to
0.5
or later should fix the issue, any idea on how much effort is required for this update?Happy to work with you to get this updated 🙏