mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

Double-Spend Attacks

snarkjs is vulnerable to Double-Spend Attacks. The vulnerability exists because the library does not validate the publicSignal when the user input publicSignals length is less than the field modulus...