[dcousens]

Its not really a bug, the operations after it would still be valid (it is almost immediately reduced to the field order), its just that those parameters would not be akin to the SEC paper specification. I agree that the honus isn't on the users to check that though, so I'm probably going to make a pull request to change this.[1]

[1] https://github.com/bitcoinjs/bitcoinjs-lib/pull/250

[cryptbe]

What might happen if r = s = -n? I think it's pure luck that this doesn't lead to a signature forgery.

[dcousens]

You're not wrong.

Thanks for pointing this out, thankfully the implementation already failed on a negative s value, but you're correct in that it wasn't definitive.

I also whole-heartedly agree with your comment about the unnecessary inclusion of a bignum that allows for negative values. The lack of typing in this (and other cases) has lead to several problematic scenarios for users to the point we have littered the code with assertions to enforce whatever we can.