Hi everyone,
Libsodium’s author Frank Denis has found a missing check for validating elliptic curve points in a low-level function not exposed by libsodium-bindings. However it seems important to communicate on this issue, especially if it is brought up by security audits.
Read about it on the Cryptography Group’s blog: A vulnerability in libsodium's validation of ed25519 elliptic curve points: You are likely not affected | Haskell Cryptography Group