High risk vulnerabilities in dependencies

[defijesus]

As the website integrates with the user wallet, we must be very careful to not introduce any attack vectors that could put our users funds in danger.

After running npm audit I found one that should be solved ASAP:

web3 package has a vulnerability that may leak the private keys. The vulnerability page states the following:

Exploiting this vulnerability likely requires a Cross-Site Scripting vulnerability to access the private key.

Other notable vulnerabilities:

• axios - Server Side Request Forgery
• elliptic - Usage of broken or risky crypto algos and Signature Malleability

[0xModene]

Go ahead and make a fork. Since this project uses yarn, run the following before you make any other dependency changes:

npm i --package-lock-only && rm yarn.lock && npm audit fix && yarn import && rm package-lock.json

That should install an npm package-lock.json, do the npm audit fix to clear up any non-breaking changes, and then reinstall the yarn.lock file like nothing happened.

After that, make any changes you need to for the vulnerabilities and test the crap out of it and we can get a PR in