Monocypher’s primitives have been selected for their ease of implementation and lack of subtle trap. Most are relatively easy to get right, given the proper methodology.
We run a comprehensive test suite with sanitisers (ASan, MSan, UBSan, Valgrind), use automated code coverage, and conducted a proof of correctness for Poly1305. Of course, every time a bug is found (which is not often), we add a regression test. Vulnerabilities that are serious enough are addressed behind closed door. Full disclosure follows.