Looking for libraries that have crappy documentation is a genius first step. So many crypto libs have docs written by and for PhD Cryptographers who assume you are already a decade into your post-grad crypto course and don’t need any of the basics explained.
Or the docs were written back in the 80s and still reference the old and busted APIs that are only still in the binary for backwards compatibility reasons and nobody has bothered to update them for the modern API you are supposed to be using.
Or maybe the developer went on StackExchange looking for the answer (because the docs sucked) and got a half-correct answer from 8 years ago that misses a couple of crucial details and/or uses defaults that are no longer sufficient.
And then the crypto libraries are built in such a way that even tiny mistakes can effectively cripple the protection silently. The math doesn’t care and hey, you’ve got 8 years of post-grad experience in crypto system development you’re supposed to be using right?
