Jcramer

**Name of the Vulnerable Software and Affected Versions** slpjs versions prior to 0.27.4 **Description** The issue concerns false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as required by the NFT1 specification. **Recommendations** Upgrade to slpjs version 0.27.4 to resolve the issue. As a temporary workaround, consider avoiding the creation of NFT1 child tokens until the update is applied.

**Name of the Vulnerable Software and Affected Versions** slp-validate versions prior to 1.2.2 **Description** The issue concerns false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as required by the NFT1 specification. **Recommendations** Upgrade to slp-validate version 1.2.2 to resolve the issue. As a temporary workaround, consider avoiding the use of the vulnerable validation mechanism for NFT1 Child Genesis transactions until the update is applied.

**Name of the Vulnerable Software and Affected Versions** slpjs versions prior to 0.27.2 **Description** The issue allows users to experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens, resulting in the destruction of a user's minting baton. **Recommendations** For versions prior to 0.27.2, upgrade to version 0.27.2 to resolve the issue. As a temporary workaround, consider avoiding the use of MINT transaction operations until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** slp-validate versions prior to 1.2.1 slpjs version 0.27.2 and earlier **Description** The issue concerns false-negative validation outcomes for MINT transaction operations, which could allow spending of affected tokens and result in the destruction of a user's minting baton. This is due to a poorly implemented SLP wallet. **Recommendations** For slp-validate versions prior to 1.2.1, upgrade to version 1.2.1 to resolve the issue. For slpjs version 0.27.2 and earlier, upgrade to a version that includes the related fix. At the moment, there is no information about a newer version that contains a fix for this vulnerability for slpjs.

**Name of the Vulnerable Software and Affected Versions** Electron-Cash-SLP versions prior to 3.6.2 **Description** The issue affects token creators using the "Mint Tool" feature of the Electron Cash SLP Edition, putting them at risk of sending the minting authority baton to the wrong SLP address. This could allow another party to issue new tokens or permanently destroy future minting capability. **Recommendations** For versions prior to 3.6.2, update to version 3.6.2 to resolve the issue. As a temporary workaround, consider restricting the use of the "Mint Tool" feature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** slpjs versions prior to 0.21.4 **Description** A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. **Recommendations** Upgrade to any version >= 0.21.4.

**Name of the Vulnerable Software and Affected Versions** slp-validate versions prior to 1.0.1 **Description** A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate package. This allows an attacker to create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. **Recommendations** For versions prior to 1.0.1, upgrade to version 1.0.1 or later.