CVE-2020-15130

Name of the Vulnerable Software and Affected Versions slpjs versions prior to 0.27.4

Description The issue concerns false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as required by the NFT1 specification.

Recommendations Upgrade to slpjs version 0.27.4 to resolve the issue. As a temporary workaround, consider avoiding the creation of NFT1 child tokens until the update is applied.