Impact
All token creators that use the "Mint Tool" feature of the Electron Cash SLP Edition (< 3.6.2) are at risk of sending the minting authority baton to the wrong SLP address. Sending the mint baton to the wrong address will give another party the ability to issue new tokens or permanently destroy future minting capability.
Patches
Run the latest source code or install version 3.6.2.
Workarounds
There are no workarounds.
References
- Github Issue: Mint baton sent to token receiver address - link
- BIP-LI01: Lexicographical Indexing of Transaction Inputs and Outputs - link
For more information
If you have any questions or comments about this advisory:
Impact
All token creators that use the "Mint Tool" feature of the Electron Cash SLP Edition (< 3.6.2) are at risk of sending the minting authority baton to the wrong SLP address. Sending the mint baton to the wrong address will give another party the ability to issue new tokens or permanently destroy future minting capability.
Patches
Run the latest source code or install version 3.6.2.
Workarounds
There are no workarounds.
References
For more information
If you have any questions or comments about this advisory: