A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus.
All versions > 0.21.3 are patched.
Upgrade to any version >= 0.21.4.
The bug was located and fixed here.
If you have any questions or comments about this advisory: