CVE-2022-36447: 
Python vulnerability analysis and mitigation

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0, identified as CVE-2022-36447. The vulnerability was discovered in July 2022 and affected previously minted tokens on the Chia blockchain using the CAT1 standard. The vulnerability allowed any holder of any amount of a CAT1 token to inflate their holdings to an arbitrary extent (Chia Blog, NVD).

The vulnerability enabled token holders to create a money printing mechanism to generate counterfeit copies of CAT1 tokens. The issue was discovered during a security audit by Trail of Bits, who identified a potential class of vulnerabilities in the CAT1 standard. The vulnerability affected all CAT1 tokens on the Chia blockchain, regardless of their issuance rules (Chia Blog).

The vulnerability allowed any holder of CAT1 tokens to increase the total amount of their tokens as high as they desired, effectively enabling unlimited token inflation. This could potentially devalue the underlying assets. While the attack would be auditable on-chain, the potential for malicious actors to flood the market with inflated tokens posed a significant risk to the token ecosystem (Chia Blog).

Chia Network addressed the vulnerability by upgrading from CAT1 to CAT2 standard. The end-of-life (EOL) for CAT1 was implemented at block height 2,311,760 (approximately July 26, 2022). Users were required to upgrade to wallet version 1.5.0, which no longer supported CAT1 tokens. A reissuance process was implemented where CAT1 token holders would receive equivalent CAT2 tokens based on their holdings at the EOL block height (Chia Blog).