4 matches found
GHSA-XFRC-7MJ2-5XH9 Undefined Behavior in zencashjs
Versions of zencashjs prior to 1.2.0 may cause loss of funds when used with cryptocurrency wallets. The package relies on a string comparison of the first two characters of a Horizen address to determine the destination address type of a transaction P2PKH or P2SH. Due to the base58 address prefix...
Undefined Behavior in zencashjs
Versions of zencashjs prior to 1.2.0 may cause loss of funds when used with cryptocurrency wallets. The package relies on a string comparison of the first two characters of a Horizen address to determine the destination address type of a transaction P2PKH or P2SH. Due to the base58 address prefix...
Insecure String Comparison
zencashjs uses an insecure string comparison. This is due to a clash of address prefixes for testnet P2PKH and mainnet P2SH addresses. The package interprets transactions sent to a zt P2SH address on mainnet as P2PKH transactions erroneously. Any funds sent to a mainnet P2SH multisignature addres...
Undefined Behavior
Overview Versions of zencashjs prior to 1.2.0 may cause loss of funds when used with cryptocurrency wallets. The package relies on a string comparison of the first two characters of a Horizen address to determine the destination address type of a transaction P2PKH or P2SH. Due to the base58 addre...