Name of the Vulnerable Software and Affected Versions zencashjs versions prior to 1.2.0

Description The issue affects the handling of cryptocurrency transactions, specifically with Horizen addresses. It relies on string comparison of the first two characters of an address to determine the destination address type. Due to overlapping address prefixes for testnet P2PKH and mainnet P2SH addresses, transactions sent to a mainnet P2SH address starting with "zt" are interpreted as P2PKH transactions, resulting in loss of funds.

Recommendations Upgrade to version 1.2.0 or later.