KMD core developer: Zcash has a vulnerability that shows the IP address of the blocked full node

Komodo (KMD) core developer Duke Leto disclosed in a blog post on his personal website that all Zcash (ZEC) implementations and a bug in most of their branches could leak metadata containing full nodes. IP with the blocked address. Leto said: "Since the birth of the Zcash and Zcash protocols, there is a bug in all masked addresses. It appears in all Zcash source code branches and can find the IP address of the full node with the masked address (zaddr). For example, Alice Sending Bob a zaddr actually allows Bob to discover Alice's IP address. This runs counter to the design of the Zcash protocol. According to the article, anyone who issues zaddr or provides it to a third party may be affected by the vulnerability.