Avoid account identifiers; use ICRC-1

TL;DR

Calculating account identifiers can be dangerous. Please use ICRC-1 or the new account_identifier method on the ICP ledger canister.

The Incident

Starting July 20th, we started getting reports from people not being able to log in with Internet Identity. You can read more about it here, but in the end we identified the problem was using a specific hashing library. Unfortunately the same hashing library that was causing login problems, was also being used to calculate account identifiers. If this goes wrong, you still get something that looks like an account identifier and you only really notice that it isn’t when money that’s sent there doesn’t appear in your account. Sadly this is what happened on August 23rd.

The response

We have already switched ic-js to using a different hashing library (@noble/hashes). However we realize that we can’t guarantee that this other library will always work correctly. Fortunately if you transfer tokens using the ICRC-1 interface you don’t need to calculate an identifier on the client and can specify the owner principal and subaccount directly.

What we are asking the community

Therefore we want to urge all developers to use ICRC-1 whenever possible. For the cases where an account identifier is unavoidable, we have also implemented a new canister method to get an account identifier without having to calculate it in the client.

Thank you to the DFINITY dev team for your assistance, prompt responses, and quick updates!

Good move.

Is there a way we can make the exchanges (coinbase/binance) compatible with the icrc1-textual encoding format?

Is this new method ‘account identifier’ deployed for ICP Ledger?
I am trying to use this method by pulling the latest wasm, but the method is not available.

Is this new method ‘account identifier’ deployed for ICP Ledger?

Thanks for pointing this out. The ICP ledger canister hasn’t been deployed since the new method was added. I’ll ask when it might be deployed.

In the meantime you should be able to test it locally by installing it with

$ dfx start --clean
# In another terminal:
$ rm "$(dfx cache show)/wasms/ledger-canister_notify-method.wasm" # if it already didn't exist, that's fine
$ DFX_IC_COMMIT=e63cc8e68d591dd0ca3e68ec46ed1d9c2c1d7797 dfx nns install
$ dfx nns import
$ dfx canister call nns-ledger account_identifier '(record {owner = principal "l6jli-p5bub-kxvlf-jovmc-hq6lb-3qifz-i6d52-nvhni-bbjuc-n76fc-hqe"; subaccount = opt blob "\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01" })'

I recommend you contact them directly.

That is a strange recommendation.

Maybe I misunderstood the question? I don’t think there’s anything we can do to make Coinbase work with ICRC-1 without changing Coinbase itself. And I expect their decision to do it will have mostly to do with whether they think there is demand for it.
But I do not use Coinbase myself so maybe I’m misunderstanding what you are referring to.

I also suspect that there are some business/partnership people at DFINITY who might want to encourage them, but that doesn’t change that independent demand would help. But I am an engineer myself and I’m not involved in/aware of those discussions so this is the best advice I have.

Did someone at dfinity register the icp token / rosetta node on the major exchanges? How do they know the bounds/function/specification of the first icp account identifier?