Hey,
We just released a new version of the @dfinity/ledger-icp@3.0.0 JS library. If you’re not using AccountIdentifier.fromHex, you can stop reading.
If you are using it, this is a quick heads-up about a potential breaking change.
For historical reasons — going back to the old days (
) when the NNS dapp was developed in Flutter — the AccountIdentifier.fromHex function did not perform any validation. This meant it could construct an AccountIdentifier object even if the provided hex string wasn’t 32 bytes long or had an invalid checksum.
This has now been patched: we’ve added new validation checks to the function. As a result, if you previously generated invalid account identifiers, they will now be rejected. One could argue that if the identifier was invalid, it was incorrect to begin with.
If you’re affected, stick to v2 for now — and let us know.
Kudos to @ulan for spotting the missing checksum validation!