January 7, 2025
-
Enable existing (standalone) chains to use the existing client (and connection) to the provider chain when becoming a consumer chain. This feature introduces the following API-breaking changes. (#2400)
- Add
connection_id
andpreCCV
toConsumerGenesisState
, the consumer genesis state created by the provider chain. If theconnection_id
is not empty,preCCV
is set to true and bothprovider.client_state
andprovider.consensus_state
are set to nil (as the consumer doesn't need to create a new provider client). As a result, for older versions of consumers, theconnection_id
inConsumerInitializationParameters
must be empty and the resultingConsumerGenesisState
needs to be adapted, i.e., bothconnection_id
andpreCCV
need to be removed.
- Add
- Bump cosmossdk.io/math to v1.4.0 (#2408)
[x/consumer]
Updatedgenesis transform
CLI to transformconsumer-genesis
content exported by v6.2 providers for consumer chains at version v5. Removed transformation for older consumer versions. (#2373)[x/provider]
Fixed pagination bug in query for listing the consumer chains. (#2398)[x/provider]
Fixed pagination in the list consumer chains query. (#2377)
- Bump CometBFT to v0.38.15. (#2390)
- Bump cosmos-sdk to v0.50.11 (#2458)
- Bump cosmossdk.io/math to v1.4.0 (#2408)
- Bump ibc-go to v8.5.2. (#2390)
-
Enable existing (standalone) chains to use the existing client (and connection) to the provider chain when becoming a consumer chain. This feature introduces the following changes. (#2400)
- Add
connection_id
toConsumerInitializationParameters
, the ID of the connection end on the provider chain on top of which the CCV channel will be established. Consumer chain owners can setconnection_id
to a valid ID in order to reuse the underlying clients. - Add
connection_id
to the consumer genesis state, the ID of the connection end on the consumer chain on top of which the CCV channel will be established. Ifconnection_id
is a valid ID, then the consumer chain will use the underlying client as the provider client and it will initiate the channel handshake.
- Add
-
[x/consumer]
RemoveVSCMaturedPackets
. Consumer-side changes for ADR 018. (#2372) -
[x/provider]
Add query for consumer genesis time, which corresponds to creation time of consumer clients. (#2366) -
[x/provider]
Allow consumer chains to specify a list of priority validators that are included in the validator set before other validators are considered (#2101) -
[x/provider]
Allow the chain id of a consumer chain to be updated before the chain launches. (#2378) -
[x/provider]
Enable the customization of the slashing and jailing conditions for infractions committed by validators on consumer chains (as per ADR 020). Every consumer chain can decide the punishment for every type of infraction. (#2403) -
[x/provider]
Prevent Opt-In chains from launching, unless at least one active validator has opted-in to them. (#2101)
[x/democracy/governance]
Removal of consumer governance whitelisting functionality (#2381)
- Allow the chain id of a consumer chain to be updated before the chain launches. (#2378)
- Bump cosmos-sdk to v0.50.11 (#2458)
- Enable existing (standalone) chains to use the existing client (and connection) to the provider chain when becoming a consumer chain. (#2400)
[x/consumer]
RemoveVSCMaturedPackets
. Consumer-side changes for ADR 018. (#2372)[x/democracy/governance]
Removal of consumer governance whitelisting functionality (#2381)[x/provider]
Allow consumer chains to specify a list of priority validators that are included in the validator set before other validators are considered (#2101)[x/provider]
Enable the customization of the slashing and jailing conditions for infractions committed by validators on consumer chains (as per ADR 020). Every consumer chain can decide the punishment for every type of infraction. (#2403)
October 18, 2024
[x/provider]
Add check for zero rewards to the rewards distribution logic. (#2363)
[x/provider]
Add validation for initial height and set default values for consumer initialization params. (#2357)
[x/provider]
Add check for zero rewards to the rewards distribution logic. (#2363)[x/provider]
Add validation for initial height and set default values for consumer initialization params. (#2357)
October 4, 2024
[x/consumer]
Populate the memo on the IBC transfer packets used to send ICS rewards. with the required consumer chain Id to identify the consumer to the provider.[x/provider]
Identify the source of ICS rewards from the IBC transfer packet memo. (#2290)[x/provider]
Enable permissionless allowlisting of reward denoms (at most 3) per consumer chain. (#2309)
[x/consumer]
Populate the memo on the IBC transfer packets used to send ICS rewards. with the required consumer chain Id to identify the consumer to the provider.[x/provider]
Identify the source of ICS rewards from the IBC transfer packet memo. (#2290)[x/provider]
Enable permissionless allowlisting of reward denoms (at most 3) per consumer chain. (#2309)
September 20, 2024
- Remove duplicate event emission on cached context. (#2282)
[x/provider]
Add patch to enable ICS rewards from Stride to be distributed. (#2288)
[x/provider]
Add patch to enable ICS rewards from Stride to be distributed. (#2288)
September 12, 2024
-
[x/provider]
Add the Permissionless ICS feature on the provider (as per ADR-019), which entails the following api-breaking changes on the provider. (#2171)-
Deprecate the
chain-id
parameter in favour ofconsumer-id
for all transactions and queries targeting a unique consumer chain. Below is a list highlighting the changes in the CLI commands. All commands assume the prefixinterchain-security-pd tx|q provider
.-
Transactions:
assign-consensus-key [consumer-id] [consumer-pubkey]
-- submit a MsgAssignConsensusKeyopt-in [consumer-id] [consumer-pubkey]
-- submit a MsgOptInopt-out [consumer-id]
-- submit a MsgOptOutset-consumer-commission-rate [consumer-id] [commission-rate]
-- submit a MsgSetConsumerCommissionRate
-
Queries:
-
consumer-genesis [consumer-id]
-- query for consumer chain genesis state by consumer id.- REST:
/interchain_security/ccv/provider/consumer_genesis/{consumer_id}
- REST:
-
validator-consumer-key [consumer-id] [provider-validator-address]
-- query assigned validator consensus public key for a consumer chain.- REST:
/interchain_security/ccv/provider/validator_consumer_addr/{consumer_id}/{provider_address}
- REST:
-
validator-provider-key [consumer-id] [consumer-validator-address]
-- query assigned validator consensus public key for the provider chain.- REST:
/interchain_security/ccv/provider/validator_provider_addr/{consumer_id}/{consumer_address}
- REST:
-
consumer-opted-in-validators [consumer-id]
-- query opted-in validators for a given consumer chain.- REST:
/interchain_security/ccv/provider/opted_in_validators/{consumer_id}
- REST:
-
consumer-validators [consumer-id]
-- query the last set consumer-validator set for a given consumer chain.- REST:
/interchain_security/ccv/provider/consumer_validators/{consumer_id}
- REST:
-
validator-consumer-commission-rate [consumer-id]
-- query the consumer commission rate a validator charges on a consumer chain.- REST:
/interchain_security/ccv/provider/consumer_commission_rate/{consumer_id}/{provider_address}
- REST:
-
all-pairs-valconsensus-address [consumer-id]
-- query all pairs of valconsensus address by consumer id.- REST:
/interchain_security/ccv/provider/address_pairs/{consumer_id}
- REST:
-
-
-
Deprecate the following queries, proposals and all legacy governance proposals:
-
Queries:
-
list-start-proposals
-- query consumer chains start proposals on provider chain.- REST:
/interchain_security/ccv/provider/consumer_chain_start_proposals
- REST:
-
list-stop-proposals
-- consumer chains stop proposals on provider chain.- REST:
/interchain_security/ccv/provider/consumer_chain_stop_proposals
- REST:
-
list-proposed-consumer-chains
-- query chain ids in consumer addition proposal before voting finishes.- REST:
/interchain_security/ccv/provider/proposed_consumer_chains
- REST:
-
-
Proposals:
- MsgConsumerAddition -- deprecated in favor of MsgCreateConsumer
- MsgConsumerRemoval -- deprecated in favor of MsgRemoveConsumer
- MsgConsumerModification -- deprecated in favor of MsgUpdateConsumer
-
Legacy Proposals:
-
-
-
[x/provider]
Add the Inactive Provider Validators feature (as per ADR-017), which entails the following changes on the provider. (#2079)- Add
max_provider_consensus_validators
, a provider module param that sets the maximum number of validators that will be passed to the provider consensus engine. - Add
no_valupdates_genutil
andno_valupdates_staking
, "wrapper" modules around the Cosmos SDK's native genutil and staking modules. Both modules provide the exact same functionality as the native modules, except for not returning validator set updates to the provider consensus engine. - Return the first
max_provider_consensus_validators
validators (sorted by largest amount of stake first) to the provider consensus engine. - Use the
max_validators
validators as basis for the validator sets sent to the consumers (max_validators
is a staking module param).
- Add
-
[x/provider]
The removal ofVSCMaturedPackets
entail several API breaking changes. (#2098)- Remove the
oldest_unconfirmed_vsc
query -- used to get the send timestamp of the oldest unconfirmed VSCPacket. - Deprecate the
init_timeout_period
andvsc_timeout_period
parameters from the provider module.
- Remove the
- Bump CometBFT to v0.38.11. (#2200)
- Bump cosmos-sdk to v0.50.9 (#2200)
- Bump ibc-go to v8.5.0. (#2200)
-
[x/provider]
Addallow_inactive_vals
, a power shaping configuration parameter that enables consumers to specify whether validators outside the active provider validator set are eligible to opt-in. (#2066) -
[x/provider]
Addmin_stake
, a power shaping configuration parameter that enables consumers to set the minimum amount of provider stake every validator needs to be eligible to opt-in. (#2035) -
[x/provider]
Add a query to get the blocks until the next epoch begins (#2106) -
[x/provider]
Add the Inactive Provider Validators feature (as per ADR-017), which entails the following changes on the provider. (#2079)- Add
max_provider_consensus_validators
, a provider module param that sets the maximum number of validators that will be passed to the provider consensus engine. - Add
no_valupdates_genutil
andno_valupdates_staking
, "wrapper" modules around the Cosmos SDK's native genutil and staking modules. Both modules provide the exact same functionality as the native modules, except for not returning validator set updates to the provider consensus engine. - Return the first
max_provider_consensus_validators
validators (sorted by largest amount of stake first) to the provider consensus engine. - Use the
max_validators
validators as basis for the validator sets sent to the consumers (max_validators
is a staking module param).
- Add
-
[x/provider]
Add the Permissionless ICS feature (as per ADR-019), which entails the following CLI and API enhancements on the provider. (#2171)-
Introduce new CLI commands and gRPC endpoints to manage consumer chains. All commands listed below assume the prefix
interchain-security-pd tx|q provider
.-
Transactions:
-
create-consumer [consumer-parameters]
-- submit a MsgCreateConsumer -- replace ConsumerAdditionProposal -
update-consumer [consumer-parameters]
-- submit a MsgUpdateConsumer -- replace ConsumerModificationProposal -
remove-consumer [consumer-id]
-- submit a MsgRemoveConsumer -- replace ConsumerRemovalProposal
These new TX commands should be used instead of their corresponding deprecated proposals. To update consumer chains owned by the governance module, a proposal containing a
MsgUpdateConsumer
message must be submitted. -
-
Queries:
consumer-chain [consumer-id]
-- query details of a consumer chain associated with the consumer id.- REST:
interchain-security/ccv/provider/consumer_chain/{consumer_id}
- REST:
consumer-id-from-client-id [client-id]
-- get the consumer id of a chain from a client id.- REST:
interchain-security/ccv/provider/consumer_id/{client_id}
- REST:
blocks-until-next-epoch
-- query number of blocks remaining until the next epoch begins.- REST:
interchain-security/ccv/provider/blocks_until_next_epoch
- REST:
-
-
Improve the
list-consumer-chains
query to accept optional parameters[phase]
and[limit]
:[phase]
: Filters returned consumer chains by their phase.[limit]
: Limits the number of consumer chains returned.
-
-
[x/provider]
RemoveVSCMaturedPackets
from the provider module, which entails the following changes to the provider. (#2098)- Remove unbonding operations pausing.
- Remove the CCV channel initialization timeout.
- Remove
VSCPackets
timeout. - Redesign key assignment pruning -- prune old consumer keys after the unbonding period elapses.
-
[x/provider]
Remove provider migrations to consensus versions lower than 7. To migrate the provider module from consensus version 3, 4, or 5 to consensus version 7 or higher, users should use v4.3.x in production to migrate to consensus version 6. (#2211)
[x/provider]
Addallow_inactive_vals
, a power shaping configuration parameter that enables consumers to specify whether validators outside the active provider validator set are eligible to opt-in. (#2066)[x/provider]
Addmin_stake
, a power shaping configuration parameter that enables consumers to set the minimum amount of provider stake every validator needs to be eligible to opt-in. (#2035)[x/provider]
Add the Inactive Provider Validators feature (as per ADR-017). (#2079)[x/provider]
Add the Permissionless ICS feature (as per ADR-019). (#2171)[x/provider]
RemoveVSCMaturedPackets
from the provider module (as per ADR-018). (#2098)
September 4, 2024
[x/provider]
Improve provider message validation. (1dd3885)
[x/provider]
Improve provider message validation. (1dd3885)
July 26, 2024
[x/provider]
Fix incorrect message definitions in the proto files of the provider module (#2095)
[x/provider]
Fix incorrect message definitions in the proto files of the provider module (#2095)
July 19, 2024
- Remove soft opt-out feature. (#1995) Backporting of (#1964).
[x/provider]
Change the UX in key assignment by returning an error if a validator tries to reuse the same consumer key. (#1998)
- Bump CometBFT to v0.38.9. (#2013)
- Bump cosmos-sdk to v0.50.8 (#2053)
- Bump ibc-go to v8.3.2. (#2053)
- Remove soft opt-out feature. (#1995)
- Backporting of (#1964).
[x/provider]
Change the UX in key assignment by returning an error if a validator tries to reuse the same consumer key. (#1998)
May 9, 2024
- Bump CometBFT to v0.38.4\5. (#1698)
- Bump cosmos-sdk to v0.50.x (#1698)
- Bump ibc-go to v8.1.x. (#1698)
[x/consumer]
Add consumerMsgUpdateParams
from cosmos-sdk. (#1814).[x/provider]
Add providerMsgUpdateParams
from cosmos-sdk. (#1698).
- Bump CometBFT to v0.38.4\5. (#1698)
- Bump cosmos-sdk to v0.50.x (#1698)
- Bump ibc-go to v8.1.x. (#1698)
- Revert
PutUnbondingOnHold
behavior to ICS@v1 (#1819)
September 30, 2024
- Remove duplicate event emission on cached context. (#2282)
[x/consumer]
Populate the memo on the IBC transfer packets used to send ICS rewards with the required consumer chain Id to identify the consumer to the provider.[x/provider]
Identify the source of ICS rewards from the IBC transfer packet memo. (#2290)
[x/consumer]
Populate the memo on the IBC transfer packets used to send ICS rewards with the required consumer chain Id to identify the consumer to the provider.[x/provider]
Identify the source of ICS rewards from the IBC transfer packet memo. (#2290)
July 16, 2024
- Remove soft opt-out feature. (#1964)
- Remove soft opt-out feature. (#1964)
- Remove soft opt-out feature. (#1964)
July 4, 2024
- Provider
- Add missing check for the minimum height of evidence in the consumer double-vote handler. #2007
- Provider
- Add missing check for the minimum height of evidence in the consumer double-vote handler. #2007
June 20, 2024
- Provider
- Only start distributing rewards to validators after they have been validating
for a fixed number of blocks. Introduces the
NumberOfEpochsToStartReceivingRewards
param. (#1929)
- Only start distributing rewards to validators after they have been validating
for a fixed number of blocks. Introduces the
- General
- Provider
- Apply audit suggestions that include a bug fix in the way we compute the maximum capped power. (#1925)
- Only start distributing rewards to validators after they have been validating
for a fixed number of blocks. Introduces the
NumberOfEpochsToStartReceivingRewards
param. (#1929) - Allow consumer chains to change their PSS parameters. (#1932)
May 17, 2024
- Provider
- Enable Opt In and Top N chains through gov proposals. (#1587)
- Adding the Partial Set Security (PSS) feature cf. ADR 015. PSS enables consumer chains to join ICS as Top N or Opt In chains and enables validators to opt to validate the consumer chains they want. (#1809)
- Introduce power-shaping features for consumer chains. The features: (i) allow us to cap the total number of validators that can validate the consumer chain, (ii) set a cap on the maximum voting power (percentage-wise) a validator can have on a consumer chain, and (iii) introduce allowlist and denylists to restrict which validators are allowed or not to validate a consumer chain. (#1830)
- Changes the
list-consumer-chains
query to include amin_power_in_top_N
field, as well as fields for all power shaping parameters of the consumer. (#1863) - Introduces the
consumer-validators
query to retrieve the latest set consumer-validator set for a consumer chain. (#1863)
- Provider
- Enable Opt In and Top N chains through gov proposals. (#1587)
- Assigning a key that is already assigned by the same validator will now be a no-op instead of throwing an error. (#1732)
- Adding the Partial Set Security feature cf. ADR 015. (#1809)
- Introduce power-shaping features for consumer chains. The features: (i) allow us to cap the total number of validators that can validate the consumer chain, (ii) set a cap on the maximum voting power (percentage-wise) a validator can have on a consumer chain, and (iii) introduce allowlist and denylists to restrict which validators are allowed or not to validate a consumer chain. (#1830)
April 22, 2024
- Provider
- Fix the output format of QueryAllPairsValConAddrByConsumerChainID to be consumer addresses instead of bytes (#1722)
April 17, 2024
- Provider
- Introduce epochs (i.e., send a VSCPacket every X blocks instead of in every block) so that we reduce the cost of relaying IBC packets needed for ICS. (#1516)
- Introduce the gRPC query
/interchain_security/ccv/provider/oldest_unconfirmed_vsc/{chain_id}
and CLI commandinterchain-security-pd q provider oldest_unconfirmed_vsc
to retrieve the send timestamp of the oldest unconfirmed VSCPacket by chain id. (#1740)
- General
- Provider
- Introduce epochs (i.e., send a VSCPacket every X blocks instead of in every block) so that we reduce the cost of relaying IBC packets needed for ICS. (#1516)
January 22, 2024
- General
- Consumer
- Consumer
- Provider
- Add the provider-side changes for jail throttling with retries (cf. ADR 008). (#1321)
January 5, 2024
- General
- Split out consumer genesis state to reduce shared data between provider and
consumer. (#1324)
- Note: This breaks json format used by augmenting Genesis files of consumer
chains with consumer genesis content exported from provider chain. Consumer
Genesis content exported from a provider chain using major version 1, 2 or 3
of the provider module needs to be transformed with the transformation command
introduced by this PR:
Transform the consumer genesis file from a provider version v1, v2 or v3 to a version supported by this consumer. Result is printed to STDOUT. Example: $ <appd> transform /path/to/ccv_consumer_genesis.json Usage: interchain-security-cd genesis transform [genesis-file] [flags]
- Note: This breaks json format used by augmenting Genesis files of consumer
chains with consumer genesis content exported from provider chain. Consumer
Genesis content exported from a provider chain using major version 1, 2 or 3
of the provider module needs to be transformed with the transformation command
introduced by this PR:
- Refactor shared events, codecs and errors assign to consumer and provider dedicated types where possible. (#1350)
- Split out consumer genesis state to reduce shared data between provider and
consumer. (#1324)
- Provider
- Add
QueryAllPairsValConAddrByConsumerChainID
method to get list of all pairsvalConsensus
address byConsummer chainID
. (#1503)
- Add
- General
- Provider
November 24, 2023
- Consumer
- Fix deletion of pending packets that may cause duplicate sends (#1146)
- Remove
idx
field from theccv.ConsumerPacketData
type as this would break the wire (#1150) - Validate token transfer messages before calling
Transfer()
. (#1244) - Remove incorrect address validation on
ProviderFeePoolAddrStr
param. (#1262) - Increment consumer consensus version and register consumer migration. (#1295)
- Bump ibc-go to v7.2.0. (#1196)
- Bump cosmos-sdk to v0.47.4. (#1258)
- Bump ibc-go to v7.3.0. (#1258)
- Bump cosmos-sdk to v0.47.5. (#1259)
- General
- Update the default consumer unbonding period to 2 weeks. (#1244)
- Consumer
- Optimize pending packets storage on consumer, with migration. (#1037)
- General
- Consumer
- Add the consumer-side changes for jail throttling with retries (cf. ADR 008). (#1024)
- Optimize pending packets storage on consumer, with migration. (#1037)
- Fix deletion of pending packets that may cause duplicate sends (#1146)
- Remove
idx
field from theccv.ConsumerPacketData
type as this would break the wire (#1150) - Validate token transfer messages before calling
Transfer()
. (#1244) - Remove incorrect address validation on
ProviderFeePoolAddrStr
param. (#1262) - Increment consumer consensus version and register consumer migration. (#1295)
- Provider
- Add a governance proposal for setting on the provider the denominations for rewards from consumer chains. (#1280)
Date July 11th, 2023
A minor upgrade to v3.0.0, which removes the panic in the consumer ccv module which would occur in an emergency scenario where the ccv channel is closed. This release also fixes how a distribution related event is emitted, and bumps cometbft.
- (feat) #1127 Remove consumer panic when ccv channel is closed
- (fix) #720 Fix the attribute
AttributeDistributionTotal
value inFeeDistribution
event emit. - (deps) #1119 bump cometbft from
v0.37.1
to0.37.2
.
Date: June 21st, 2023
Interchain Security v3 uses SDK 0.47 and IBC 7.
- (fix) #1093 Make SlashPacketData backward compatible when sending data over the wire
- (deps) #1019 Bump multiple dependencies.
[x/ccv/provider]
(fix) #945 RefactorAfterUnbondingInitiated
to not panic whenPutUnbondingOnHold
returns error.[x/ccv/provider]
(fix) #977 Avoids panicking the provider when an unbonding delegation was removed through aCancelUnbondingDelegation
message.[x/ccv/democracy]
(feat) #1019 Whitelisting non-legacy params in the "democracy module" require the entire module to be whitelisted.
November 20, 2023
- (fix) #1439 Fix unmarshaling for the CLI consumer double vote cmd.
- (feat!) #1435 Add height-base filter for consumer equivocation evidence.
November 15, 2023
❗ This release is deprecated and should not be used in production.
- (fix!) #1422 Fix the misbehaviour handling by verifying the signatures of byzantine validators.
❗ This release is deprecated and should not be used in production.
- New feature enabling the provider chain to verify equivocation evidence on its own instead of trusting consumer chains, see EPIC.
Date: September 15th, 2023
- (feature!) #1280 provider proposal for changing reward denoms
Date: August 18th, 2023
- (deps!) #1120 Bump Cosmos SDK to v0.45.16-ics-lsm. This requires adapting ICS to support this SDK release. Changes are state breaking.
- (fix) #720 Fix the attribute
AttributeDistributionTotal
value inFeeDistribution
event emit.
Date: June 1st, 2023
Unlike prior releases, the ICS v2.0.0
release will be based on the main branch. v2.0.0
will contain all the accumulated PRs from the various releases below, along with other PRs that were merged, but not released to production. After v2.0.0
, we plan to revamp release practices, and how we modularize the repo for consumer/provider.
Upgrading a provider from v1.1.0-multiden
to v2.0.0
will require state migrations. See migration.go.
Upgrading a consumer from v1.2.0-multiden
to v2.0.0
will NOT require state migrations.
Some PRs from v2.0.0 may reappear from other releases below. This is due to the fact that ICS v1.1.0 deviates from the commit ordering of the main branch, and other releases thereafter are based on v1.1.0.
- MVP for standalone to consumer changeover, see EPIC
- MVP for soft opt out, see EPIC
- Various fixes, critical and non-critical
- Docs updates which should not affect production code
- (feat!) Add DistributionTransmissionChannel to ConsumerAdditionProposal #965
- (feat/fix) limit vsc matured packets handled per endblocker #1004
- (fix) consumer key prefix order to avoid complex migrations #963 and #991. The latter PR is the proper fix.
- (feat) v1->v2 migrations to accommodate a bugfix having to do with store keys, introduce new params, and deal with consumer genesis state schema changes #975 and #997
- (deps) Bump github.com/cosmos/ibc-go/v4 from 4.4.0 to 4.4.2 #982
- (fix) partially revert key assignment type safety PR #980
- (fix) Remove panics on failure to send IBC packets #876
- (fix) Prevent denom DOS #931
- (fix) multisig for assigning consumer key, use json #916
- (deps) Bump github.com/cosmos/ibc-go/v4 from 4.3.0 to 4.4.0 #902
- (feat) Add warnings when provider unbonding is shorter than consumer unbonding #858
- (chore) use go 1.19 #899, #840
- (feat) Standalone to consumer changeover - recycle existing transfer channel #832
- (deps) Bump IBC 862
- (testing) Add tests for soft opt out #857
- (feat) Standalone to consumer changeover - staking functionalities #794
- (fix) prevent provider from sending VSCPackets with multiple updates for the same validator #850
- (feat) Soft opt out #833
- (fix) Correctly handle VSC packet with duplicate val updates on consumer #846
- (deps) bump sdk to v0.45.15.ics #805
- (refactor) Remove spm module #812
- (feat) Standalone to consumer changeover part 1 #757
- (chore) Swap names of e2e and integration tests #681
- (fix) fix StopConsumerChain not running in cachedContext #802. Also in earlier releases with different commit order!
- (docs) Introduce docs website #759
- (fix) Serialize correct byte prefix for SlashLogKey #786
- (feature) Improve keeper field validation #766
- (docs) Contributing guidelines #744
- (refactor) Key assignment type safety #725
- (fix) Update protos and fix deps #752
- (api) Add consumer QueryParams #746
- (feature) New validation for keeper fields #740
The first release candidate for a fix built on top of v1.2.0, intended for consumers. This release adds a list of denoms on the consumer that are allowed to be sent to the provider as rewards. This prevents a potential DOS attack that was discovered during the audit of Replicated Security performed by Oak Security and funded by the Cosmos Hub community through Proposal 687. In an effort to move quickly, this release also includes a multisig fix that is effective only for provider. It shouldn't affect the consumer module.
Note PRs were made in a private security repo.
This release combines two fixes on top of v1.1.0, that we judged were urgent to get onto the Cosmos Hub before the launch of the first ICS consumer chain. This is an emergency release intended for providers.
The first fix is to enable the use of multisigs and Ledger devices when assigning keys for consumer chains. The second is to prevent a possible DOS vector involving the reward distribution system.
Note PRs were made in a private security repo.
On April 25th (a week and a half ago), we began receiving reports that validators using multisigs and Ledger devices were getting errors reading Error: unable to resolve type URL /interchain_security.ccv.provider.v1.MsgAssignConsumerKey: tx parse error when attempting to assign consensus keys for consumer chains.
We quickly narrowed the problem down to issues having to do with using the PubKey type directly in the MsgAssignConsumerKey transaction, and Amino (a deprecated serialization library still used in Ledger devices and multisigs) not being able to handle this. We attempted to fix this with the assistance of the Cosmos-SDK team, but after making no headway for a few days, we decided to simply use a JSON representation of the PubKey in the transaction. This is how it is usually represented anyway. We have verified that this fixes the problem.
The ICS distribution system works by allowing consumer chains to send rewards to a module address on the provider called the FeePoolAddress. From here they are automatically distributed to all validators and delegators through the distribution system that already exists to distribute staking rewards. The FeePoolAddress is usually blocked so that no tokens can be sent to it, but to enable ICS distribution we had to unblock it.
We recently realized that unblocking the FeePoolAddress could enable an attacker to send a huge number of different denoms into the distribution system. The distribution system would then attempt to distribute them all, leading to out of memory errors. Fixing a similar attack vector that existed in the distribution system before ICS led us to this realization.
To fix this problem, we have re-blocked the FeePoolAddress and created a new address called the ConsumerRewardsPool. Consumer chains now send rewards to this new address. There is also a new transaction type called RegisterConsumerRewardDenom. This transaction allows people to register denoms to be used as rewards from consumer chains. It costs 10 Atoms to run this transaction.The Atoms are transferred to the community pool. Only denoms registered with this command are then transferred to the FeePoolAddress and distributed out to delegators and validators.
Date: April 13th, 2023
- (feat) Soft opt-out #833
- (fix) Correctly handle VSC packet with duplicate val updates on consumer #846
- (chore) bump: sdk v0.45.15-ics #805
- (api) add interchain security consumer QueryParams #746
Date: March 24th, 2023
- (fix) StopConsumerChain not running in cachedContext #802
Date: February 6th, 2023
This is the first version of Interchain Security (ICS), also known as Replicated Security (RS). Replicated Security is a feature which will allow a chain -- referred to as the provider -- to share security with other chains -- referred to as consumers. This means that the provider's validator set will be granted the right to validate consumer chains. The communication between the provider and the consumer chains is done through the IBC protocol over a unique, ordered channel (one for each consumer chain). Thus, RS is an IBC application.
RS consist of the following core features:
- Channel Initialization: Enables the provider to add new consumer chains. This process is governance-gated, i.e., to add a new consumer chain, a
ConsumerAdditionProposal
governance proposal must be sent to the provider and it must receive the necessary votes. - Validator Set Update: Enables the provider to (1) update the consumers on the voting power granted to validators (based on the changes in the active validator set on the provider chain), and (2) ensure the timely completion of unbonding operations (e.g., undelegations).
- Consumer Initiated Slashing: Enables the provider to jail validators for downtime infractions on the consumer chains.
- Reward Distribution: Enables the consumers to transfer to the provider (over IBC) a portion of their block rewards as payment for the security provided. Once transferred, these rewards are distributed on the provider using the protocol in the distribution module of Cosmos SDK.
- Consumer Chain Removal: Enables the provider to remove a consumer either after a
ConsumerRemovalProposal
passes governance or after one of the timeout periods elapses --InitTimeoutPeriod
,VscTimeoutPeriod
,IBCTimeoutPeriod
. - Social Slashing: Equivocation offenses (double signing etc.) on consumer chains are logged, and then can be used in a governance proposal to slash the validators responsible.
In addition, RS has the following features:
- Key Assignment: Enables validator operators to use different consensus keys for each consumer chain validator node that they operate.
- Jail Throttling: Enables the provider to slow down a "worst case scenario" attack where a malicious consumer binary attempts to jail a significant amount (> 2/3) of the voting power, effectively taking control of the provider.