Releases: cosmos/interchain-security
v1.2.0-multiden-rc0
Note: This release is consensus breaking for the consumer. It's changes are not needed for provider
The first release candidate for a fix built on top of v1.2.0
, intended for consumers. This release adds a list of denoms on the consumer that are allowed to be sent to the provider as rewards. As a result, a potential DOS attack is prevented.
What's Changed
Full Changelog: v1.2.0...v1.2.0-multiden-rc0
v1.1.0-multiden
Note: This release is consensus breaking for the provider, the changes are not needed on the consumer.
This release combines two fixes that we judged were urgent to get onto the Cosmos Hub before the launch of the first ICS consumer chain.
The first fix is to enable the use of multisigs and Ledger devices when assigning keys for consumer chains. The second is to prevent a possible DOS vector involving the reward distribution system.
Multisig fix
On April 25th (a week and a half ago), we began receiving reports that validators using multisigs and Ledger devices were getting errors reading Error: unable to resolve type URL /interchain_security.ccv.provider.v1.MsgAssignConsumerKey: tx parse error when attempting to assign consensus keys for consumer chains
.
We quickly narrowed the problem down to issues having to do with using the PubKey
type directly in the MsgAssignConsumerKey
transaction, and Amino (a deprecated serialization library still used in Ledger devices and multisigs) not being able to handle this. We attempted to fix this with the assistance of the Cosmos-SDK team, but after making no headway for a few days, we decided to simply use a JSON representation of the PubKey
in the transaction. This is how it is usually represented anyway. We have verified that this fixes the problem.
Distribution fix
The ICS distribution system works by allowing consumer chains to send rewards to a module address on the provider called the FeePoolAddress
. From here they are automatically distributed to all validators and delegators through the distribution system that already exists to distribute staking rewards. The FeePoolAddress
is usually blocked so that no tokens can be sent to it, but to enable ICS distribution we had to unblock it.
We recently realized that unblocking the FeePoolAddress
could enable an attacker to send a huge number of different denoms into the distribution system. The distribution system would then attempt to distribute them all, leading to out of memory errors. Fixing a similar attack vector that existed in the distribution system before ICS led us to this realization.
To fix this problem, we have re-blocked the FeePoolAddress
and created a new address called the ConsumerRewardsPool
. Consumer chains now send rewards to this new address. There is also a new transaction type called RegisterConsumerRewardDenom
. This transaction allows people to register denoms to be used as rewards from consumer chains. It costs 10 Atoms to run this transaction.The Atoms are transferred to the community pool. Only denoms registered with this command are then transferred to the FeePoolAddress
and distributed out to delegators and validators.
Full Changelog: v1.1.0...release/v1.1.0-multiden
v1.2.1
Date: April 25th, 2023
Note safe to use as it's SM breaking and it requires state migration.
This is a patch release of Interchain Security (ICS), also known as Replicated Security (RS), which removes the dependency on spm module for initializing the chain and updates key handling.
Changes included:
- backport Remove spm
- backport Key assignment type safety
Full Changelog: v1.2.0...v1.2.1
v1.1.1
Note safe to use as it's SM breaking and it requires state migration.
What's Changed
Changes included:
- backport Remove spm
- backport Key assignment type safety
Full Changelog: v1.1.0...v1.1.1
v1.2.0
v1.1.0
v1.0.0
What's Changed
- Update CODEOWNERS by @smarshall-spitzbart in #466
- add event emissions to provider and consumer by @MSalopek in #427
- Slashing related e2e test improvements by @smarshall-spitzbart in #461
- circuit breaker params by @smarshall-spitzbart in #444
- Adds Cryptographic Identity utility for working with various keys ect by @danwt in #470
- testutils refactors and cleanup by @smarshall-spitzbart in #472
- add multiple consumer chains in integration tests by @MSalopek in #407
- Updates issue template by @danwt in #483
- Upgrade SDK to v0.45.11 by @sainoe in #485
- handle provider and consumer client expiration by @mpoke in #448
- Restores panics to #485 by @jtremback in #491
- Update #264 - updates genesis and genesis tests by @sainoe in #382
- Fixes for issues #151 #397 by @stana-miric in #495
- Make iterators consistent with SDK pattern by @mpoke in #459
- Create e2e debug util file by @smarshall-spitzbart in #488
- Remove false vscID initialization by @mpoke in #499
- Resolve +-1 question mark in MakeConsumerGenesis by @mpoke in #500
- Improve how sent packets are stored in e2e tests by @smarshall-spitzbart in #504
- add pull request template by @MSalopek in #501
- refactor changes in expired consumer handling by @MSalopek in #507
- add consumer addition proposal documentation by @MSalopek in #502
- fix: remove duplicated SlashingKeeper in consumer app.go by @sainoe in #508
- Multi-consumer capable e2e tests by @smarshall-spitzbart in #475
- show PR template on PR creation by @MSalopek in #518
- Update PULL_REQUEST_TEMPLATE.md by @sainoe in #523
- Update tags for HandleConsumerAdditionProposal and HandleConsumerRemovalProposal by @mpoke in #539
- Simplifies some crypto util test helper methods by @danwt in #540
- update provider genesis validation by @sainoe in #525
- Deduplicate code in IncrementValidatorSetUpdateId by @danwt in #543
- refactor provider pending packets handling by @MSalopek in #552
- fix IterateInitTimeoutTimestamp by @MSalopek in #549
- Separate validation and handling for recv slash packets by @smarshall-spitzbart in #542
- test: Add CCV Test Suite with Gaia provider by @glnro in #559
- Key assignment by @mpoke in #515
- make OnTimeoutPacket handling consistent in consumer by @MSalopek in #550
- Correct ValidateStringFraction by @smarshall-spitzbart in #569
- update consumer addition proposal by @MSalopek in #558
- Refactor:
Packets
->VSCPackets
by @smarshall-spitzbart in #587 - NewErrorAcknowledgement with non-determinsitic error message by @mpoke in #591
- chore: Update gaia dependency for e2e provider test by @glnro in #578
- Update PULL_REQUEST_TEMPLATE.md by @smarshall-spitzbart in #574
- add sorting into AccumulateChanges and add a unit test for it by @jtremback in #584
- fix: verify consumer proposals execution to prevent provider halts by @sainoe in #602
- refactor: TrustingPeriodFraction should be a fraction. by @glnro in #593
- Slash packet throttling by @smarshall-spitzbart in #462
- Throttle refactors by @smarshall-spitzbart in #611
- GlobalSlashEntry protobuf type by @smarshall-spitzbart in #613
- add slash throttling queries by @MSalopek in #600
- Refactor: Convert iterators to array getters by @jtremback in #596
- refactor: wrap VSCMatured/Slash packets into a consumer packet type by @sainoe in #626
- Move info about testing from README to testing.md by @mpoke in #616
- Always queue vsc matured packet data by @smarshall-spitzbart in #624
- Fix: Iteration through PacketMaturityTimes assumes maturity time order by @mpoke in #622
- Minor refactor: factor out Begin(End)Block calls from simibc by @danwt in #588
- Adds Validator Set Replication property check to core diff model by @danwt in #589
- add provider and consumer logging by @MSalopek in #628
- replace TestHandleSlashPacketDistribution w/ TestSlashUndelegation by @mpoke in #633
- Change default max throttled packets params + small log fix by @smarshall-spitzbart in #639
- Improved assign consumer key msg validation by @danwt in #644
- Adds ValidateBasic for key assignment related state in provider genesis by @danwt in #646
- Key assignment related panic cleanup by @smarshall-spitzbart in #642
- Throttle related panic cleanup by @smarshall-spitzbart in #640
- Update IBC-Go to canonical v3.4.0 by @glnro in #632
- Add docs about ICS params by @mpoke in #653
- Provider panic cleanup by @mpoke in #647
- Consumer panic cleanup by @mpoke in #655
- Handle panic in Reward Distribution by @mpoke in #638
- Removes depreciated keyring dependency by @smarshall-spitzbart in #657
- Difftest core: small PR removes some todos by @danwt in #656
- Remove Gaia Provider Test by @glnro in #669
- run happy path tests on push; bump hermes version by @MSalopek in #659
- Bump IBC refs to ver 4.2.0 by @smarshall-spitzbart in #654
- Update CODEOWNERS by @mpoke in #676
- add manual integration tests GH workflow by @MSalopek in #665
- difftest: Adds a METHOD.md doc explaining concepts by @danwt in #663
- Document ValidatorByConsAddr in consumer module by @danwt in #675
- Improve crypto testutil by @sainoe in #672
- Fix #555 document rules for key assignment by @danwt in #668
- fix: slash meter replenishment by @smarshall-spitzbart in #687
- difftest-core (driver): refactor setup to make it more maintainable by @danwt in #658
- Throttle integration test fixes by @smarshall-spitzbart in #696
- Comments and better panic prints for e2e tests by @smarshall-spitzbart in #660
- wait after sending unjail tx in integration tests by @MSalopek in #701
- bump SDK version by @sainoe in #709
- disable consumer initiated slashing + fix slash acks bug by @sainoe in #692
- Add changelo...
v1.0.0-rc7
What's Changed
- ADR: equivocation gov proposal by @tbruyelle in #711
- Throttle ADR by @smarshall-spitzbart in #682
- add additional checks for equivocation governance proposals by @MSalopek in #730
Full Changelog: v1.0.0-rc6...v1.0.0-rc7
v1.0.0-rc6
What's Changed
- remove liquidity, feegrant and authz keepers by @MSalopek in #700
- simibc: improves package documentation for simibc by @danwt in #662
- Democracry consumer app refactors by @smarshall-spitzbart in #679
- Fix lint error in main by @smarshall-spitzbart in #702
- refactor multi-consumer and equivocation integration tests by @MSalopek in #715
- difftest-core (model): bring up to date, improve comments by @danwt in #664
- bump SDK version to v0.45.13-ics by @sainoe in #727
Full Changelog: v1.0.0-rc5...v1.0.0-rc6
v1.0.0-rc5
What's Changed
- Throttle integration test fixes by @smarshall-spitzbart in #696
- Comments and better panic prints for e2e tests by @smarshall-spitzbart in #660
- wait after sending unjail tx in integration tests by @MSalopek in #701
- bump SDK version by @sainoe in #709
- disable consumer initiated slashing + fix slash acks bug by @sainoe in #692
- Add changelog for v1.0.0 by @mpoke in #698
- feat: Equivocation gov proposal by @tbruyelle in #703
- add integration tests for equivocation proposals by @MSalopek in #710
New Contributors
- @tbruyelle made their first contribution in #703
Full Changelog: v1.0.0-rc4...v1.0.0-rc5