From 7618827c297c19ce1200bec2c320efd8430d2ef1 Mon Sep 17 00:00:00 2001 From: Marius Poke Date: Tue, 5 Dec 2023 12:21:06 +0100 Subject: [PATCH] docs: add v3.3.0 section to changelog (#1476) * add v3.3.0 section to changelog * docs: rm 1321-jail-throttling-vs - not released on this branch * docs: regenerate changelog file --------- Co-authored-by: MSalopek --- .changelog/epilogue.md | 173 +------------ .changelog/unreleased/.gitkeep | 0 .../provider/1321-jail-throttling-v2.md | 2 - .../provider/1321-jail-throttling-v2.md | 2 - ...ic-verification-of-equivocation-feature.md | 0 .../dependencies/1373-bump-ibc.md | 0 .../features/1336-quint-model.md | 0 .../1339-check-key-assignment-in-use.md | 0 ...1340-cryptographic-equivocation-feature.md | 0 .../improvements/1324-consumer-genesis.md | 0 .../improvements/1350-cleanup-types.md | 0 .../state-breaking/1324-consumer-genesis.md | 0 .../state-breaking/1460-msg-validation.md | 0 .../1339-check-key-assignment-in-use.md | 0 ...1340-cryptographic-equivocation-feature.md | 0 .changelog/v3.3.0/summary.md | 1 + CHANGELOG.md | 242 +++++------------- 17 files changed, 74 insertions(+), 346 deletions(-) create mode 100644 .changelog/unreleased/.gitkeep delete mode 100644 .changelog/unreleased/features/provider/1321-jail-throttling-v2.md delete mode 100644 .changelog/unreleased/state-breaking/provider/1321-jail-throttling-v2.md rename .changelog/{unreleased => v3.3.0}/api-breaking/provider/1340-add-cryptographic-verification-of-equivocation-feature.md (100%) rename .changelog/{unreleased => v3.3.0}/dependencies/1373-bump-ibc.md (100%) rename .changelog/{unreleased => v3.3.0}/features/1336-quint-model.md (100%) rename .changelog/{unreleased => v3.3.0}/features/provider/1339-check-key-assignment-in-use.md (100%) rename .changelog/{unreleased => v3.3.0}/features/provider/1340-cryptographic-equivocation-feature.md (100%) rename .changelog/{unreleased => v3.3.0}/improvements/1324-consumer-genesis.md (100%) rename .changelog/{unreleased => v3.3.0}/improvements/1350-cleanup-types.md (100%) rename .changelog/{unreleased => v3.3.0}/state-breaking/1324-consumer-genesis.md (100%) rename .changelog/{unreleased => v3.3.0}/state-breaking/1460-msg-validation.md (100%) rename .changelog/{unreleased => v3.3.0}/state-breaking/provider/1339-check-key-assignment-in-use.md (100%) rename .changelog/{unreleased => v3.3.0}/state-breaking/provider/1340-cryptographic-equivocation-feature.md (100%) create mode 100644 .changelog/v3.3.0/summary.md diff --git a/.changelog/epilogue.md b/.changelog/epilogue.md index 861dc712e3..08e82ea253 100644 --- a/.changelog/epilogue.md +++ b/.changelog/epilogue.md @@ -23,175 +23,6 @@ Interchain Security v3 uses SDK 0.47 and IBC 7. * `[x/ccv/provider]` (fix) [#977](https://github.com/cosmos/interchain-security/pull/977) Avoids panicking the provider when an unbonding delegation was removed through a `CancelUnbondingDelegation` message. * `[x/ccv/democracy]` (feat) [#1019](https://github.com/cosmos/interchain-security/pull/1019) Whitelisting non-legacy params in the "democracy module" require the entire module to be whitelisted. -## v2.4.0-lsm +## Previous Versions -*November 20, 2023* - -* (fix) [#1439](https://github.com/cosmos/interchain-security/pull/1439) Fix unmarshaling for the CLI consumer double vote cmd. -* (feat!) [#1435](https://github.com/cosmos/interchain-security/pull/1435) Add height-base filter for consumer equivocation evidence. - -## v2.3.0-provider-lsm - -*November 15, 2023* - -❗ *This release is deprecated and should not be used in production.* - -* (fix!) [#1422](https://github.com/cosmos/interchain-security/pull/1422) Fix the misbehaviour handling by verifying the signatures of byzantine validators. - -## v2.2.0-provider-lsm - -❗ *This release is deprecated and should not be used in production.* - -### Cryptographic verification of equivocation -* New feature enabling the provider chain to verify equivocation evidence on its own instead of trusting consumer chains, see [EPIC](https://github.com/cosmos/interchain-security/issues/732). - -## v2.1.0-provider-lsm - -Date: September 15th, 2023 - -* (feature!) [#1280](https://github.com/cosmos/interchain-security/pull/1280) provider proposal for changing reward denoms - -## v2.0.0-lsm - -Date: August 18th, 2023 - -* (deps!) [#1120](https://github.com/cosmos/interchain-security/pull/1120) Bump [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) to [v0.45.16-ics-lsm](https://github.com/cosmos/cosmos-sdk/tree/v0.45.16-ics-lsm). This requires adapting ICS to support this SDK release. Changes are state breaking. -* (fix) [#720](https://github.com/cosmos/interchain-security/issues/720) Fix the attribute `AttributeDistributionTotal` value in `FeeDistribution` event emit. - -## v2.0.0 - -Date: June 1st, 2023 - -Unlike prior releases, the ICS `v2.0.0` release will be based on the main branch. `v2.0.0` will contain all the accumulated PRs from the various releases below, along with other PRs that were merged, but not released to production. After `v2.0.0`, we plan to revamp release practices, and how we modularize the repo for consumer/provider. - -Upgrading a provider from `v1.1.0-multiden` to `v2.0.0` will require state migrations. See [migration.go](./x/ccv/provider/keeper/migration.go). See the provider module's `ConsensusVersion` in [module](./x/ccv/provider/module.go) - -Upgrading a consumer from `v1.2.0-multiden` to `v2.0.0` will NOT require state migrations. See the consumer module's `ConsensusVersion` in [module](./x/ccv/consumer/module.go) - -Some PRs from v2.0.0 may reappear from other releases below. This is due to the fact that ICS v1.1.0 deviates from the commit ordering of the main branch, and other releases thereafter are based on v1.1.0. - -### High level changes included in v2.0.0 - -* MVP for standalone to consumer changeover, see [EPIC](https://github.com/cosmos/interchain-security/issues/756) -* MVP for soft opt out, see [EPIC](https://github.com/cosmos/interchain-security/issues/851) -* Various fixes, critical and non-critical -* Docs updates which should not affect production code - -## Notable PRs included in v2.0.0 - -* (feat!) Add DistributionTransmissionChannel to ConsumerAdditionProposal [#965](https://github.com/cosmos/interchain-security/pull/965) -* (feat/fix) limit vsc matured packets handled per endblocker [#1004](https://github.com/cosmos/interchain-security/pull/1004) -* (fix) cosumer key prefix order to avoid complex migrations [#963](https://github.com/cosmos/interchain-security/pull/963) and [#991](https://github.com/cosmos/interchain-security/pull/991). The latter PR is the proper fix. -* (feat) v1->v2 migrations to accommodate a bugfix having to do with store keys, introduce new params, and deal with consumer genesis state schema changes [#975](https://github.com/cosmos/interchain-security/pull/975) and [#997](https://github.com/cosmos/interchain-security/pull/997) -* (deps) Bump github.com/cosmos/ibc-go/v4 from 4.4.0 to 4.4.2 [#982](https://github.com/cosmos/interchain-security/pull/982) -* (fix) partially revert key assignment type safety PR [#980](https://github.com/cosmos/interchain-security/pull/980) -* (fix) Remove panics on failure to send IBC packets [#876](https://github.com/cosmos/interchain-security/pull/876) -* (fix) Prevent denom DOS [#931](https://github.com/cosmos/interchain-security/pull/931) -* (fix) multisig for assigning consumer key, use json [#916](https://github.com/cosmos/interchain-security/pull/916) -* (deps) Bump github.com/cosmos/ibc-go/v4 from 4.3.0 to 4.4.0 [#902](https://github.com/cosmos/interchain-security/pull/902) -* (feat) Add warnings when provider unbonding is shorter than consumer unbonding [#858](https://github.com/cosmos/interchain-security/pull/858) -* (chore) use go 1.19 [#899](https://github.com/cosmos/interchain-security/pull/899), [#840](https://github.com/cosmos/interchain-security/pull/840) -* (feat) Standalone to consumer changeover - recycle existing transfer channel [#832](https://github.com/cosmos/interchain-security/pull/832) -* (deps) Bump IBC [862](https://github.com/cosmos/interchain-security/pull/862) -* (testing) Add tests for soft opt out [#857](https://github.com/cosmos/interchain-security/pull/857) -* (feat) Standalone to consumer changeover - staking functionalities [#794](https://github.com/cosmos/interchain-security/pull/794) -* (fix) prevent provider from sending VSCPackets with multiple updates for the same validator [#850](https://github.com/cosmos/interchain-security/pull/850) -* (feat) Soft opt out [#833](https://github.com/cosmos/interchain-security/issues/833) -* (fix) Correctly handle VSC packet with duplicate val updates on consumer [#846](https://github.com/cosmos/interchain-security/pull/846) -* (deps) bump sdk to v0.45.15.ics [#805](https://github.com/cosmos/interchain-security/pull/805) -* (refactor) Remove spm module [#812](https://github.com/cosmos/interchain-security/pull/812) -* (feat) Standalone to consumer changeover part 1 [#757](https://github.com/cosmos/interchain-security/pull/757) -* (chore) Swap names of e2e and integration tests [#681](https://github.com/cosmos/interchain-security/pull/681) -* (fix) fix StopConsumerChain not running in cachedContext [#802](https://github.com/cosmos/interchain-security/pull/802). Also in earlier releases with different commit order! -* (docs) Introduce docs website [#759](https://github.com/cosmos/interchain-security/pull/759) -* (fix) Serialize correct byte prefix for SlashLogKey [#786](https://github.com/cosmos/interchain-security/pull/786) -* (feature) Improve keeper field validation [#766](https://github.com/cosmos/interchain-security/pull/766) -* (docs) Contributing guidelines [#744](https://github.com/cosmos/interchain-security/pull/744) -* (refactor) Key assignment type safety [#725](https://github.com/cosmos/interchain-security/pull/725) -* (fix) Update protos and fix deps [#752](https://github.com/cosmos/interchain-security/pull/752) -* (api) Add consumer QueryParams [#746](https://github.com/cosmos/interchain-security/pull/746) -* (feature) New validation for keeper fields [#740](https://github.com/cosmos/interchain-security/pull/740) - -## v1.2.0-multiden - -The first release candidate for a fix built on top of v1.2.0, intended for consumers. This release adds a list of denoms on the consumer that are allowed to be sent to the provider as rewards. This prevents a potential DOS attack that was discovered during the audit of Replicated Security performed by Oak Security and funded by the Cosmos Hub community through Proposal 687. In an effort to move quickly, this release also includes a multisig fix that is effective only for provider. It shouldn't affect the consumer module. - -Note PRs were made in a private security repo. - -[full diff](https://github.com/cosmos/interchain-security/compare/v1.2.0...v1.2.0-multiden-rc0) - -## v1.1.0-multiden - -This release combines two fixes on top of v1.1.0, that we judged were urgent to get onto the Cosmos Hub before the launch of the first ICS consumer chain. This is an emergency release intended for providers. - -The first fix is to enable the use of multisigs and Ledger devices when assigning keys for consumer chains. The second is to prevent a possible DOS vector involving the reward distribution system. - -Note PRs were made in a private security repo. - -[full diff](https://github.com/cosmos/interchain-security/compare/v1.1.0...release/v1.1.0-multiden) - -### Multisig fix - -On April 25th (a week and a half ago), we began receiving reports that validators using multisigs and Ledger devices were getting errors reading Error: unable to resolve type URL /interchain_security.ccv.provider.v1.MsgAssignConsumerKey: tx parse error when attempting to assign consensus keys for consumer chains. - -We quickly narrowed the problem down to issues having to do with using the PubKey type directly in the MsgAssignConsumerKey transaction, and Amino (a deprecated serialization library still used in Ledger devices and multisigs) not being able to handle this. We attempted to fix this with the assistance of the Cosmos-SDK team, but after making no headway for a few days, we decided to simply use a JSON representation of the PubKey in the transaction. This is how it is usually represented anyway. We have verified that this fixes the problem. - -### Distribution fix - -The ICS distribution system works by allowing consumer chains to send rewards to a module address on the provider called the FeePoolAddress. From here they are automatically distributed to all validators and delegators through the distribution system that already exists to distribute staking rewards. The FeePoolAddress is usually blocked so that no tokens can be sent to it, but to enable ICS distribution we had to unblock it. - -We recently realized that unblocking the FeePoolAddress could enable an attacker to send a huge number of different denoms into the distribution system. The distribution system would then attempt to distribute them all, leading to out of memory errors. Fixing a similar attack vector that existed in the distribution system before ICS led us to this realization. - -To fix this problem, we have re-blocked the FeePoolAddress and created a new address called the ConsumerRewardsPool. Consumer chains now send rewards to this new address. There is also a new transaction type called RegisterConsumerRewardDenom. This transaction allows people to register denoms to be used as rewards from consumer chains. It costs 10 Atoms to run this transaction.The Atoms are transferred to the community pool. Only denoms registered with this command are then transferred to the FeePoolAddress and distributed out to delegators and validators. - -## v1.2.1 - -* (fix) Remove SPM [#812](https://github.com/cosmos/interchain-security/pull/812) -* (refactor) Key assignment type safety [#725](https://github.com/cosmos/interchain-security/pull/725) - -## v1.2.0 - -Date: April 13th, 2023 - -* (feat) Soft opt-out [#833](https://github.com/cosmos/interchain-security/pull/833) -* (fix) Correctly handle VSC packet with duplicate val updates on consumer [#846](https://github.com/cosmos/interchain-security/pull/846) -* (chore) bump: sdk v0.45.15-ics [#805](https://github.com/cosmos/interchain-security/pull/805) -* (api) add interchain security consumer QueryParams [#746](https://github.com/cosmos/interchain-security/pull/746) - -## v1.1.1 - -* (fix) Remove SPM [#812](https://github.com/cosmos/interchain-security/pull/812) -* (refactor) Key assignment type safety [#725](https://github.com/cosmos/interchain-security/pull/725) - -## v1.1.0 - -Date: March 24th, 2023 - -* (fix) StopConsumerChain not running in cachedContext [#802](https://github.com/cosmos/interchain-security/pull/802) - -## v1.0.0 - -Date: February 6th, 2023 - -This is the first version of Interchain Security (ICS), also known as _Replicated Security_ (RS). -Replicated Security is a feature which will allow a chain -- referred to as the _provider_ -- to share security with other chains -- referred to as _consumers_. -This means that the provider's validator set will be granted the right to validate consumer chains. -The communication between the provider and the consumer chains is done through the IBC protocol over a unique, ordered channel (one for each consumer chain). Thus, RS is an IBC application. - -### Features / sub-protocols - -RS consist of the following core features: - -- **Channel Initialization**: Enables the provider to add new consumer chains. This process is governance-gated, i.e., to add a new consumer chain, a `ConsumerAdditionProposal` governance proposal must be sent to the provider and it must receive the necessary votes. -- **Validator Set Update**: Enables the provider to - (1) update the consumers on the voting power granted to validators (based on the changes in the active validator set on the provider chain), - and (2) ensure the timely completion of unbonding operations (e.g., undelegations). -- **Consumer Initiated Slashing**: Enables the provider to jail validators for downtime infractions on the consumer chains. -- **Reward Distribution**: Enables the consumers to transfer to the provider (over IBC) a portion of their block rewards as payment for the security provided. Once transferred, these rewards are distributed on the provider using the protocol in the [distribution module of Cosmos SDK](https://docs.cosmos.network/v0.45/modules/distribution/). -- **Consumer Chain Removal**: Enables the provider to remove a consumer either after a `ConsumerRemovalProposal` passes governance or after one of the timeout periods elapses -- `InitTimeoutPeriod`, `VscTimeoutPeriod`, `IBCTimeoutPeriod`. -- **Social Slashing**: Equivocation offenses (double signing etc.) on consumer chains are logged, and then can be used in a governance proposal to slash the validators responsible. - -In addition, RS has the following features: - -- **Key Assignment**: Enables validator operators to use different consensus keys for each consumer chain validator node that they operate. -- **Jail Throttling**: Enables the provider to slow down a "worst case scenario" attack where a malicious consumer binary attempts to jail a significant amount (> 2/3) of the voting power, effectively taking control of the provider. \ No newline at end of file +[CHANGELOG of previous versions](https://github.com/cosmos/interchain-security/blob/main/CHANGELOG.md) \ No newline at end of file diff --git a/.changelog/unreleased/.gitkeep b/.changelog/unreleased/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/.changelog/unreleased/features/provider/1321-jail-throttling-v2.md b/.changelog/unreleased/features/provider/1321-jail-throttling-v2.md deleted file mode 100644 index dd3b1a2852..0000000000 --- a/.changelog/unreleased/features/provider/1321-jail-throttling-v2.md +++ /dev/null @@ -1,2 +0,0 @@ -- Add the provider-side changes for jail throttling with retries (cf. ADR 008). - ([\#1321](https://github.com/cosmos/interchain-security/pull/1321)) \ No newline at end of file diff --git a/.changelog/unreleased/state-breaking/provider/1321-jail-throttling-v2.md b/.changelog/unreleased/state-breaking/provider/1321-jail-throttling-v2.md deleted file mode 100644 index dd3b1a2852..0000000000 --- a/.changelog/unreleased/state-breaking/provider/1321-jail-throttling-v2.md +++ /dev/null @@ -1,2 +0,0 @@ -- Add the provider-side changes for jail throttling with retries (cf. ADR 008). - ([\#1321](https://github.com/cosmos/interchain-security/pull/1321)) \ No newline at end of file diff --git a/.changelog/unreleased/api-breaking/provider/1340-add-cryptographic-verification-of-equivocation-feature.md b/.changelog/v3.3.0/api-breaking/provider/1340-add-cryptographic-verification-of-equivocation-feature.md similarity index 100% rename from .changelog/unreleased/api-breaking/provider/1340-add-cryptographic-verification-of-equivocation-feature.md rename to .changelog/v3.3.0/api-breaking/provider/1340-add-cryptographic-verification-of-equivocation-feature.md diff --git a/.changelog/unreleased/dependencies/1373-bump-ibc.md b/.changelog/v3.3.0/dependencies/1373-bump-ibc.md similarity index 100% rename from .changelog/unreleased/dependencies/1373-bump-ibc.md rename to .changelog/v3.3.0/dependencies/1373-bump-ibc.md diff --git a/.changelog/unreleased/features/1336-quint-model.md b/.changelog/v3.3.0/features/1336-quint-model.md similarity index 100% rename from .changelog/unreleased/features/1336-quint-model.md rename to .changelog/v3.3.0/features/1336-quint-model.md diff --git a/.changelog/unreleased/features/provider/1339-check-key-assignment-in-use.md b/.changelog/v3.3.0/features/provider/1339-check-key-assignment-in-use.md similarity index 100% rename from .changelog/unreleased/features/provider/1339-check-key-assignment-in-use.md rename to .changelog/v3.3.0/features/provider/1339-check-key-assignment-in-use.md diff --git a/.changelog/unreleased/features/provider/1340-cryptographic-equivocation-feature.md b/.changelog/v3.3.0/features/provider/1340-cryptographic-equivocation-feature.md similarity index 100% rename from .changelog/unreleased/features/provider/1340-cryptographic-equivocation-feature.md rename to .changelog/v3.3.0/features/provider/1340-cryptographic-equivocation-feature.md diff --git a/.changelog/unreleased/improvements/1324-consumer-genesis.md b/.changelog/v3.3.0/improvements/1324-consumer-genesis.md similarity index 100% rename from .changelog/unreleased/improvements/1324-consumer-genesis.md rename to .changelog/v3.3.0/improvements/1324-consumer-genesis.md diff --git a/.changelog/unreleased/improvements/1350-cleanup-types.md b/.changelog/v3.3.0/improvements/1350-cleanup-types.md similarity index 100% rename from .changelog/unreleased/improvements/1350-cleanup-types.md rename to .changelog/v3.3.0/improvements/1350-cleanup-types.md diff --git a/.changelog/unreleased/state-breaking/1324-consumer-genesis.md b/.changelog/v3.3.0/state-breaking/1324-consumer-genesis.md similarity index 100% rename from .changelog/unreleased/state-breaking/1324-consumer-genesis.md rename to .changelog/v3.3.0/state-breaking/1324-consumer-genesis.md diff --git a/.changelog/unreleased/state-breaking/1460-msg-validation.md b/.changelog/v3.3.0/state-breaking/1460-msg-validation.md similarity index 100% rename from .changelog/unreleased/state-breaking/1460-msg-validation.md rename to .changelog/v3.3.0/state-breaking/1460-msg-validation.md diff --git a/.changelog/unreleased/state-breaking/provider/1339-check-key-assignment-in-use.md b/.changelog/v3.3.0/state-breaking/provider/1339-check-key-assignment-in-use.md similarity index 100% rename from .changelog/unreleased/state-breaking/provider/1339-check-key-assignment-in-use.md rename to .changelog/v3.3.0/state-breaking/provider/1339-check-key-assignment-in-use.md diff --git a/.changelog/unreleased/state-breaking/provider/1340-cryptographic-equivocation-feature.md b/.changelog/v3.3.0/state-breaking/provider/1340-cryptographic-equivocation-feature.md similarity index 100% rename from .changelog/unreleased/state-breaking/provider/1340-cryptographic-equivocation-feature.md rename to .changelog/v3.3.0/state-breaking/provider/1340-cryptographic-equivocation-feature.md diff --git a/.changelog/v3.3.0/summary.md b/.changelog/v3.3.0/summary.md new file mode 100644 index 0000000000..08b255631d --- /dev/null +++ b/.changelog/v3.3.0/summary.md @@ -0,0 +1 @@ +*December 5, 2023* diff --git a/CHANGELOG.md b/CHANGELOG.md index aa1db086d1..8c8bed4f8f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,74 @@ # CHANGELOG +## v3.3.0 + +*December 5, 2023* + +### API BREAKING + +- [Provider](x/ccv/provider) + - Deprecate equivocation proposals. + ([\#1340](https://github.com/cosmos/interchain-security/pull/1340)) + +### DEPENDENCIES + +- Bump [ibc-go](https://github.com/cosmos/ibc-go) to + [v7.3.1](https://github.com/cosmos/ibc-go/releases/tag/v7.3.1). + ([\#1373](https://github.com/cosmos/interchain-security/pull/1373)) + +### FEATURES + +- General + - Add Quint model of Replicated Security. + ([\#1336](https://github.com/cosmos/interchain-security/pull/1336)) +- [Provider](x/ccv/provider) + - Update how consumer-assigned keys are checked when a validator is + created on the provider. + ([\#1339](https://github.com/cosmos/interchain-security/pull/1339)) + - Introduce the cryptographic verification of equivocation feature to the provider + (cf. [ADR-005](/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md) + & [ADR-013](/docs/docs/adrs/adr-013-equivocation-slashing.md)). + ([\#1340](https://github.com/cosmos/interchain-security/pull/1340)) + +### IMPROVEMENTS + +- Split out consumer genesis state to reduce shared data between provider and + consumer. ([\#1324](https://github.com/cosmos/interchain-security/pull/1324)) + - Note: This breaks json format used by augmenting Genesis files of consumer + chains with consumer genesis content exported from provider chain. Consumer + Genesis content exported from a provider chain using major version 1, 2 or 3 + of the provider module needs to be transformed with the transformation command + introduced by this PR: + ``` + Transform the consumer genesis file from a provider version v1, v2 or v3 to a version supported by this consumer. Result is printed to STDOUT. + + Example: + $ transform /path/to/ccv_consumer_genesis.json + + Usage: + interchain-security-cd genesis transform [genesis-file] [flags] + ``` +- Refactor shared events, codecs and errors assign to + consumer and provider dedicated types where possible. + ([\#1350](https://github.com/cosmos/interchain-security/pull/1350)) + +### STATE BREAKING + +- General + - Split out consumer genesis state to reduce shared data between provider and + consumer. ([\#1324](https://github.com/cosmos/interchain-security/pull/1324)) + - Improve validation of IBC packet data and provider messages. Also, + enable the provider to validate consumer packets before handling them. + ([\#1460](https://github.com/cosmos/interchain-security/pull/1460)) +- [Provider](x/ccv/provider) + - Change the states by adding a consumer key for each chain that is + not yet registered meaning for which the gov proposal has not passed. + ([\#1339](https://github.com/cosmos/interchain-security/pull/1339)) + - Introduce the cryptographic verification of equivocation feature to the provider + (cf. [ADR-005](/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md) + & [ADR-013](/docs/docs/adrs/adr-013-equivocation-slashing.md)). + ([\#1340](https://github.com/cosmos/interchain-security/pull/1340)) + ## v3.2.0 *November 24, 2023* @@ -120,176 +189,7 @@ Interchain Security v3 uses SDK 0.47 and IBC 7. * `[x/ccv/provider]` (fix) [#977](https://github.com/cosmos/interchain-security/pull/977) Avoids panicking the provider when an unbonding delegation was removed through a `CancelUnbondingDelegation` message. * `[x/ccv/democracy]` (feat) [#1019](https://github.com/cosmos/interchain-security/pull/1019) Whitelisting non-legacy params in the "democracy module" require the entire module to be whitelisted. -## v2.4.0-lsm - -*November 20, 2023* - -* (fix) [#1439](https://github.com/cosmos/interchain-security/pull/1439) Fix unmarshaling for the CLI consumer double vote cmd. -* (feat!) [#1435](https://github.com/cosmos/interchain-security/pull/1435) Add height-base filter for consumer equivocation evidence. - -## v2.3.0-provider-lsm - -*November 15, 2023* - -❗ *This release is deprecated and should not be used in production.* - -* (fix!) [#1422](https://github.com/cosmos/interchain-security/pull/1422) Fix the misbehaviour handling by verifying the signatures of byzantine validators. - -## v2.2.0-provider-lsm - -❗ *This release is deprecated and should not be used in production.* - -### Cryptographic verification of equivocation -* New feature enabling the provider chain to verify equivocation evidence on its own instead of trusting consumer chains, see [EPIC](https://github.com/cosmos/interchain-security/issues/732). - -## v2.1.0-provider-lsm - -Date: September 15th, 2023 - -* (feature!) [#1280](https://github.com/cosmos/interchain-security/pull/1280) provider proposal for changing reward denoms - -## v2.0.0-lsm - -Date: August 18th, 2023 - -* (deps!) [#1120](https://github.com/cosmos/interchain-security/pull/1120) Bump [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) to [v0.45.16-ics-lsm](https://github.com/cosmos/cosmos-sdk/tree/v0.45.16-ics-lsm). This requires adapting ICS to support this SDK release. Changes are state breaking. -* (fix) [#720](https://github.com/cosmos/interchain-security/issues/720) Fix the attribute `AttributeDistributionTotal` value in `FeeDistribution` event emit. - -## v2.0.0 - -Date: June 1st, 2023 - -Unlike prior releases, the ICS `v2.0.0` release will be based on the main branch. `v2.0.0` will contain all the accumulated PRs from the various releases below, along with other PRs that were merged, but not released to production. After `v2.0.0`, we plan to revamp release practices, and how we modularize the repo for consumer/provider. - -Upgrading a provider from `v1.1.0-multiden` to `v2.0.0` will require state migrations. See [migration.go](./x/ccv/provider/keeper/migration.go). See the provider module's `ConsensusVersion` in [module](./x/ccv/provider/module.go) - -Upgrading a consumer from `v1.2.0-multiden` to `v2.0.0` will NOT require state migrations. See the consumer module's `ConsensusVersion` in [module](./x/ccv/consumer/module.go) - -Some PRs from v2.0.0 may reappear from other releases below. This is due to the fact that ICS v1.1.0 deviates from the commit ordering of the main branch, and other releases thereafter are based on v1.1.0. - -### High level changes included in v2.0.0 - -* MVP for standalone to consumer changeover, see [EPIC](https://github.com/cosmos/interchain-security/issues/756) -* MVP for soft opt out, see [EPIC](https://github.com/cosmos/interchain-security/issues/851) -* Various fixes, critical and non-critical -* Docs updates which should not affect production code - -## Notable PRs included in v2.0.0 - -* (feat!) Add DistributionTransmissionChannel to ConsumerAdditionProposal [#965](https://github.com/cosmos/interchain-security/pull/965) -* (feat/fix) limit vsc matured packets handled per endblocker [#1004](https://github.com/cosmos/interchain-security/pull/1004) -* (fix) cosumer key prefix order to avoid complex migrations [#963](https://github.com/cosmos/interchain-security/pull/963) and [#991](https://github.com/cosmos/interchain-security/pull/991). The latter PR is the proper fix. -* (feat) v1->v2 migrations to accommodate a bugfix having to do with store keys, introduce new params, and deal with consumer genesis state schema changes [#975](https://github.com/cosmos/interchain-security/pull/975) and [#997](https://github.com/cosmos/interchain-security/pull/997) -* (deps) Bump github.com/cosmos/ibc-go/v4 from 4.4.0 to 4.4.2 [#982](https://github.com/cosmos/interchain-security/pull/982) -* (fix) partially revert key assignment type safety PR [#980](https://github.com/cosmos/interchain-security/pull/980) -* (fix) Remove panics on failure to send IBC packets [#876](https://github.com/cosmos/interchain-security/pull/876) -* (fix) Prevent denom DOS [#931](https://github.com/cosmos/interchain-security/pull/931) -* (fix) multisig for assigning consumer key, use json [#916](https://github.com/cosmos/interchain-security/pull/916) -* (deps) Bump github.com/cosmos/ibc-go/v4 from 4.3.0 to 4.4.0 [#902](https://github.com/cosmos/interchain-security/pull/902) -* (feat) Add warnings when provider unbonding is shorter than consumer unbonding [#858](https://github.com/cosmos/interchain-security/pull/858) -* (chore) use go 1.19 [#899](https://github.com/cosmos/interchain-security/pull/899), [#840](https://github.com/cosmos/interchain-security/pull/840) -* (feat) Standalone to consumer changeover - recycle existing transfer channel [#832](https://github.com/cosmos/interchain-security/pull/832) -* (deps) Bump IBC [862](https://github.com/cosmos/interchain-security/pull/862) -* (testing) Add tests for soft opt out [#857](https://github.com/cosmos/interchain-security/pull/857) -* (feat) Standalone to consumer changeover - staking functionalities [#794](https://github.com/cosmos/interchain-security/pull/794) -* (fix) prevent provider from sending VSCPackets with multiple updates for the same validator [#850](https://github.com/cosmos/interchain-security/pull/850) -* (feat) Soft opt out [#833](https://github.com/cosmos/interchain-security/issues/833) -* (fix) Correctly handle VSC packet with duplicate val updates on consumer [#846](https://github.com/cosmos/interchain-security/pull/846) -* (deps) bump sdk to v0.45.15.ics [#805](https://github.com/cosmos/interchain-security/pull/805) -* (refactor) Remove spm module [#812](https://github.com/cosmos/interchain-security/pull/812) -* (feat) Standalone to consumer changeover part 1 [#757](https://github.com/cosmos/interchain-security/pull/757) -* (chore) Swap names of e2e and integration tests [#681](https://github.com/cosmos/interchain-security/pull/681) -* (fix) fix StopConsumerChain not running in cachedContext [#802](https://github.com/cosmos/interchain-security/pull/802). Also in earlier releases with different commit order! -* (docs) Introduce docs website [#759](https://github.com/cosmos/interchain-security/pull/759) -* (fix) Serialize correct byte prefix for SlashLogKey [#786](https://github.com/cosmos/interchain-security/pull/786) -* (feature) Improve keeper field validation [#766](https://github.com/cosmos/interchain-security/pull/766) -* (docs) Contributing guidelines [#744](https://github.com/cosmos/interchain-security/pull/744) -* (refactor) Key assignment type safety [#725](https://github.com/cosmos/interchain-security/pull/725) -* (fix) Update protos and fix deps [#752](https://github.com/cosmos/interchain-security/pull/752) -* (api) Add consumer QueryParams [#746](https://github.com/cosmos/interchain-security/pull/746) -* (feature) New validation for keeper fields [#740](https://github.com/cosmos/interchain-security/pull/740) - -## v1.2.0-multiden - -The first release candidate for a fix built on top of v1.2.0, intended for consumers. This release adds a list of denoms on the consumer that are allowed to be sent to the provider as rewards. This prevents a potential DOS attack that was discovered during the audit of Replicated Security performed by Oak Security and funded by the Cosmos Hub community through Proposal 687. In an effort to move quickly, this release also includes a multisig fix that is effective only for provider. It shouldn't affect the consumer module. - -Note PRs were made in a private security repo. - -[full diff](https://github.com/cosmos/interchain-security/compare/v1.2.0...v1.2.0-multiden-rc0) - -## v1.1.0-multiden - -This release combines two fixes on top of v1.1.0, that we judged were urgent to get onto the Cosmos Hub before the launch of the first ICS consumer chain. This is an emergency release intended for providers. - -The first fix is to enable the use of multisigs and Ledger devices when assigning keys for consumer chains. The second is to prevent a possible DOS vector involving the reward distribution system. - -Note PRs were made in a private security repo. - -[full diff](https://github.com/cosmos/interchain-security/compare/v1.1.0...release/v1.1.0-multiden) - -### Multisig fix - -On April 25th (a week and a half ago), we began receiving reports that validators using multisigs and Ledger devices were getting errors reading Error: unable to resolve type URL /interchain_security.ccv.provider.v1.MsgAssignConsumerKey: tx parse error when attempting to assign consensus keys for consumer chains. - -We quickly narrowed the problem down to issues having to do with using the PubKey type directly in the MsgAssignConsumerKey transaction, and Amino (a deprecated serialization library still used in Ledger devices and multisigs) not being able to handle this. We attempted to fix this with the assistance of the Cosmos-SDK team, but after making no headway for a few days, we decided to simply use a JSON representation of the PubKey in the transaction. This is how it is usually represented anyway. We have verified that this fixes the problem. - -### Distribution fix - -The ICS distribution system works by allowing consumer chains to send rewards to a module address on the provider called the FeePoolAddress. From here they are automatically distributed to all validators and delegators through the distribution system that already exists to distribute staking rewards. The FeePoolAddress is usually blocked so that no tokens can be sent to it, but to enable ICS distribution we had to unblock it. - -We recently realized that unblocking the FeePoolAddress could enable an attacker to send a huge number of different denoms into the distribution system. The distribution system would then attempt to distribute them all, leading to out of memory errors. Fixing a similar attack vector that existed in the distribution system before ICS led us to this realization. - -To fix this problem, we have re-blocked the FeePoolAddress and created a new address called the ConsumerRewardsPool. Consumer chains now send rewards to this new address. There is also a new transaction type called RegisterConsumerRewardDenom. This transaction allows people to register denoms to be used as rewards from consumer chains. It costs 10 Atoms to run this transaction.The Atoms are transferred to the community pool. Only denoms registered with this command are then transferred to the FeePoolAddress and distributed out to delegators and validators. - -## v1.2.1 - -* (fix) Remove SPM [#812](https://github.com/cosmos/interchain-security/pull/812) -* (refactor) Key assignment type safety [#725](https://github.com/cosmos/interchain-security/pull/725) - -## v1.2.0 - -Date: April 13th, 2023 - -* (feat) Soft opt-out [#833](https://github.com/cosmos/interchain-security/pull/833) -* (fix) Correctly handle VSC packet with duplicate val updates on consumer [#846](https://github.com/cosmos/interchain-security/pull/846) -* (chore) bump: sdk v0.45.15-ics [#805](https://github.com/cosmos/interchain-security/pull/805) -* (api) add interchain security consumer QueryParams [#746](https://github.com/cosmos/interchain-security/pull/746) - -## v1.1.1 - -* (fix) Remove SPM [#812](https://github.com/cosmos/interchain-security/pull/812) -* (refactor) Key assignment type safety [#725](https://github.com/cosmos/interchain-security/pull/725) - -## v1.1.0 - -Date: March 24th, 2023 - -* (fix) StopConsumerChain not running in cachedContext [#802](https://github.com/cosmos/interchain-security/pull/802) - -## v1.0.0 - -Date: February 6th, 2023 - -This is the first version of Interchain Security (ICS), also known as _Replicated Security_ (RS). -Replicated Security is a feature which will allow a chain -- referred to as the _provider_ -- to share security with other chains -- referred to as _consumers_. -This means that the provider's validator set will be granted the right to validate consumer chains. -The communication between the provider and the consumer chains is done through the IBC protocol over a unique, ordered channel (one for each consumer chain). Thus, RS is an IBC application. - -### Features / sub-protocols - -RS consist of the following core features: - -- **Channel Initialization**: Enables the provider to add new consumer chains. This process is governance-gated, i.e., to add a new consumer chain, a `ConsumerAdditionProposal` governance proposal must be sent to the provider and it must receive the necessary votes. -- **Validator Set Update**: Enables the provider to - (1) update the consumers on the voting power granted to validators (based on the changes in the active validator set on the provider chain), - and (2) ensure the timely completion of unbonding operations (e.g., undelegations). -- **Consumer Initiated Slashing**: Enables the provider to jail validators for downtime infractions on the consumer chains. -- **Reward Distribution**: Enables the consumers to transfer to the provider (over IBC) a portion of their block rewards as payment for the security provided. Once transferred, these rewards are distributed on the provider using the protocol in the [distribution module of Cosmos SDK](https://docs.cosmos.network/v0.45/modules/distribution/). -- **Consumer Chain Removal**: Enables the provider to remove a consumer either after a `ConsumerRemovalProposal` passes governance or after one of the timeout periods elapses -- `InitTimeoutPeriod`, `VscTimeoutPeriod`, `IBCTimeoutPeriod`. -- **Social Slashing**: Equivocation offenses (double signing etc.) on consumer chains are logged, and then can be used in a governance proposal to slash the validators responsible. - -In addition, RS has the following features: +## Previous Versions -- **Key Assignment**: Enables validator operators to use different consensus keys for each consumer chain validator node that they operate. -- **Jail Throttling**: Enables the provider to slow down a "worst case scenario" attack where a malicious consumer binary attempts to jail a significant amount (> 2/3) of the voting power, effectively taking control of the provider. +[CHANGELOG of previous versions](https://github.com/cosmos/interchain-security/blob/main/CHANGELOG.md)