Skip to content

v9.1.0

Compare
Choose a tag to compare
@github-actions github-actions released this 08 May 12:36
321d15a

Gaia v9.1.0 Release Notes

Note: This release is consensus breaking and will be applied in a coordinated upgrade

This upgrade is proposed to take place at height 15,21,3800. The date/time of the upgrade is subject to change as blocks are not generated at a constant interval. You can stay up-to-date using this live countdown page.

The chain id will remain cosmoshub-4.

For full upgrade instructions please see Discord for the following settings/scenarios.

  • Golang version --> v1.18.x
  • Halt Height settings --> MUST be manually set to 15213800
  • Avoiding double signing errors --> Avoid being tombstoned and slashed
  • Dealing with stuck nodes

Be sure to monitor the #cosmos-hub-validators-verified channel in the Cosmos Hub Developers Discord as the estimated height approaches

What's Changed

This release combines two fixes that we judged were urgent to get onto the Cosmos Hub before the launch of the first ICS consumer chain. Please note that user funds were not at risk and these fixes pertain to the liveness of the Hub and consumer chains.

The first fix is to enable the use of multisigs and Ledger devices when assigning keys for consumer chains. The second is to prevent a possible DOS vector involving the reward distribution system.

Multisig fix

On April 25th (a week and a half ago), we began receiving reports that validators using multisigs and Ledger devices were getting errors reading Error: unable to resolve type URL /interchain_security.ccv.provider.v1.MsgAssignConsumerKey: tx parse error when attempting to assign consensus keys for consumer chains.

This was surprising because we had never seen this error before, even though we have done many testnets. The reason for this is probably because people don’t bother to use high security key management techniques in testnets.

We quickly narrowed the problem down to issues having to do with using the PubKey type directly in the MsgAssignConsumerKey transaction, and Amino (a deprecated serialization library still used in Ledger devices and multisigs) not being able to handle this. We attempted to fix this with the assistance of the Cosmos-SDK team, but after making no headway for a few days, we decided to simply use a JSON representation of the PubKey in the transaction. This is how it is usually represented anyway. We have verified that this fixes the problem.

Distribution fix

The ICS distribution system works by allowing consumer chains to send rewards to a module address on the Hub called the FeePoolAddress. From here they are automatically distributed to all validators and delegators through the distribution system that already exists to distribute Atom staking rewards. The FeePoolAddress is usually blocked so that no tokens can be sent to it, but to enable ICS distribution we had to unblock it.

We recently realized that unblocking the FeePoolAddress could enable an attacker to send a huge number of different denoms into the distribution system. The distribution system would then attempt to distribute them all, leading to out of memory errors. Fixing a similar attack vector that existed in the distribution system before ICS led us to this realization.

To fix this problem, we have re-blocked the FeePoolAddress and created a new address called the ConsumerRewardsPool. Consumer chains now send rewards to this new address. There is also a new transaction type called RegisterConsumerRewardDenom. This transaction allows people to register denoms to be used as rewards from consumer chains. It costs 10 Atoms to run this transaction.The Atoms are transferred to the community pool. Only denoms registered with this command are then transferred to the FeePoolAddress and distributed out to delegators and validators.

Note: The fee of 10 Atoms was originally intended to be a parameter that could be changed by governance (10 Atoms might cost too much in the future). However, we ran into some problems creating a new parameter as part of an emergency upgrade. After consulting with the Cosmos-SDK team, we learned that creating new parameters is only supported as part of a scheduled upgrade. So in the current code, the number of Atoms is hardcoded. It will turn into a parameter in the next scheduled upgrade.

Consumer fixes

There is a similar denom issue in the consumer module which we also fix in this release. However, this module is not imported by the Cosmos Hub (it is used only by consumer chains), so we will not cover this fix in these release notes.

Code review guide

It’s important for validators to be able to review the code in upgrades. We’ve created this overview of the relevant changes and the files they are in to make this process easier. We’ve left out modifications that are not imported by the Hub, for example changes to the consumer module or to the test suite.

proto/interchain_security/ccv/provider/v1/query.proto

Adds the request and response definitions for a command to query all registered denoms.

proto/interchain_security/ccv/provider/v1/tx.proto

Modifies MsgAssignConsumerKey to use a JSON string instead of a cosmos.crypto.PubKey type.
Adds MsgRegisterConsumerRewardDenom, allowing people to register consumer reward denoms.

x/ccv/provider/client/cli/query.go

Adds a command to query all registered reward denoms.

x/ccv/provider/client/cli/tx.go

Modifies NewAssignConsumerKeyCmd to use the JSON supplied on the command line directly.
Adds NewRegisterConsumerRewardDenomCmd to register a consumer reward denom.

x/ccv/provider/keeper/distribution.go

Contains the core of the consumer reward denom registration logic.
RegisterConsumerRewardDenom takes the fee out of the user’s account and adds a consumer reward denom using SetConsumerRewardDenom.
TransferRewardsToFeeCollector uses GetAllConsumerRewardDenoms and then iterates over the list, sending the balance of each registered denom from the ConsumerRewardsPool to the FeePoolAddress.

x/ccv/provider/keeper/grpc_query.go

Adds QueryRegisteredConsumerRewardDenoms, containing logic for querying all registered denoms.

x/ccv/provider/keeper/keeper.go

Adds Bank and Distribution keepers which are called in consumer reward registration and distribution code.

x/ccv/provider/keeper/msg_server.go

Modifies AssignConsumerKey to accept JSON strings. Currently only works with ED25519 keys but this is OK since that is what the Cosmos Hub uses.
Adds RegisterConsumerRewardDenom message to register consumer reward denoms.

x/ccv/provider/keeper/params.go

Adds GetConsumerRewardDenomRegistrationFee to get the amount of the registration fee. This is in the params.go file because it will soon be replaced by a real param instead of hardcoded.

Full Changelog: release/v9.0.x...release/v9.1.x

App: gaiad
Version: v9.1.0
Commit: 321d15a574def0f338ceacc5c060159ebba95edc
Files:
 4395e3abfd1febb733c1b3ed0faa0d66  gaiad-v9.1.0-darwin-amd64
 9d6c4066e2a86a82619188e017bf730f  gaiad-v9.1.0-darwin-arm64
 c752e66d5aa1a99134613c328235e8b5  gaiad-v9.1.0-linux-amd64
 7583ed714b130251a2d781e6990f6cd9  gaiad-v9.1.0-linux-arm64
 f4e68233a516320314799b79edc58e3c  gaiad-v9.1.0-windows-amd64.exe
 1d1b7f60f3704b4f6c0065727f4681cc  gaiad-v9.1.0.tar.gz
Checksums-Sha256:
 0530f5e73e003521f7e833bd09ac3b6c1b0ea543d2185cd70032936ee06d42ed  gaiad-v9.1.0-darwin-amd64
 a98cb74526aeba4287103e0e834a42f67588da92d0db5c753657b9b8b8cb1042  gaiad-v9.1.0-darwin-arm64
 591cd6d5432a1996f9d658057ed9d446f1ecfaf5f060f3a7a30740d8722d7b5d  gaiad-v9.1.0-linux-amd64
 098c6fd577b7509c2a2d66a25f1b76bd57a7ed992250e22c6d848e603a30deeb  gaiad-v9.1.0-linux-arm64
 b78e95723a6de2f0b8cc0c89b584001cf5493d72871174a705c0b4936a7f3f86  gaiad-v9.1.0-windows-amd64.exe
 76b1dcd243e5f51221188219cffa23f9aeaf6671cd288ae1c51f070f3b03e7ea  gaiad-v9.1.0.tar.gz