v9.1.0
Gaia v9.1.0 Release Notes
Note: This release is consensus breaking and will be applied in a coordinated upgrade
This upgrade is proposed to take place at height 15,21,3800. The date/time of the upgrade is subject to change as blocks are not generated at a constant interval. You can stay up-to-date using this live countdown page.
The chain id will remain cosmoshub-4.
For full upgrade instructions please see Discord for the following settings/scenarios.
- Golang version --> v1.18.x
- Halt Height settings --> MUST be manually set to 15213800
- Avoiding double signing errors --> Avoid being tombstoned and slashed
- Dealing with stuck nodes
Be sure to monitor the #cosmos-hub-validators-verified channel in the Cosmos Hub Developers Discord as the estimated height approaches
What's Changed
- (fix!) #2474 Multisig and distribution fix in Interchain-Security. Bump Interchain-Security to v1.1.0-multiden.
This release combines two fixes that we judged were urgent to get onto the Cosmos Hub before the launch of the first ICS consumer chain. Please note that user funds were not at risk and these fixes pertain to the liveness of the Hub and consumer chains.
The first fix is to enable the use of multisigs and Ledger devices when assigning keys for consumer chains. The second is to prevent a possible DOS vector involving the reward distribution system.
Multisig fix
On April 25th (a week and a half ago), we began receiving reports that validators using multisigs and Ledger devices were getting errors reading Error: unable to resolve type URL /interchain_security.ccv.provider.v1.MsgAssignConsumerKey
: tx parse error when attempting to assign consensus keys for consumer chains.
This was surprising because we had never seen this error before, even though we have done many testnets. The reason for this is probably because people don’t bother to use high security key management techniques in testnets.
We quickly narrowed the problem down to issues having to do with using the PubKey type directly in the MsgAssignConsumerKey
transaction, and Amino (a deprecated serialization library still used in Ledger devices and multisigs) not being able to handle this. We attempted to fix this with the assistance of the Cosmos-SDK team, but after making no headway for a few days, we decided to simply use a JSON representation of the PubKey in the transaction. This is how it is usually represented anyway. We have verified that this fixes the problem.
Distribution fix
The ICS distribution system works by allowing consumer chains to send rewards to a module address on the Hub called the FeePoolAddress
. From here they are automatically distributed to all validators and delegators through the distribution system that already exists to distribute Atom staking rewards. The FeePoolAddress
is usually blocked so that no tokens can be sent to it, but to enable ICS distribution we had to unblock it.
We recently realized that unblocking the FeePoolAddress
could enable an attacker to send a huge number of different denoms into the distribution system. The distribution system would then attempt to distribute them all, leading to out of memory errors. Fixing a similar attack vector that existed in the distribution system before ICS led us to this realization.
To fix this problem, we have re-blocked the FeePoolAddress
and created a new address called the ConsumerRewardsPool
. Consumer chains now send rewards to this new address. There is also a new transaction type called RegisterConsumerRewardDenom
. This transaction allows people to register denoms to be used as rewards from consumer chains. It costs 10 Atoms
to run this transaction.The Atoms are transferred to the community pool. Only denoms registered with this command are then transferred to the FeePoolAddress and distributed out to delegators and validators.
Note: The fee of 10 Atoms
was originally intended to be a parameter that could be changed by governance (10 Atoms might cost too much in the future). However, we ran into some problems creating a new parameter as part of an emergency upgrade. After consulting with the Cosmos-SDK team, we learned that creating new parameters is only supported as part of a scheduled upgrade. So in the current code, the number of Atoms is hardcoded. It will turn into a parameter in the next scheduled upgrade.
Consumer fixes
There is a similar denom issue in the consumer module which we also fix in this release. However, this module is not imported by the Cosmos Hub (it is used only by consumer chains), so we will not cover this fix in these release notes.
Code review guide
It’s important for validators to be able to review the code in upgrades. We’ve created this overview of the relevant changes and the files they are in to make this process easier. We’ve left out modifications that are not imported by the Hub, for example changes to the consumer module or to the test suite.
proto/interchain_security/ccv/provider/v1/query.proto
Adds the request and response definitions for a command to query all registered denoms.
proto/interchain_security/ccv/provider/v1/tx.proto
Modifies MsgAssignConsumerKey to use a JSON string instead of a cosmos.crypto.PubKey
type.
Adds MsgRegisterConsumerRewardDenom
, allowing people to register consumer reward denoms.
x/ccv/provider/client/cli/query.go
Adds a command to query all registered reward denoms.
x/ccv/provider/client/cli/tx.go
Modifies NewAssignConsumerKeyCmd
to use the JSON supplied on the command line directly.
Adds NewRegisterConsumerRewardDenomCmd
to register a consumer reward denom.
x/ccv/provider/keeper/distribution.go
Contains the core of the consumer reward denom registration logic.
RegisterConsumerRewardDenom
takes the fee out of the user’s account and adds a consumer reward denom using SetConsumerRewardDenom
.
TransferRewardsToFeeCollector
uses GetAllConsumerRewardDenoms
and then iterates over the list, sending the balance of each registered denom from the ConsumerRewardsPool
to the FeePoolAddress
.
x/ccv/provider/keeper/grpc_query.go
Adds QueryRegisteredConsumerRewardDenoms
, containing logic for querying all registered denoms.
x/ccv/provider/keeper/keeper.go
Adds Bank and Distribution keepers which are called in consumer reward registration and distribution code.
x/ccv/provider/keeper/msg_server.go
Modifies AssignConsumerKey
to accept JSON strings. Currently only works with ED25519 keys but this is OK since that is what the Cosmos Hub uses.
Adds RegisterConsumerRewardDenom
message to register consumer reward denoms.
x/ccv/provider/keeper/params.go
Adds GetConsumerRewardDenomRegistrationFee
to get the amount of the registration fee. This is in the params.go file because it will soon be replaced by a real param instead of hardcoded.
Full Changelog: release/v9.0.x...release/v9.1.x
App: gaiad
Version: v9.1.0
Commit: 321d15a574def0f338ceacc5c060159ebba95edc
Files:
4395e3abfd1febb733c1b3ed0faa0d66 gaiad-v9.1.0-darwin-amd64
9d6c4066e2a86a82619188e017bf730f gaiad-v9.1.0-darwin-arm64
c752e66d5aa1a99134613c328235e8b5 gaiad-v9.1.0-linux-amd64
7583ed714b130251a2d781e6990f6cd9 gaiad-v9.1.0-linux-arm64
f4e68233a516320314799b79edc58e3c gaiad-v9.1.0-windows-amd64.exe
1d1b7f60f3704b4f6c0065727f4681cc gaiad-v9.1.0.tar.gz
Checksums-Sha256:
0530f5e73e003521f7e833bd09ac3b6c1b0ea543d2185cd70032936ee06d42ed gaiad-v9.1.0-darwin-amd64
a98cb74526aeba4287103e0e834a42f67588da92d0db5c753657b9b8b8cb1042 gaiad-v9.1.0-darwin-arm64
591cd6d5432a1996f9d658057ed9d446f1ecfaf5f060f3a7a30740d8722d7b5d gaiad-v9.1.0-linux-amd64
098c6fd577b7509c2a2d66a25f1b76bd57a7ed992250e22c6d848e603a30deeb gaiad-v9.1.0-linux-arm64
b78e95723a6de2f0b8cc0c89b584001cf5493d72871174a705c0b4936a7f3f86 gaiad-v9.1.0-windows-amd64.exe
76b1dcd243e5f51221188219cffa23f9aeaf6671cd288ae1c51f070f3b03e7ea gaiad-v9.1.0.tar.gz