Releases: cosmos/interchain-security
v2.0.0-rc3
The rc3 release candidate for replicated security v2.0.0.
Date: June 16th, 2023
Unlike prior releases, the ICS v2.0.0 release will be based on the main branch. v2.0.0 will contain all the accumulated feat PRs from previous releases, along with other PRs that were merged to main, but not released to production. After v2.0.0, we plan to revamp release practices, and how we modularize the repo for consumer/provider.
Upgrading a provider from v1.1.0-multiden to v2.0.0 will require state migrations. See migration.go. See the provider module's ConsensusVersion in module
Upgrading a consumer from v1.2.0-multiden to v2.0.0 will NOT require state migrations. See the consumer module's ConsensusVersion in module
From changelog...
High level changes included in v2.0.0
- MVP for standalone to consumer changeover, see EPIC
- MVP for soft opt out, see EPIC
- Various fixes, critical and non-critical
- Docs updates which should not affect production code
Notable PRs included in v2.0.0
- (feat!) Add DistributionTransmissionChannel to ConsumerAdditionProposal #965
- (feat/fix) limit vsc matured packets handled per endblocker #1004
- (fix) cosumer key prefix order to avoid complex migrations #963 and #991. The latter PR is the proper fix.
- (feat) v1->v2 migrations to accommodate a bugfix having to do with store keys, introduce new params, and deal with consumer genesis state schema changes #975 and #997
- (deps) Bump github.com/cosmos/ibc-go/v4 from 4.4.0 to 4.4.2 #982
- (fix) partially revert key assignment type safety PR #980
- (fix) Remove panics on failure to send IBC packets #876
- (fix) Prevent denom DOS #931
- (fix) multisig for assigning consumer key, use json #916
- (deps) Bump github.com/cosmos/ibc-go/v4 from 4.3.0 to 4.4.0 #902
- (feat) Add warnings when provider unbonding is shorter than consumer unbonding #858
- (chore) use go 1.19 #899, #840
- (feat) Standalone to consumer changeover - recycle existing transfer channel #832
- (deps) Bump IBC 862
- (testing) Add tests for soft opt out #857
- (feat) Standalone to consumer changeover - staking functionalities #794
- (fix) prevent provider from sending VSCPackets with multiple updates for the same validator #850
- (feat) Soft opt out #833
- (fix) Correctly handle VSC packet with duplicate val updates on consumer #846
- (deps) bump sdk to v0.45.15.ics #805
- (refactor) Remove spm module #812
- (feat) Standalone to consumer changeover part 1 #757
- (chore) Swap names of e2e and integration tests #681
- (fix) fix StopConsumerChain not running in cachedContext #802. Also in earlier releases with different commit order!
- (docs) Introduce docs website #759
- (fix) Serialize correct byte prefix for SlashLogKey #786
- (feature) Improve keeper field validation #766
- (docs) Contributing guidelines #744
- (refactor) Key assignment type safety #725
- (fix) Update protos and fix deps #752
- (api) Add consumer QueryParams #746
- (feature) New validation for keeper fields #740
What's Changed since rc2
- feat: integrate cometmock (backport #989) by @mergify in #1030
- feat!: Add DistributionTransmissionChannel to ConsumerAdditionProposal (manual backport #965) by @smarshall-spitzbart in #1031
Full Changelog: v2.0.0-rc2...v2.0.0-rc3
Contributors
Assets 2
v2.0.0-rc2
The rc2 release candidate for replicated security v2.0.0.
Date: June 13th, 2023
Unlike prior releases, the ICS v2.0.0 release will be based on the main branch. v2.0.0 will contain all the accumulated feat PRs from previous releases, along with other PRs that were merged to main, but not released to production. After v2.0.0, we plan to revamp release practices, and how we modularize the repo for consumer/provider.
Upgrading a provider from v1.1.0-multiden to v2.0.0 will require state migrations. See migration.go. See the provider module's ConsensusVersion in module
Upgrading a consumer from v1.2.0-multiden to v2.0.0 will NOT require state migrations. See the consumer module's ConsensusVersion in module
From changelog...
High level changes included in v2.0.0
- MVP for standalone to consumer changeover, see EPIC
- MVP for soft opt out, see EPIC
- Various fixes, critical and non-critical
- Docs updates which should not affect production code
Notable PRs included in v2.0.0
- (feat/fix) limit vsc matured packets handled per endblocker #1004
- (fix) cosumer key prefix order to avoid complex migrations #963 and #991. The latter PR is the proper fix.
- (feat) v1->v2 migrations to accommodate a bugfix having to do with store keys, introduce new params, and deal with consumer genesis state schema changes #975 and #997
- (deps) Bump github.com/cosmos/ibc-go/v4 from 4.4.0 to 4.4.2 #982
- (fix) partially revert key assignment type safety PR #980
- (fix) Remove panics on failure to send IBC packets #876
- (fix) Prevent denom DOS #931
- (fix) multisig for assigning consumer key, use json #916
- (deps) Bump github.com/cosmos/ibc-go/v4 from 4.3.0 to 4.4.0 #902
- (feat) Add warnings when provider unbonding is shorter than consumer unbonding #858
- (chore) use go 1.19 #899, #840
- (feat) Standalone to consumer changeover - recycle existing transfer channel #832
- (deps) Bump IBC 862
- (testing) Add tests for soft opt out #857
- (feat) Standalone to consumer changeover - staking functionalities #794
- (fix) prevent provider from sending VSCPackets with multiple updates for the same validator #850
- (feat) Soft opt out #833
- (fix) Correctly handle VSC packet with duplicate val updates on consumer #846
- (deps) bump sdk to v0.45.15.ics #805
- (refactor) Remove spm module #812
- (feat) Standalone to consumer changeover part 1 #757
- (chore) Swap names of e2e and integration tests #681
- (fix) fix StopConsumerChain not running in cachedContext #802. Also in earlier releases with different commit order!
- (docs) Introduce docs website #759
- (fix) Serialize correct byte prefix for SlashLogKey #786
- (feature) Improve keeper field validation #766
- (docs) Contributing guidelines #744
- (refactor) Key assignment type safety #725
- (fix) Update protos and fix deps #752
- (api) Add consumer QueryParams #746
- (feature) New validation for keeper fields #740
New Contributors
- @dependabot made their first contribution in #763
- @jaybxyz made their first contribution in #829
- @greg-szabo made their first contribution in #871
Full Changelog: v1.0.0...v2.0.0-rc1
What's Changed between RC1 and RC2
- chore: Hardcode golangci-lint version (backport #990) by @mergify in #1013
- fix: proper consumer key prefix ordering (backport #991) by @mergify in #1011
- feat: Remove consumer genesis migration on provider (backport #997) by @mergify in #1012
- fix: limit vsc matured packets handled per endblocker (backport #1004) by @mergify in #1015
New Contributors
Full Changelog: v2.0.0-rc1...v2.0.0-rc2
Contributors
Assets 2
v2.0.0-rc1
The rc1 release candidate for replicated security v2.0.0.
Date: June 1st, 2023
Unlike prior releases, the ICS v2.0.0 release will be based on the main branch. v2.0.0 will contain all the accumulated feat PRs from previous releases, along with other PRs that were merged to main, but not released to production. After v2.0.0, we plan to revamp release practices, and how we modularize the repo for consumer/provider.
Upgrading a provider from v1.1.0-multiden to v2.0.0 will require state migrations. See migration.go. See the provider module's ConsensusVersion in module
Upgrading a consumer from v1.2.0-multiden to v2.0.0 will NOT require state migrations. See the consumer module's ConsensusVersion in module
From changelog...
High level changes included in v2.0.0
- MVP for standalone to consumer changeover, see EPIC
- MVP for soft opt out, see EPIC
- Various fixes, critical and non-critical
- Docs updates which should not affect production code
Notable PRs included in v2.0.0
- (feat) v1->v2 migrations to accommodate a bugfix having to do with store keys, introduce new params, and deal with consumer genesis state schema changes #975
- (deps) Bump github.com/cosmos/ibc-go/v4 from 4.4.0 to 4.4.2 #982
- (fix) partially revert key assignment type safety PR #980
- (fix) Remove panics on failure to send IBC packets #876
- (fix) consumer key prefix order to avoid complex migrations #963
- (fix) Prevent denom DOS #931
- (fix) multisig for assigning consumer key, use json #916
- (deps) Bump github.com/cosmos/ibc-go/v4 from 4.3.0 to 4.4.0 #902
- (feat) Add warnings when provider unbonding is shorter than consumer unbonding #858
- (chore) use go 1.19 #899, #840
- (feat) Standalone to consumer changeover - recycle existing transfer channel #832
- (deps) Bump IBC 862
- (testing) Add tests for soft opt out #857
- (feat) Standalone to consumer changeover - staking functionalities #794
- (fix) prevent provider from sending VSCPackets with multiple updates for the same validator #850
- (feat) Soft opt out #833
- (fix) Correctly handle VSC packet with duplicate val updates on consumer #846
- (deps) bump sdk to v0.45.15.ics #805
- (refactor) Remove spm module #812
- (feat) Standalone to consumer changeover part 1 #757
- (chore) Swap names of e2e and integration tests #681
- (fix) fix StopConsumerChain not running in cachedContext #802. Also in earlier releases with different commit order!
- (docs) Introduce docs website #759
- (fix) Serialize correct byte prefix for SlashLogKey #786
- (feature) Improve keeper field validation #766
- (docs) Contributing guidelines #744
- (refactor) Key assignment type safety #725
- (fix) Update protos and fix deps #752
- (api) Add consumer QueryParams #746
- (feature) New validation for keeper fields #740
New Contributors
- @dependabot made their first contribution in #763
- @jaybxyz made their first contribution in #829
- @greg-szabo made their first contribution in #871
Full Changelog: v1.0.0...v2.0.0-rc1
Contributors
Assets 2
v1.2.0-multiden
Note: This release is consensus breaking for the consumer. It's changes are not needed for the provider.
The first release candidate for a fix built on top of v1.2.0, intended for consumers. This release adds a list of denoms on the consumer that are allowed to be sent to the provider as rewards. This prevents a potential DOS attack that was discovered during the audit of Replicated Security performed by Oak Security and funded by the Cosmos Hub community through Proposal 687.
What's Changed
Full Changelog: v1.2.0...v1.2.0-multiden
v1.2.0-multiden-rc0
Note: This release is consensus breaking for the consumer. It's changes are not needed for provider
The first release candidate for a fix built on top of v1.2.0, intended for consumers. This release adds a list of denoms on the consumer that are allowed to be sent to the provider as rewards. As a result, a potential DOS attack is prevented.
What's Changed
Full Changelog: v1.2.0...v1.2.0-multiden-rc0
v1.1.0-multiden
Note: This release is consensus breaking for the provider, the changes are not needed on the consumer.
This release combines two fixes that we judged were urgent to get onto the Cosmos Hub before the launch of the first ICS consumer chain.
The first fix is to enable the use of multisigs and Ledger devices when assigning keys for consumer chains. The second is to prevent a possible DOS vector involving the reward distribution system.
Multisig fix
On April 25th (a week and a half ago), we began receiving reports that validators using multisigs and Ledger devices were getting errors reading Error: unable to resolve type URL /interchain_security.ccv.provider.v1.MsgAssignConsumerKey: tx parse error when attempting to assign consensus keys for consumer chains.
We quickly narrowed the problem down to issues having to do with using the PubKey type directly in the MsgAssignConsumerKey transaction, and Amino (a deprecated serialization library still used in Ledger devices and multisigs) not being able to handle this. We attempted to fix this with the assistance of the Cosmos-SDK team, but after making no headway for a few days, we decided to simply use a JSON representation of the PubKey in the transaction. This is how it is usually represented anyway. We have verified that this fixes the problem.
Distribution fix
The ICS distribution system works by allowing consumer chains to send rewards to a module address on the provider called the FeePoolAddress. From here they are automatically distributed to all validators and delegators through the distribution system that already exists to distribute staking rewards. The FeePoolAddress is usually blocked so that no tokens can be sent to it, but to enable ICS distribution we had to unblock it.
We recently realized that unblocking the FeePoolAddress could enable an attacker to send a huge number of different denoms into the distribution system. The distribution system would then attempt to distribute them all, leading to out of memory errors. Fixing a similar attack vector that existed in the distribution system before ICS led us to this realization.
To fix this problem, we have re-blocked the FeePoolAddress and created a new address called the ConsumerRewardsPool. Consumer chains now send rewards to this new address. There is also a new transaction type called RegisterConsumerRewardDenom. This transaction allows people to register denoms to be used as rewards from consumer chains. It costs 10 Atoms to run this transaction.The Atoms are transferred to the community pool. Only denoms registered with this command are then transferred to the FeePoolAddress and distributed out to delegators and validators.
Full Changelog: v1.1.0...release/v1.1.0-multiden
v1.2.1
Date: April 25th, 2023
Note safe to use as it's SM breaking and it requires state migration.
This is a patch release of Interchain Security (ICS), also known as Replicated Security (RS), which removes the dependency on spm module for initializing the chain and updates key handling.
Changes included:
- backport Remove spm
- backport Key assignment type safety
Full Changelog: v1.2.0...v1.2.1
v1.1.1
Note safe to use as it's SM breaking and it requires state migration.
What's Changed
Changes included:
- backport Remove spm
- backport Key assignment type safety
Full Changelog: v1.1.0...v1.1.1
v1.2.0
v1.1.0
What's changed
Full Changelog: v1.0.0...v1.1.0