diff --git a/spec/core/ics-003-connection-semantics/README.md b/spec/core/ics-003-connection-semantics/README.md index b4458940f..fdc0d7f4a 100644 --- a/spec/core/ics-003-connection-semantics/README.md +++ b/spec/core/ics-003-connection-semantics/README.md @@ -6,10 +6,10 @@ category: IBC/TAO kind: instantiation requires: 2, 24 required-by: 4, 25 -version compatibility: ibc-go v7.0.0 +version compatibility: ibc-go v9.0.0 author: Christopher Goes , Juwoon Yun created: 2019-03-07 -modified: 2019-08-25 +modified: 2024-07-23 --- ## Synopsis @@ -464,25 +464,21 @@ function connOpenTry( counterpartyPrefix: CommitmentPrefix, counterpartyClientIdentifier: Identifier, clientIdentifier: Identifier, - clientState: ClientState, + clientState: ClientState, // DEPRECATED counterpartyVersions: string[], delayPeriodTime: uint64, delayPeriodBlocks: uint64, proofInit: CommitmentProof, - proofClient: CommitmentProof, - proofConsensus: CommitmentProof, + proofClient: CommitmentProof, // DEPRECATED + proofConsensus: CommitmentProof, // DEPRECATED proofHeight: Height, consensusHeight: Height, - hostConsensusStateProof?: bytes, + hostConsensusStateProof?: bytes, // DEPRECATED ) { // generate a new identifier identifier = generateIdentifier() abortTransactionUnless(queryClientState(clientIdentifier) !== null) - abortTransactionUnless(validateSelfClient(clientState)) - abortTransactionUnless(consensusHeight < getCurrentHeight()) - expectedConsensusState = getConsensusState(consensusHeight, hostConsensusStateProof) - abortTransactionUnless(expectedConsensusState !== null) expectedConnectionEnd = ConnectionEnd{INIT, "", getCommitmentPrefix(), counterpartyClientIdentifier, clientIdentifier, counterpartyVersions, delayPeriodTime, delayPeriodBlocks} @@ -492,10 +488,7 @@ function connOpenTry( connection = ConnectionEnd{TRYOPEN, counterpartyConnectionIdentifier, counterpartyPrefix, clientIdentifier, counterpartyClientIdentifier, [version], delayPeriodTime, delayPeriodBlocks} abortTransactionUnless(connection.verifyConnectionState(proofHeight, proofInit, counterpartyConnectionIdentifier, expectedConnectionEnd)) - abortTransactionUnless(connection.verifyClientState(proofHeight, proofClient, clientState)) - abortTransactionUnless(connection.verifyClientConsensusState( - proofHeight, proofConsensus, counterpartyClientIdentifier, consensusHeight, expectedConsensusState)) - + provableStore.set(connectionPath(identifier), connection) addConnectionToClient(clientIdentifier, identifier) } @@ -506,30 +499,30 @@ function connOpenTry( ```typescript function connOpenAck( identifier: Identifier, - clientState: ClientState, + clientState: ClientState, // DEPRECATED version: string, counterpartyIdentifier: Identifier, proofTry: CommitmentProof, - proofClient: CommitmentProof, - proofConsensus: CommitmentProof, + proofClient: CommitmentProof, // DEPRECATED + proofConsensus: CommitmentProof, // DEPRECATED proofHeight: Height, consensusHeight: Height, - hostConsensusStateProof?: bytes, + hostConsensusStateProof?: bytes, // DEPRECATED ) { - abortTransactionUnless(consensusHeight < getCurrentHeight()) - abortTransactionUnless(validateSelfClient(clientState)) connection = provableStore.get(connectionPath(identifier)) abortTransactionUnless(connection !== null) - abortTransactionUnless((connection.state === INIT && connection.versions.indexOf(version) !== -1) - expectedConsensusState = getConsensusState(consensusHeight, hostConsensusStateProof) - abortTransactionUnless(expectedConsensusState !== null) - expectedConnectionEnd = ConnectionEnd{TRYOPEN, identifier, getCommitmentPrefix(), - connection.counterpartyClientIdentifier, connection.clientIdentifier, - [version], connection.delayPeriodTime, connection.delayPeriodBlocks} + abortTransactionUnless(connection.state === INIT && connection.versions.indexOf(version) !== -1) + expectedConnectionEnd = ConnectionEnd{ + TRYOPEN, + identifier, + getCommitmentPrefix(), + connection.counterpartyClientIdentifier, + connection.clientIdentifier, + [version], + connection.delayPeriodTime, + connection.delayPeriodBlocks + } abortTransactionUnless(connection.verifyConnectionState(proofHeight, proofTry, counterpartyIdentifier, expectedConnectionEnd)) - abortTransactionUnless(connection.verifyClientState(proofHeight, proofClient, clientState)) - abortTransactionUnless(connection.verifyClientConsensusState( - proofHeight, proofConsensus, connection.counterpartyClientIdentifier, consensusHeight, expectedConsensusState)) connection.state = OPEN connection.versions = [version] connection.counterpartyConnectionIdentifier = counterpartyIdentifier @@ -580,7 +573,7 @@ function queryClientConnections(id: Identifier): Set { ## Backwards Compatibility -Not applicable. +In the latest specification of the connection handshake, `connOpenTry` and `connOpenAck` will no longer validate that the counterparty's clien state and consensus state is a valid client of the executing chain's consensus protocol. Thus, `clientState`, `proofClient`, `proofConsensus` and `consensusHeight` fields in the `ConnOpenTry` and `ConnOpenACk` datagrams are deprecated and will eventually be removed. ## Forwards Compatibility @@ -605,6 +598,8 @@ Jul 29, 2019 - Revisions to track connection set associated with client Jul 27, 2022 - Addition of `ClientState` validation in `connOpenTry` and `connOpenAck` +Jul 23, 2024 - [Removal of `ClientState` and `ConsensusState` validation in `connOpenTry` and `connOpenAck`](https://github.com/cosmos/ibc/pull/1128). For information on the consequences of these changes see the attached [diagram](./client-validation-removal.png) and [consequences document](./client-validation-removal.md) + ## Copyright All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/spec/core/ics-003-connection-semantics/client-validation-removal.excalidraw b/spec/core/ics-003-connection-semantics/client-validation-removal.excalidraw new file mode 100644 index 000000000..a3e04f224 --- /dev/null +++ b/spec/core/ics-003-connection-semantics/client-validation-removal.excalidraw @@ -0,0 +1,779 @@ +{ + "type": "excalidraw", + "version": 2, + "source": "https://excalidraw.com", + "elements": [ + { + "type": "rectangle", + "version": 352, + "versionNonce": 743366944, + "index": "a0", + "isDeleted": false, + "id": "Yd8PZmyx4ecAoEJeTN0gU", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 360.1384787370346, + "y": 233.86328125, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 393.76953125, + "height": 222.0703125, + "seed": 523580704, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "id": "uQ3uhCc3hBNYBzhXURfgS", + "type": "arrow" + } + ], + "updated": 1721739352893, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 11, + "versionNonce": 973432032, + "index": "a1", + "isDeleted": false, + "id": "KqdrLNodfeliUlAaYd7U_", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 413, + "y": 213, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 72.93995666503906, + "height": 25, + "seed": 1588722912, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1721644188803, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 1, + "text": "Chain A", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "Chain A", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "type": "rectangle", + "version": 590, + "versionNonce": 752964246, + "index": "a2", + "isDeleted": false, + "id": "39YVRup8859-A1EafFRqL", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 1084.42578125, + "y": 236.17578125, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 351.1796875, + "height": 219.17022717039075, + "seed": 486520096, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "id": "QN3CYjHvpZvUKeBl7mcVy", + "type": "arrow" + }, + { + "id": "M9Ev5BXiStMWc7AiEqYoG", + "type": "arrow" + }, + { + "id": "uQ3uhCc3hBNYBzhXURfgS", + "type": "arrow" + } + ], + "updated": 1721750252410, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 215, + "versionNonce": 58443040, + "index": "a3", + "isDeleted": false, + "id": "ZjCZc39bqWi0_Rg5gNQlI", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 1156.171875, + "y": 212.65625, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 74.35995483398438, + "height": 25, + "seed": 1671870688, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1721651877452, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 1, + "text": "Chain B", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "Chain B", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "type": "rectangle", + "version": 325, + "versionNonce": 1536376096, + "index": "a4", + "isDeleted": false, + "id": "uCslPrAM4Djw5ExOq0aUN", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 358.88671875, + "y": 636.76953125, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 395.90624999999994, + "height": 212.75781250000006, + "seed": 1646592288, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "id": "QN3CYjHvpZvUKeBl7mcVy", + "type": "arrow" + }, + { + "id": "M9Ev5BXiStMWc7AiEqYoG", + "type": "arrow" + } + ], + "updated": 1721651868077, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 107, + "versionNonce": 2051606816, + "index": "a6", + "isDeleted": false, + "id": "agwtoJMxeGS7bIuxaD4Bx", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 408.171875, + "y": 612.390625, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 72.699951171875, + "height": 25, + "seed": 1462127840, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1721651871954, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 1, + "text": "Chain C", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "Chain C", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "type": "text", + "version": 190, + "versionNonce": 1469958218, + "index": "a7", + "isDeleted": false, + "id": "CG88NZPlfuRalVY8yMxWp", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 385.79709345596996, + "y": 243.3760499715164, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 280.9679260253906, + "height": 126.07659386602299, + "seed": 784427296, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1721750238830, + "link": null, + "locked": false, + "fontSize": 20.17225501856368, + "fontFamily": 1, + "text": "client-2 -> B\nconn-1 -> {self: client-2,\ncp: client-1, cp_conn: conn-3}\nchan-5 -> {connHops: conn-1, \ncp: chan-4}", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "client-2 -> B\nconn-1 -> {self: client-2,\ncp: client-1, cp_conn: conn-3}\nchan-5 -> {connHops: conn-1, \ncp: chan-4}", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "type": "text", + "version": 223, + "versionNonce": 920780310, + "index": "a8", + "isDeleted": false, + "id": "gR93Hy-MkvblVRqLrG8kZ", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 396.2632724935363, + "y": 650.4820224935364, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 348.0797119140625, + "height": 125, + "seed": 1898438880, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1721750263921, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 1, + "text": "client-2 -> B\nconn-1 -> {self: client-2, cp: client-1,\ncp_conn: conn-3}\nchan-5 -> {connHops: conn-1,\ncp: chan-4}", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "client-2 -> B\nconn-1 -> {self: client-2, cp: client-1,\ncp_conn: conn-3}\nchan-5 -> {connHops: conn-1,\ncp: chan-4}", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "type": "text", + "version": 366, + "versionNonce": 902610326, + "index": "a9", + "isDeleted": false, + "id": "QQliPNdJCx7vEze58Q8JR", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 1137.5972112021814, + "y": 248.57400344845155, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 277.23980712890625, + "height": 150, + "seed": 1979716896, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1721750372396, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 1, + "text": "client-1 -> C\nconn-3 -> {self: client-1,\ncp: client-2, cp_conn:\nconn-1}\nchan-4 -> {connHops: conn-3,\ncp: chan-4}", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "client-1 -> C\nconn-3 -> {self: client-1,\ncp: client-2, cp_conn:\nconn-1}\nchan-4 -> {connHops: conn-3,\ncp: chan-4}", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "type": "rectangle", + "version": 137, + "versionNonce": 2111260554, + "index": "aA", + "isDeleted": false, + "id": "TKzr0vHyE4XWHulEuVtAT", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 1090.48046875, + "y": 629.6252763560002, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 346.33508017548763, + "height": 202.90625, + "seed": 1665508576, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "id": "H3lGRledKiu-WVXy3772m", + "type": "arrow" + } + ], + "updated": 1721750276225, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 11, + "versionNonce": 344204576, + "index": "aB", + "isDeleted": false, + "id": "3ZghdMy-mO97wkrk3EEBD", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 1170, + "y": 606, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 75.41995239257812, + "height": 25, + "seed": 603720992, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1721651737357, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 1, + "text": "Chain D", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "Chain D", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "type": "text", + "version": 243, + "versionNonce": 1221643850, + "index": "aC", + "isDeleted": false, + "id": "xvF8I7c4kFre8QJyPD3-A", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 1122.1427689597338, + "y": 657.3267882330041, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 278.019775390625, + "height": 125, + "seed": 1058178272, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1721750366371, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 1, + "text": "client-1 -> C\nconn-3 -> {self: client-1,\ncp: client-2, cp_conn: conn-1}\nchan-4 -> {connHops: conn-3,\ncp: chan-4}", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "client-1 -> C\nconn-3 -> {self: client-1,\ncp: client-2, cp_conn: conn-1}\nchan-4 -> {connHops: conn-3,\ncp: chan-4}", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "type": "arrow", + "version": 171, + "versionNonce": 1577314838, + "index": "aD", + "isDeleted": false, + "id": "uQ3uhCc3hBNYBzhXURfgS", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 767.0798849870346, + "y": 339.53714483330486, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 304.7833962629654, + "height": 0.38949285548875423, + "seed": 1929654496, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1721750252410, + "link": null, + "locked": false, + "startBinding": { + "elementId": "Yd8PZmyx4ecAoEJeTN0gU", + "gap": 13.171875, + "focus": -0.0449448346714202 + }, + "endBinding": { + "elementId": "39YVRup8859-A1EafFRqL", + "gap": 12.5625, + "focus": 0.062414350761616284 + }, + "lastCommittedPoint": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "points": [ + [ + 0, + 0 + ], + [ + 304.7833962629654, + -0.38949285548875423 + ] + ] + }, + { + "type": "arrow", + "version": 196, + "versionNonce": 823272726, + "index": "aF", + "isDeleted": false, + "id": "QN3CYjHvpZvUKeBl7mcVy", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 770.58984375, + "y": 752.9265113664123, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 304.46484375, + "height": 395.3092724618856, + "seed": 1974412512, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1721750252410, + "link": null, + "locked": false, + "startBinding": { + "elementId": "uCslPrAM4Djw5ExOq0aUN", + "gap": 15.796875, + "focus": 0.790638045498287 + }, + "endBinding": { + "elementId": "39YVRup8859-A1EafFRqL", + "gap": 9.37109375, + "focus": 0.6762880872333856 + }, + "lastCommittedPoint": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "points": [ + [ + 0, + 0 + ], + [ + 304.46484375, + -395.3092724618856 + ] + ] + }, + { + "type": "arrow", + "version": 363, + "versionNonce": 1880119190, + "index": "aG", + "isDeleted": false, + "id": "M9Ev5BXiStMWc7AiEqYoG", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 1068.80078125, + "y": 396.64863537568556, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 283.890625, + "height": 369.55917136427354, + "seed": 748094752, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1721750252410, + "link": null, + "locked": false, + "startBinding": { + "elementId": "39YVRup8859-A1EafFRqL", + "gap": 15.625, + "focus": 0.5855959439003082 + }, + "endBinding": { + "elementId": "uCslPrAM4Djw5ExOq0aUN", + "gap": 30.1171875, + "focus": 0.8788301668262039 + }, + "lastCommittedPoint": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "points": [ + [ + 0, + 0 + ], + [ + -283.890625, + 369.55917136427354 + ] + ] + }, + { + "type": "arrow", + "version": 206, + "versionNonce": 1331283530, + "index": "aI", + "isDeleted": false, + "id": "H3lGRledKiu-WVXy3772m", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 1072.14453125, + "y": 739.1045613784454, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 243.84375, + "height": 10.661063621554604, + "seed": 1858638048, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1721750276225, + "link": null, + "locked": false, + "startBinding": { + "elementId": "TKzr0vHyE4XWHulEuVtAT", + "gap": 18.3359375, + "focus": 0.0031785684933362287 + }, + "endBinding": null, + "lastCommittedPoint": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "points": [ + [ + 0, + 0 + ], + [ + -243.84375, + 10.661063621554604 + ] + ] + }, + { + "type": "text", + "version": 1096, + "versionNonce": 1015133408, + "index": "aJ", + "isDeleted": false, + "id": "Ug5AA066r4v83c6qyYzA6", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 430.29296875, + "y": 895.41015625, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 800.4794311523438, + "height": 400, + "seed": 127919392, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1721663260385, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 1, + "text": "SendPacket from Chain A: Not receivable by Chain B\n\nSendPacket from Chain B: Receivable by Chain C\nReceivable by Chain A. This token is double spent into a misconfigured chain\nSending from A back to B will fail. Thus it is only redeemable by Chain C\n\nSendPacket from Chain C: Receivable by Chain B\nReceivable by Chain D. This token is double spent into a misconfigured chain.\nSending from D back to C will fail. Thus it is redeemable only by Chain B\n\nOther packet flow messages passing will require coincidences.\nSuppose Chain A and Chain C sends the exact same SendPacket\nThe chain C packet will be receivable by Chain B which writes an ACK\nBoth chain C and chain A will acknowledge the packet as if it is meant for them\nbut only chain C acknowledgement logic is valid\n", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "SendPacket from Chain A: Not receivable by Chain B\n\nSendPacket from Chain B: Receivable by Chain C\nReceivable by Chain A. This token is double spent into a misconfigured chain\nSending from A back to B will fail. Thus it is only redeemable by Chain C\n\nSendPacket from Chain C: Receivable by Chain B\nReceivable by Chain D. This token is double spent into a misconfigured chain.\nSending from D back to C will fail. Thus it is redeemable only by Chain B\n\nOther packet flow messages passing will require coincidences.\nSuppose Chain A and Chain C sends the exact same SendPacket\nThe chain C packet will be receivable by Chain B which writes an ACK\nBoth chain C and chain A will acknowledge the packet as if it is meant for them\nbut only chain C acknowledgement logic is valid\n", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "type": "text", + "version": 1052, + "versionNonce": 1370680544, + "index": "aK", + "isDeleted": false, + "id": "JAht8WVr_9XdR-kX-m8XY", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 1776.2769145021512, + "y": 253.02825896369697, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "width": 688.41943359375, + "height": 450, + "seed": 1676632288, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1721749920023, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 1, + "text": "What does this require?\nCoincidence of identifier for clients. Chain A and Chain C\nuse same client identifier for chain B\nChain D and chain B use the same client identifier for chain C\nCoincidence of identifiers in connection identifiers\nCoincidence of timing in the Connection Handshake. e..g. B-C connection\nhandshake cannot be complete before chain A starts handshake\nCoincidence of identifiers in the channel identifiers\nCoincidence of timing in the Channel Handshake\n\nFull packet flow is only possible on valid connection/channel\nPartial flows possible only on misconfigured chains\nFull packet flow only possible on misconfigured chains if there\nis simultaneously a coincidence of valid packet flow\n\nChain B and Chain C are never confused about who they are\ntalking to.\nTheir respective escrow accounts are safe.", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "What does this require?\nCoincidence of identifier for clients. Chain A and Chain C\nuse same client identifier for chain B\nChain D and chain B use the same client identifier for chain C\nCoincidence of identifiers in connection identifiers\nCoincidence of timing in the Connection Handshake. e..g. B-C connection\nhandshake cannot be complete before chain A starts handshake\nCoincidence of identifiers in the channel identifiers\nCoincidence of timing in the Channel Handshake\n\nFull packet flow is only possible on valid connection/channel\nPartial flows possible only on misconfigured chains\nFull packet flow only possible on misconfigured chains if there\nis simultaneously a coincidence of valid packet flow\n\nChain B and Chain C are never confused about who they are\ntalking to.\nTheir respective escrow accounts are safe.", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "3IJ-NJxV8lB6HabKu1plS", + "type": "text", + "x": 417.7445902901098, + "y": 105.40244979747675, + "width": 749.9193115234375, + "height": 25, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "aL", + "roundness": null, + "seed": 1019693834, + "version": 182, + "versionNonce": 1387079766, + "isDeleted": false, + "boundElements": null, + "updated": 1721750596473, + "link": null, + "locked": false, + "text": "Potential consequences of removing client validation in connection handshake", + "fontSize": 20, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "Potential consequences of removing client validation in connection handshake", + "autoResize": true, + "lineHeight": 1.25 + } + ], + "appState": { + "gridSize": null, + "viewBackgroundColor": "#ffffff" + }, + "files": {} +} \ No newline at end of file diff --git a/spec/core/ics-003-connection-semantics/client-validation-removal.md b/spec/core/ics-003-connection-semantics/client-validation-removal.md new file mode 100644 index 000000000..d1d764cbb --- /dev/null +++ b/spec/core/ics-003-connection-semantics/client-validation-removal.md @@ -0,0 +1,29 @@ +# Client Validation Removal + +The IBC protocol is no longer requiring that chains verify that the underlying counterparty client of a connection is a valid client of their consensus protocol. In order to understand the motivation for these changes, this document will describe why the validation existed in the first place, what challenges they introduced, and what the consequences are of removing them. + +## Client Validation Motivation + +Client validation was initially included in the connection handshake handlers in order to ensure that both chains were talking to the correct counterparty, i.e. the connection was correctly configured such that both chains are talking to each other. This ensures that when a channel is built on top of that connection, and a packet is sent over that channel, only a single chain is capable of receiving the packet. + +IBC relies on locally unique identifiers for each chain's client, connection and channel identifiers. Thus, the identifiers, connection struct and channel struct are not unique to a chain. The only thing that uniquely identifies a chain is its consensus. Specifically, the tuple of `(height, chainID, validatorSet)` is unique for an honest chain. This tuple is committed to by the headers a validator set produces. Thus, if a chain A has a client with a consensus state that is committing to a tuple uniquely identifying chain B; then chain B can be sure that the client on chain A is a client of itself. Thus any connection on chain A built on top of that client is meant to connect to chain B. + +The IBC connection handshake used this fact to ensure that the connection handshake only completes for the chains that are directly pointing to one another. If a relayer misconfigured the connection handshake by choosing the wrong counterparty client identifer on `ConnOpenInit`, the handshake would fail on `ConnOpenAck` when the counterparty client is proven to not be a valid client of the initializing chain. Thus, misconfigured connection attempts are blocked from completing. When a connection moves to `OPEN`, we can be sure that only the two chains in question are connected to each other. + +Without this check, it is possible in very unlucky circumstances to have two chains that are validly connected to each other and also have misconfigured third-party chains that believe they are connected to a chain that is not connected back to them. For an example of this situation, see the attached [diagram](./client-validation-removal.png). In this case, the validly connected chains will have communication between them that follows IBC's correctness and integrity properties. However, the chains that are misconfigured may misinterpret messages sent to other chains as messages intended for them. In this case, the only connection ends that are affected are the misconfigured connection ends that do not correlate to a valid connection end on the intended counterparty. In order for this situation to arise, there would need to not only be relayer error, but also a coincidence in identifiers and handshake message timing. Thus, this is an unlikely situation to arise in practice and the only effect is invalid message processing on misconfigured connections and channel ends. + +## Client Validation Problems + +While it is beneficial that misconfigured connection attempts are blocked from completing, the client validation in the connection handshake introduced a lot of problems for the upgradability and flexibility of the protocol. + +- Not all chains have the ability to introspect their own consensus, specifically their own consensus history which is required to validate a counterparty's previous consensus state. +- Explicit verification of a counterparty client state and consensus state makes adding new implementions of the same consensus difficult since the validation of any new client implementations must be supported on the counterparty you want to use it with. Thus, the structure of `ClientState` and `ConsensusState` is very difficult to change without interchain coordination. +- Similarly, the proofs rely on ICS24 paths for the `ClientState` and `ConsensusState`. Thus, changing the key paths to a more efficient representation is very difficult without interchain coordination. + +## Social Consensus + +As mentioned above, the client validation in the connection handshake prevents the creation of `OPEN` misconfigured connections and channels. However, it does not prevent the creation of `OPEN` connections and channels that are opened to malicious chains. The way IBC handles these situations is to rely on social consensus. This can be in the form of explicit social consensus, i.e. governance approved clients, connections and channels; or implicit social consensus where IBC messages are permissionless but there exists an out-of-band consensus on which connection ID is the canonical connection that all users will use to communicate to an external chain. This out-of-band consensus can be reflected in chain registries and front ends that are reflected to end users to prevent them from unintentionally using the wrong channel. + +Thus, social consensus is already a key element of how IBC functions for end users. We can extend the use of this pre-existing social consensus to also prevent users from sending on misconfigured connection ends rather than enforcing validation in the protocol. By removing the validation, we vastly simplify the connection handshake protocol: removing two proof verifications in both `ConnOpenTry` and `ConnOpenAck`. Ledgers no longer need to track their own consensus in order to explicitly validate a counterparty's client. This gives much more freedom and flexibility to how clients are implemented and written into state. + +While removing client validation in the connection handshake does open the slight possibility of misconfigured but still usable channels, social consensus will be relied on going forward to ensure these misconfigured channels do not get usage. diff --git a/spec/core/ics-003-connection-semantics/client-validation-removal.png b/spec/core/ics-003-connection-semantics/client-validation-removal.png new file mode 100644 index 000000000..f5a6d3540 Binary files /dev/null and b/spec/core/ics-003-connection-semantics/client-validation-removal.png differ diff --git a/spec/core/ics-026-routing-module/README.md b/spec/core/ics-026-routing-module/README.md index cee7e4e37..0c19c54f5 100644 --- a/spec/core/ics-026-routing-module/README.md +++ b/spec/core/ics-026-routing-module/README.md @@ -342,15 +342,15 @@ interface ConnOpenTry { counterpartyPrefix: CommitmentPrefix counterpartyClientIdentifier: Identifier clientIdentifier: Identifier - clientState: ClientState + clientState: ClientState // DEPRECATED counterpartyVersions: string[] delayPeriodTime: uint64 delayPeriodBlocks: uint64 proofInit: CommitmentProof - proofClient: CommitmentProof - proofConsensus: CommitmentProof + proofClient: CommitmentProof // DEPRECATED + proofConsensus: CommitmentProof // DEPRECATED proofHeight: Height - consensusHeight: Height + consensusHeight: Height // DEPRECATED } ``` @@ -379,14 +379,14 @@ The `ConnOpenAck` datagram confirms a handshake acceptance by the IBC module on ```typescript interface ConnOpenAck { identifier: Identifier - clientState: ClientState + clientState: ClientState // DEPRECATED version: string counterpartyIdentifier: Identifier proofTry: CommitmentProof - proofClient: CommitmentProof - proofConsensus: CommitmentProof + proofClient: CommitmentProof // DEPRECATED + proofConsensus: CommitmentProof // DEPRECATED proofHeight: Height - consensusHeight: Height + consensusHeight: Height // DEPRECATED } ```