Interchain Security Begins a New Era for Cosmos
Interchain Security has long been anticipated in Cosmos for its potential to grow the ecosystem and accrue value for the ATOM token. With the unanimous approval of the V9 Lambda upgrade (with Replicated Security) in prop 187, the Cosmos Hub can now lease its robust security to “consumer chains,” allowing emerging projects to bootstrap their economies while rewarding ATOM validators and delegators with fees. Replicated security lowers the barrier to launching secure sovereign decentralized chains — while providing a future-proof economic model for the Cosmos Hub.
Interchain Security or Replicated Security?
Interchain security is the broader term for a family of ‘shared security’ protocols. Within this clan, there are different versions, designs, and setups. The first and most straightforward is replicated security, in which the exact same validator set on the provider chain (Cosmos Hub) is used to validate blocks on the consumer chain. This complete overlap of validators allows the consumer chain to inherit the full security of the Cosmos Hub, with every validator lending its stake to the new chain.
Core Cosmos contributor Informal Systems completed work on replicated security alongside many other contributing teams including Stride, Notional, and AiB, releasing the two ICS modules:
- The ICS “consumer” module for consumer chains to install once the on-chain governance proposals to launch with replicated security are approved by the Cosmos Hub stakers community.
- The ICS “provider” module for the Cosmos Hub to install, allowing the Hub to provide security to future consumer chains.
This modularity in development allows the Cosmos Hub to remain minimal and secure, limiting its surface area for vulnerabilities while allowing innovation to flourish. With the launch of the permissionless CosmWasm execution layer and DeFi hub, Neutron on May 10, the Cosmos Hub began to provide replicated security to consumer chains, greatly reducing the resources they need to launch safely, as the cost of a potential attack on the emerging network is the same as the cost to attack the Cosmos Hub itself — one of the largest and most secure chains by market cap, backed by billions of dollars of staked ATOM.
As a separate module, replicated security works through IBC, with consumer chains receiving periodic IBC packets with the up-to-date validator set of the Cosmos Hub. Consumer chains then update their own validator sets and replicate the Cosmos Hub set-up across their chains. Cosmos Hub validators can validate multiple consumer chains at once and receive a portion of their transaction fees and inflation as staking rewards in return.
Limitations of Replicated Security
Replicated security marks a giant milestone for Cosmos, however, there is a limitation to the number of chains the Cosmos Hub can support. Onboarding the first chains and integrating the replicated security module will require roughly one developer day of dedicated support. This will need to get quicker as more chains launch with replicated security. The Cosmos Hub can support approximately five to 10 chains this year using replicated security — it’s unlikely that validators will be able to run more chains in the short term as they need to run a separate server for each.
Due to the limitations of replicated security, Informal Systems is currently speccing out Opt-in Security which allows Hub validators to opt in or out of validating a particular consumer chain. This means that validators with the bandwidth to run a new chain can but do not have to, as opposed to the current model where all validators must run a consumer chain if it is voted in.
Opt-in security will reduce the potential for validator burnout, but even with the most active validators opting to run multiple consumer chains, how does this security model lend itself to a multichain future with potentially hundreds of thousands of consumer chains? Scaling Interchain Security is still a work in progress and several options are being assessed, including Layered Security and Mesh Security.
Layered Security and Mesh Security
Layered security allows other existing Cosmos chains to become provider chains, giving consumer chains the ability to lease security from multiple providers, increasing validator bandwidth and competition, and lowering the cost of security. Consumer chains can combine the full weight of their own market cap with an additional layer of the provider chain’s market cap. Validators can opt in or out of validating new consumer chains
Mesh Security, on the other hand, created by Sunny Agarwal, CEO of Osmosis, offers a way for delegators to provide economic security to consumer chains. Rather than taking the validator set of the provider chain, delegators on the provider chain can delegate to validators in the consumer chain’s own validator set using the provider chain’s token.
The difference between these models is the units of interest. Layered security is mostly about the validators, while mesh security is about the delegators. Replicated security and mesh security are very complimentary. A chain could decide to use replicated security or opt-in security and also use mesh security, for example. The primary validator set is the one of the Cosmos Hub and the chain could also gain economic power from another chain like Osmosis.
In a future with mesh security, Cosmos chains are secured by each other, creating a robust network of interdependent blockchains. There is certainly vast potential here, but mesh security needs further analysis and the Informal and Osmosis teams will need to work closely to limit any security risks to ensure that this solution is secure.
The First Consumer Chains Launching with Replicated Security
Five consumer chains have already confirmed their intent to launch with replicated security in the coming months, with a further pipeline of chains in early or late-stage discussions. Consumer chains wanting to launch with replicated security must place their proposals on the Cosmos Forum for discussion and then on-chain on Cosmos Hub governance for a two-week voting period to be approved or rejected.
Neutron placed its proposal on the Cosmos Forum on March 31 with an overwhelmingly enthusiastic response. The proposal was then posted on-chain on April 22 and approved at the end of the voting period. Neutron was the first consumer chain to launch on May 10.
Stride, the largest liquid staking provider in Cosmos, placed its proposal on the forum on April 14 and then on-chain on April 27. Prop 794 passed on May 12 to make Stride the second consumer chain approved to launch, in the coming days.
Unlike Neutron, which launched to mainnet on replicated security, Stride protocol launched in 2022 and will carry out a chain upgrade to swap out the existing Stride validator set with the Cosmos Hub validator set. You can find further details about this in Stride’s roadmap for 2023 here.
Rewards for ATOM Validators and Delegators
According to the initial security agreement, Cosmos Hub will receive 25% of transaction fees for providing security to Neutron, fees that will be collected by ATOM holders and validators. Neutron has also proposed to share 25% of its MEV revenue. Cosmos Hub will receive and share additional NTRN rewards with ATOM validators and delegators from transaction fees and MEV bids, as well as extra ATOM from transaction fees. Read more details in the proposal.
Stride proposes a revenue share across four different areas:
- 15% of liquid staking rewards
- 15% of STRD inflationary staking rewards
- 15% of MEV revenue
- 15% of transaction fees
You can find more details in this proposal here. Other confirmed chains are Duality decentralized exchange (DEX), Fair Block, and Simply Staking, with launches or upgrades to replicated security expected in the coming months.
Preventing Security Issues Onboarding Consumer Chains
Core contributors have been working on Interchain Security for a couple of years, and continue to research and develop subsequent versions. This substantial timeline is necessary to properly analyze the risks and ensure that this shared security model for Cosmos does not expose the ecosystem to any unnecessary hazards. During initial research for replicated security, for example, Cosmos co-founder and CEO of AiB, Jae Kwon, detected a potential problem with automatic slashing.
If a validator misbehaves on a consumer chain, the consumer chain sends a slash packet to the Cosmos Hub (via IBC), and the Hub automatically punishes that validator (jail+slash). Jae saw that this could seriously harm the Hub because a malicious consumer chain could jail a significant part of the validator set, leaving the validation to a subset that could act maliciously directly on the Hub. He suggested removing automatic slashing and replacing it with a new type of governance proposal — the slash proposal. The slash proposal is submitted on the Hub to punish a validator that misbehaves on a consumer chain. If the proposal passes, the validator gets slashed, adding an additional layer of security to the process.
Another issue was encountered by the Informal team while developing opt-in security. They uncovered a stumbling block in its design called the “subset problem.” The subset problem would enable a large validator to gain control of a consumer chain (more than 66%) and perform any action, even draining it of funds. This potential for malicious behavior could occur because, even if a validator set as a whole is secure, any subset of that validator set may not be and could opt into a consumer with a malicious majority allowing it to gain control. You can read more about the subset problem here.
Mesh security needs further analysis, as well, as the current design leaves scope for validators to behave maliciously with many conditions they would not be slashed for, allowing them to become profitable from a potential attack. This is why mesh security needs further analysis so that these kinds of edge cases are properly considered.
Releasing Interchain Security as a separate module from the Cosmos Hub allows the Hub to remain minimal, with limited functionality to decrease its surface area for attack, but can anything go wrong for the consumer chains during their launch? While there’s always the possibility of software bugs, the Interchain Security module has completed a third-party audit and will soon be audited a second time, for additional peace of mind.
Moreover, in terms of economic security, using the validator set of the Cosmos Hub is a major upgrade for consumer chains as the cost of any attack on the chain would be the same as the Hub itself. Consumer chains must also run extensive testing and public dress rehearsals before going live to uncover any possible issues in advance and enhance a safe and successful outcome.
What Comes Next for ICS
Replicated security is a giant leap forward for Cosmos, changing the security model forever and providing the Cosmos Hub with a viable way of sustaining its economic security model into the future, earning transaction fees for ATOM validators and delegators across all the ICS-hosted zones. So, now that the first milestone has been reached, what are the next steps for ICS?
Informal and other contributors will continue to spec out and develop opt-in security, and uncover a solution to the subset problem. The team will also work closely with Osmosis to further research mesh security and how to create a sustainable network of interdependent blockchains. Other developments to watch for will be the growth of the new ATOM Economic Zone formed by the Cosmos Hub and the first consumer chains of replicated security. The ATOM Economic Zone will bring about new innovative ways for its members to benefit from the replication of validator sets across the different chains. Sharing the same validator set reduces the risk parameters of interoperability (IBC) between two sovereign chains, improves UX, and enables many benefits in terms of security, synchronous IBC, atomic IBC, and packet forwarding.
Feature development for ATOM Economic Zone members is still in the ideation stage, but you can expect some exciting developments to come. Thanks to Interchain Security, the Cosmos ecosystem is set to increase adoption, expand economic opportunities, and grow in an exponential — and sustainable — way.
