Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate limiting IBC connections #235

Closed
Tracked by #514
, #1125
...
liamsi opened this issue Mar 8, 2022 · 4 comments · Fixed by #1219
Closed
Tracked by #514
, #1125
...

Investigate limiting IBC connections #235

liamsi opened this issue Mar 8, 2022 · 4 comments · Fixed by #1219
Assignees
@cmwaters
Milestone
Incentivized Testnet

Comments

@liamsi
Copy link
Member

liamsi commented Mar 8, 2022

Summary

While we do want IBC connections to a few selected chains (#734), we do not want that anyone can establish a connection to arbitrary zones. Reason is that we want to keep the state machine as minimal as possible as well as the base layer as focused as possible.

Problem Definition

Need to limit the chains that can connect to Celestia to a predefined allow-list. That allow-list might grow over time. Either it can be modified via governance (#168), or, modifications to the list must require a hard-fork.

Proposal

TODO write proposal in more details:

  • create ibc clients for target chains on genesis
  • reject CreateClient txs
  • allow governance to whitelist and create new clients?
  • ...
@musalbas
Copy link
Member

musalbas commented Mar 9, 2022
edited
Loading

Reason is that we want to keep the state machine as minimal as possible as well as the base layer as focused as possible.

Can we expand on this a bit? What extra complexity on computation is introduced if arbitrary IBC connections are allowed? Is it that relayers can cause Celestia validators to validate arbitrary block headers and signatures from other chain? I think, if the transaction fee for that is priced correctly it might not be necessarily bad, but not entirely sure yet.

@liamsi
Copy link
Member Author

liamsi commented Mar 11, 2022
edited
Loading

Is it that relayers can cause Celestia validators to validate arbitrary block headers and signatures from other chain?

Yes, though as the validator sets (or at least the +2/3 of stake) are relatively stable usually, this is not too bad as IBC defaults to skipping verification and does not require a MsgUpdateClient too often to keep the connection alive (and relayers pay themselves for these Tx).

I think, if the transaction fee for that is priced correctly it might not be necessarily bad, but not entirely sure yet.

I am not sure if the Txs are priced in a particularly special way. The more sigs, the larger the Tx, the more gas it would consume (and the higher the fee). But not sure if that matches "priced correctly".

@evan-forbes evan-forbes mentioned this issue Jul 1, 2022
Closed
41 tasks
@liamsi
Copy link
Member Author

liamsi commented Jul 20, 2022
edited
Loading

An alternative we could consider here is to instead "white-list" the token denoms that go in and out. Basically any Tx that is not related to the celestia native token should be dropped. I think @zmanian suggested that as an alternative worth exploring instead.

@musalbas
Copy link
Member

Are we sure we need a white-list anyways? Is adding new IBC connections execution/state heavy?

@evan-forbes evan-forbes changed the title Limit IBC connections via allowlist Investigate limiting IBC connections Aug 8, 2022
@liamsi liamsi mentioned this issue Sep 5, 2022
Closed
@rahulghangas rahulghangas mentioned this issue Sep 9, 2022
Closed
1 task
@evan-forbes evan-forbes removed their assignment Dec 14, 2022
@evan-forbes evan-forbes mentioned this issue Dec 14, 2022
Closed
5 tasks
@cmwaters cmwaters self-assigned this Dec 15, 2022
@evan-forbes evan-forbes added this to the Incentivized Testnet milestone Jan 3, 2023
@cmwaters cmwaters mentioned this issue Jan 11, 2023
Merged
cmwaters added a commit that referenced this issue Jan 17, 2023
@cmwaters
feat! implement token filter IBC middleware (#1219)
6a57d4d 
Closes: #235

This PR creates and wires up a new IBC middleware that acts as a
firewall, rejecting all `FungibleTokenPacketData` (i.e. transfer
packets) that have a denom which did not originally came from the
celestia chain.

This simple implemenation will mean that the chain state only consists
of the native celestia token.
0xchainlover pushed a commit to celestia-org/celestia-app that referenced this issue Aug 1, 2024
@cmwaters
feat! implement token filter IBC middleware (#1219)
9b30d16 
Closes: celestiaorg/celestia-app#235

This PR creates and wires up a new IBC middleware that acts as a
firewall, rejecting all `FungibleTokenPacketData` (i.e. transfer
packets) that have a denom which did not originally came from the
celestia chain.

This simple implemenation will mean that the chain state only consists
of the native celestia token.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cmwaters cmwaters

Labels
None yet
Projects
None yet
Milestone
Incentivized Testnet
Development

Successfully merging a pull request may close this issue.

feat! implement token filter IBC middleware celestiaorg/celestia-app
5 participants
@musalbas @liamsi @rahulghangas @cmwaters @evan-forbes