Discussion: Governance of ICS - RMIT AADAO Project Update

Governing ICS Relationships

Authors: Darcy Allen, Chris Berg, Sinclair Davidson

We are a team of economists from the RMIT University Blockchain Innovation Hub working on a project funded by the ATOM Accelerator DAO (you can read more about the project announcement here).

Part of our contribution is to strengthen governance in Interchain Security (ICS) relationships to ensure they are robust and mutually beneficial. The long-term success of the Atom Economic Zone (AEZ) requires effective governance between producer and consumer chains in ICS.

In this post we provide a progress update and seek community feedback. Through identifying contracting hazards in ICS agreements, we suggest two improvements to future agreements:

  1. Regular review processes (touchpoints to aid agreement adaptation); and
  2. A governance body for each ICS agreement (each producer-consumer chain relationship forms a governance body).

Note this is part of a broader program of work, including broader deliverables on how the Cosmos Hub could think about navigating the structure of ICS agreements (e.g. revenue share structure) with different chains.

Security as a make-or-buy decision

Security in blockchain ecosystems is valuable because that security underpins trusted digital coordination. But producing security is costly and specialised. This leaves communities who want security with a choice:

  1. Make security (spin up a validator set); or
  2. Buy security from a provider (e.g. the Cosmos Hub).

Making security is infeasible for many projects. It requires expertise and coordination of many hundreds of people and organisations. These costs are exacerbated for smaller projects with fewer resources and expertise. Importantly, we cannot see those projects that have decided not to launch because of costs — those that are effectively priced out of joining the interchain. By contrast, buying security (such as in ICS) has several benefits.

The benefits of buying security

In ICS replicated security the Cosmos Hub (the producer chain) sells the security of its entire validator set to a smaller chain (consumer chains). ICS is a mutually beneficial trade between the producer chain (selling security) and consumer chain (buying security).

ICS will evolve in different directions depending on the relationship between the chains. On the one hand it will evolve in terms of payment terms (e.g. asset type, revenue share, fee-for-service, token swaps). On the other we will see shifts in the fundamental product that is being purchased (e.g. subsets of validators, mesh security, and so on).

The mutual benefits of ICS emerge in different ways:

  • Consumer chains don’t have to bear the complexities and cost of setting up and running a validator set, and they can access high-quality security from the Cosmos Hub.
  • For the Cosmos Hub, ICS represents new revenue streams that leverage its core competency of making security, while also reducing the barriers to entry for new chains. But for the mutual benefits of ICS to be realised we need better governance.

Governance hazards in ICS

A producer-consumer chain ICS relationship is not merely technical — it is a long-term economic relationship. While this relationship might begin in a mutually-beneficial way, as the chains evolve, and the environment around them shifts, these relationships will face hazards. Many of these hazards are not new. Indeed, there is a rich body of research detailing contract design in industrial organisation.

Hazards emerge partly because contracts are fundamentally incomplete and the world changes. Contracts are incomplete because we cannot account for all possible changes in the world. Maladaptation costs arise because parties can get locked into suboptimal agreements as those changes occur.

Imagine the following examples.

  • A consumer chain is wildly successful and their token price spikes significantly. The original ICS proposal pays X% of transaction fees in a native token. Is this relationship sustainable? Can the agreement be repriced so that the consumer chain does not exit and spin up a validator set, rather than renegotiate? What would the terms of exit be?
  • Unfortunately many consumer chains will fail and their token or value will approach zero. Given potential ongoing costs for the validators and the Hub, how should the producer and consumer chain navigate this?

Aside from the reality that the world changes, either the producer or consumer chain could also act opportunistically. For instance, either party could leverage asymmetric information (where they have more or better information than the other party) in contract formation or renegotiation. More examples are illustrative here. Imagine a consumer chain is paying the Cosmos Hub in their own native token. That consumer chain could make opportunistic decisions around that asset (e.g. inflating the token) or their ecosystem (e.g. changing their fee structure). The residual bearers of those costs may be the validators and the Cosmos Hub, despite the fact they are not involved in the governance on the consumer chain.

There is also the potential for a hold-up problem due to relationship-specific investments. Both consumer and producer chains may have made relationship-specific investments to enter the AEZ — including the developer costs of integration. If an ICS agreement was to fail then those investments would be lost. Furthermore, there is the potential for a hold-up problem, where one party exploits the other party because of the lack of alternatives.

The need for governance

Governance must consider the need for adaptation from both sides. There are many types of adaptation. Some changes are simple or operational, such as the need to reprice the agreement (e.g. % of revenue share). There may be broader unforeseen challenges (e.g. the costs of validation shift, consumer chain launched a new product or native token). There is also the ongoing threat of opportunism, where either party may act in their own interests to gain advantage, threatening the breakdown of the ICS relationship.

ICS relationships should be designed to be robust to changes in conditions. ICS governance relationships should aim to be mutually beneficial through robustness. By robustness we mean that these relationships remain economically sustainable for both parties and do not fail to adapt (e.g. leading to integration with the producer chain, or unwanted exit).

Careful governance design can mitigate some of the frictions we outline above. As ICS evolves we anticipate further mechanisms (e.g. treasury swaps, hostages) to be developed that mitigate some governance costs. In the short term, our preliminary findings suggest the need for two main changes to ICS agreements.

Some preliminary findings

On completion, this project will deliver a range of outputs, including a decision tree to guide decision-making process of new producer-consumer chain relationships in the AEZ. This includes understanding the different costs of situations (e.g. payment type, exchange rate risk). Our aim in this post is to suggest two broad changes to ICS agreements moving forward.

  1. Regular ICS review processes

There will be a need to renegotiate, adapt or exit many ICS agreements. Open-ended set-and-forget agreements exacerbate many of the contracting hazards outlined above. Without review processes within ICS relationships, there is a risk that renegotiations will not occur.

One obvious way to prevent open-endedness is to directly constrain the length of ICS agreements. There will likely be some trepidation around this, particularly given the costs of integration on both sides. Rather, we propose that a more appropriate approach is to implement regular review touchpoints. These mechanisms all provide an opportunity for all parties to reassess, renegotiate, or even dissolve the relationship if it’s not serving mutual interests.

How regularly should reviews occur? The default might be one year for a review of the agreement. The duration of the process, however, should directly relate to the nature of the underlying consumer chain (e.g. the stage and potential scale of the consumer chain shifts the likely need for adaptation). ICS proposals should also consider processes for triggering renegotiation in the face of unexpected changes outside of the review window, as well as the potential clauses for exiting the agreement.

  1. A governance body for each ICS agreement

How should these ICS review processes, and other governance processes, occur? We propose that each ICS agreement should implement a governance body at the level of that agreement. That body should represent the interests of both the consumer and producer chains over time.

There are many questions about how these governance bodies might be structured. The governance structure of these bodies will partly depend on the nature of the specific agreement. One example could be a committee that has representatives from the consumer chain, producer chain and the validator set, as well as an independent member for the processes of adjudication. Each of these members could be proposed in the initial proposal to join the AEZ. The extent to which these governance decisions are executed is partly a technical problem, and how that occurs will evolve over time.

It is worthwhile noting the benefits of having these review processes at the level of an ICS-specific governance body. Rather than discussing intricate decision-making processes with the entire Cosmos Hub, these governance bodies could be a platform for renegotiations and airing of concerns in a lower-stakes environment. This draws on the contextual knowledge of the chains about that agreement.

There are many further questions around how these governance bodies relate to ATOM token holders. In the short term these governance bodies could make recommendations to the Cosmos Hub through proposals, where token holders would vote on the suggested changes (if any). As we look further into the future, there is a potential for these governance bodies to be delegated specific governance powers (e.g. changing the revenue share %), combined with the potential for token holder veto or disallowance.

In the short term we propose the need for off-chain governance bodies at the level of ICS agreements to ensure the robustness of ICS agreements.


In this post, we’ve shared our progress on enhancing ICS governance. The hazards we have identified suggest the need for at least two broad changes to ICS relationships: implementation of regular review processes in ICS agreements; and the development of governance bodies for each ICS agreement. Note that the insights we have outlined in this post are complementary to broader research deliverables.

We welcome any feedback on our proposals and progress so far.

Darcy Allen, Chris Berg, Sinclair Davidson
RMIT Blockchain Innovation Hub


Thank you for the thoughtful post @darcyallen It is great to see RMIT bring its expertise in blockchain based social coordination to the Cosmos Hub and it is also great to see your first findings. Very glad to see these conversations happening. AEZ is growing and the need to structure and anticipate is only growing stronger.

On your first recommendation regarding implementing regular ICS review processes, I have a few questions:

  1. Who is preparing those reviews? It would make sense for the ICS body you referred in #2 to be the lead driving those reviews since its members are already dedicated their time to ICS governance. Maybe it’s obvious it’s the case, just wanted to make sure on this specific point
  2. Are these reviews purely for information purpose or can they be accompanied with decisions such as change in the % revenue share?

On the second point regarding the establishment of an ICS body composed of members from Hub and consumer chain, it does make a lot of sense. How the members of this body would be chosen needs to be carefully thought out as proper representativity is key and available tooling for choosing and electing is limited.

This leads me to another point which is: should we also think about a second ICS body representing exclusively the interest of an individual chain, producer or consumer? In short: one internal ICS body for the Hub + the equivalent for the consumer chain.

Not all governance matters will be in the jurisdiction of the bi-partisan ICS body, some matters first need to be discussed internally before going the bi-partisan route. We could envision a model where you would have 3-4 members in each ‘internal’ ICS body (2 bodies in total) for a total of 6-8 members then have the bi-partisan ICS body you’re referring to composed of a selection of the 2 internal ICS bodies.
Implemented this way, we make sure that both internal and external matters have their own elected body. I think this added granularity covers a wider range of topics, making ICS governance cover more ground.

The other alternative would be to derive those internal governance bodies I am referring to directly from the bi-partisan body. That would avoid the need to run 2 elections.

Curious to have RMIT and the ATOM community thoughts on the above.