Good discussions here, I appreciate it. I don’t have strong opinion on Gaia’s roadmap and will stay neutral on the question if CosmWasm is valuable to the Hub or not.

On the technical side of things, Confio is committed eliminate or mitigate roadblockers in case they still exist. 2 years ago, Terra started to hit hard on the software in a large scale deployment. A few smaller bugs such as memory leaks were found and fixed. Dozens of chains joined the party. Ongoing development made the software better every month since then.

As Jacob is not getting tired of writing a lot of text arguing against the use of cgo, please note that I (the person working full time on this software for more than 3 years) disagree with it. Some brief thoughts here:

• C interfaces (FFI) are a standard way to link various software components together. It works well for decades across a variety of languages. It comes with some cost wrt. maintenance but is also not scary by itself. Being able to reuse software adds value. While it might not be Go best practice, it certainly is Linux best practice.
• We developed mature ways to efficiently transfer binary data over that interface, which in many cases does not even require a copy of that data. The hard part here is explicit ownership-based memory management vs. garbage collection, not FFI itself.
• We don’t need other data types than binary data and simple types (like uint64 and basic structs).
• There is no evidence that the performance hit by cgo has any relevance for this use case. The number I can find are in the nanoseconds, which is negligible compared to the time it takes to start a contract (~50 microseconds) or the time it takes to write to storage.
• Apart from now fixed memory leaks, I have not seens any evidence that CosmWasm has a negative impact on memory usage. It has a configurable in-memory cache, yes. Maybe this is why it uses a few hundred MB of memory depending on the configuration.
• I don’t have the numbers at hand, but there is a common educated guess in the ecosystem that read+write access to the IAVL store is the performance bottleneck of Cosmos chains, not the compute part. This store is used exactly the same way by Go modules and CosmWasm contracts.
• The use of a shared library can be avoided with static linking or tools like nix. But then again there is nothing wrong with shared libraries other than a bit of deployment work.
• Most importantly: in contrast to many other parts of the stack, cgo never caused any issues. It just works as it is supposed to do.

It is easy to confuse actual usage and a certain technology choice for load on the node. CosmWasm encouages the use of a chain, maybe makes accessing storage too easy. But then it is rich feature sets that cause the load.

I wish I would not have to defend a technological choice without seeing full stack performance or memory usage benchmarks. But I also don’t want a certain believe be understood as if it was a fact. I think Confio can find some time later this year to write a detailed analysis about our cgo usage.

That being said, back to business. The important question is features and roadmap. Tech will follow.

IMHO I am against CW on the hub itself because it will open a lot of challenges as every app will try to be on the hub and it will prove very difficult for the hub to handle all the governance. If we go the non permissioned way it might be dangerous for the liveliness.

And now About ICS Chains. we could have stopped at one for now with LSD on the neutron or at least the could have used the duality model. or we can still improve on that.
Stake atom on hub and receive rewards as of now.
after this an additional signal to bond to certain ICS chain where you will get rewards and voting right for that ICS chain only.

The goal would be for every app to aspire to be accepted by the hub.

Regarding governance overload, I think ATOM delegators would love nothing better than to look into these projects and decide if they are worthy of the hub, but I do concede that eventually it would not be feasible.

That is why the hub could utilize some of the great tech that has since been developed, such as DAODAO.

Using this, the hub could have sub-daos specifically elected to filter out requests for ascension to the hub. Governance would have the final call and be able to dissolve these sub-daos at will.

The hub has historically been pretty conservative, which is wise. But I do feel permissioned wasm is mature and has proven itself to move forward with.

Having these top-tier applications on the hub opens the door to marketing the potential of Cosmos to everyone in the crypto industry, and reignite their interest.

It’s time to turn the tide on all this Cosmos fudding.

Just wanted to weigh in here really quickly. I do think there’s a future for CW on the Hub, but it requires a very clear description of what is and what isn’t in scope for the Hub to do.

If a proposal asking for CW is missing such a scope, I would vote against it.

Things I think that are very much in scope: Mesh Security & other Interchain infra services that can’t easily be built without CW. What could potentially be in scope: DAO DAO or similar DAO tooling, and other governance related software that can’t easily be built without CW.

What is not in scope? Pretty much everything else. I am wary of the Hub turning into an “Apple Store” tbh, especially when it comes to DeFi apps. I also don’t see how the Cosmos Ecosystem needs yet another L1 CW chain, especially when we have Neutron in the AEZ.

That being said. I would suggest we actually wait a bit longer with getting any sort of CW proposal online until we have a bit more clarity on the Hub’s long term vision, hopefully around the last quarter of this year when both Mesh Security starts taking shape and some of the research that’s funded by the AADAO wraps up.

It’s all about modular development, though. Do we want to see a permissioned module, that’s the question? Maybe it would be good to show, if any exist, permissioned modules that are already working. Could kinda help to make a decision IMHO

I would like to stress that point that right now some of the best tech is being developed outside ICS. And the Cosmos Hub cannot market these applications because they do not directly benefit ATOM holders.

One such example would be DAODAO, this is now on multiple chains and is the best DAO technology ever developed. By having this on the chain, it would directly benefit ATOM holders, whereby they could market this technology to other ecosystems like Ethereum… and blow their minds.

You might say, sure but why not just deploy it on an ICS smart contract chain? Well because these chains could leave ICS at any moment they want, and they didn’t drop a majority of their coins to ATOM holders in the first place.

The Cosmos Hub needs to focus on marketing, and this is one of the best ways I can see. Most people I talk to just think the Cosmos Hub has no real usecase because IBC didn’t bring a revenue, and ICS chains mainly just give a minority % of tokens if any, with currently miniscule fees - with no guarentee that they won’t leave later to mesh or other ICS providers.

We agree with the above comments. Moreover, this seems a rushed proposal and it seems that it is the first time CosmosChain has posted on the forum. Therefore, we will vote no on this proposal.

Thanks for participating in governance!

Regarding the first time posting on the forum, I spent 4-5 months pushing the idea of having smart contracts on the Hub nearly 3 years back. Although at the time the tech was no where near ready and battle-tested.

I mainly use other platforms though.

Hey all,

Disclaimer: I’m a core contributor to Neutron, the first consumer chain and a cosmwasm smart-contracting platform.

The main arguments for introducing permissioned CW to the Hub seem to be the following:

1. Bring DeFi to the Hub and generate tx fee revenue
2. Enable smart-contract based governance on the Hub
3. Enable mesh security on the Hub

I generally agree with the technical commentary on CosmWasm in this thread. CosmWasm is a well-built technology. However, generalized permissioned CW on the Hub is likely to lead to poor results:

1. DeFi adoption will likely be poor

Building an ecosystem of DeFi applications is not as simple as enabling a vm and waiting for adoption to occur.

• DeFi requires infrastructure (trading infra, oracles, cross-chain infra, developer tooling etc), business development efforts and active support to builders. The Hub is currently ill-equipped for this, and changing this would destroy the minimalist hub vision and reduce the stability/reliability of the platform due to the accelerated pace of network upgrade.
• Permissioned CW is also a pain for developers as it makes maintenance and iteration of the deployed contracts a lot longer/harder, and leads to even more governance load on ATOM stakers.
• It’s also net positive for the hub to have consumer chains use their own tokens as grants/incentives rather than increasing the sell pressure on ATOM by engaging in Liquidity Mining itself.
• Pursuing DeFi on the Hub would require nimble, well resourced teams with some degree of arbitrary decision making power, which would reduce the hub’s decentralization and increase regulatory risk.

2. Permissioned CW for DeFi will prevent the adoption of Replicated Security

It would destroy the Hub’s credible neutrality as a security provider and introduce competition between the Hub and its consumer chains, destroying the appeal of Replicated Security and preventing consumer chain projects to achieve product-market fit and generating revenue for the Hub.

3. Permissioned CW for DeFi on the Hub is poor positioning

It would lead the Hub to compete in the DeFi L1 category against Sei, Solana, Ethereum, etc, where it is unlikely to win. The Hub is better positioned as a security provider, at the heart of IBC and the largest interoperability network, where it currently successfully competes with Polkadot.

There is also reputational risk for the Cosmos Hub in failing to drive defi adoption and competing with/rugging consumer chains.

4. Permissioned CW is not required for Mesh Security

• The purpose of Mesh Security is to expand shared security throughout the Interchain. Currently, numerous appchains do not feature CosmWasm, or rely on different virtual machines like Polaris or Ethermint. A cosmos-sdk implementation of Mesh Security should be developed to cater for the Hub and non-cw appchains and rollups.
• The main appeal of Mesh Security to the Hub is the ability to provide security to other chains in order to accrue inflation from these networks. Permissioned CW on the Hub is not required for this. The Cosmos Hub can deploy ATOM to Mesh Security contracts on Neutron to generate revenue for the community pool.

5. Permissioned CW is not required for advanced governance infrastructure

• The Hub does not need permissioned CW to use DAODAO: the contracts can simply be deployed on Neutron and owned and controlled by Cosmos Hub governance via Interchain Accounts. To my knowledge, this is already being worked on by DAODAO and the AADAO.
• It would also undermine the efforts of Binary and other teams that developed advanced governance modules for the Hub such as x/democracy, x/groups, etc.

6. Governance-gating does not suffienciently protect the Hub

Permissioned CW on Osmosis has demonstrated this previously:

• Liquid staking contracts where deployed on Osmosis without the consent/knowledge of the Osmosis DAO by simply adding these contracts to an otherwise legitimate proposal
• Closed source contracts have been uploaded to Osmosis despite the social contract that contracts on Osmosis should be open sourced. These contracts could contain malicious code or vulnerabilities that could hurt the network.

In both cases, the Osmosis community, despite being very mature and active, has failed to mitigate risk to the network. There is little evidence that suggests this would be different for Cosmos Hub. Expecting validators/voters to review the entire codebase of every project deployed on the Hub, verify the contract hashes and the executable message is likely to significantly increase the governance load on validator teams. In practice, this will likely be botched, as few validators have the resources to systematically do deep due diligence on proposals. The only manageable way to maintain a high quality of review is to have a very narrow scope for what should/shouldn’t be on the Hub.

Conclusion

While permissioned cw could make sense with a very well defined and narrow scope which preserve the Hub’s neutrality and Replicated Security, I believe this proposal misses the mark significantly and is likely to be tremendously value destructive.

To sum up my position:

This proposal suggests a big change to the Cosmos Hub’s roadmap but is too broad and lacks a thorough analysis of risks and scope. Regardless of what the Hub’s vision is, it should be well thought out. Given the broad scope of this proposal and the many unanswered questions, I’m voting no.

I don’t have strong views on whether we should put CosmWasm on the Hub. There is already lots of code on the Cosmos Hub, and CosmWasm can be just another tool to implement code - end users don’t really care about how features are implemented. In theory, you could implement the entire Cosmos SDK/Hub codebase in CosmWasm, and run a CosmWasm Hub client! So maybe it makes sense to put CosmWasm on the Hub to add specific features like mesh.

But, this proposal doesn’t mention any features that require CosmWasm today. The intent of this proposal is to make the Hub a “dapp store” by adding CosmWasm.

This is a valid vision for the Cosmos Hub: as others have pointed out, new dapps can attract users and make the Hub’s value proposition clear. Maybe ICS isn’t enough of a value proposition. In the short term, I would expect CosmWasm dapps on the Hub to attract attention to ATOM / the Cosmos Hub. And, Confio has said that they’re dedicated to maintaining CosmWasm.

On the other hand, the Cosmos Hub’s narrative is that it’s minimal and secure. ICS allows for a modular architecture so that the CosmWasm risk and applications can be offloaded to Neutron. Downtime would undermine this value prop and damage the Hub’s brand, just look at how Solana was attacked for its downtime over the past few years. Many technical and strategic questions are unanswered: Is this tradeoff worth it? Who will vet applications’ security? Is Hypha set up to run testnets? And how does this affect consumer chains (the Hub’s partners), like Neutron?

These difficult questions weren’t addressed in this proposal. There is no analysis of risks or scope. And it doesn’t seem like there is social consensus on whether this is the right vision for the Cosmos Hub.

To evaluate this proposal, I would like first to see a focused discussion on whether this is the right vision for the Cosmos Hub, and discuss the implementation roadmap (addressing risks and scope) second.

If we get CosmWasm on the Hub, there must be a clearly agreed upon constitution about what is permitted via CW. It can be amended as time goes on, if features in the future become a value add to the Hub.

We need to quit putting up proposals before things are truly flushed out. From what I see, Apple Store was not what anyone wanted for the Hub. Let’s have a discussion on what a seperate, better worded proposal that is more aligned with the community’s vision for the Hub.

Let’s get a new proposal up that includes Mesh Security and expresses the strict nature of it being permissioned.

Is it a strange coincidence that everyone affiliated with an ics chain or a future, possible ics chain - are all against permissioned CW on the hub? Asking for a friend

conflict of interest

It’s really simple imo:

“What should be allowed on the hub’s Permissioned CW?”

Infrastructure Code = Good
App Store Apps that compete with the ICS Chains = Bad

The whole premise of competing with the ICS chains is silly…why would we charge rent to chains we’re actively trying to make fail by competing? It is absolute nonsense.

Most free market economists consider competition to be one of the fundamental signs of a free market, not to mention the role competition plays in the growth of product quality, turnover/liquidity, etc. Just saying

This is one of the reasons it crazy to me that we don’t have a competing proposal on-chain right now, giving better details into the permissible code types that the network approves of. It is a sign of good faith on the behalf of the Hub, to the consumer chains, that we will only permit infrastructure code, that will help to alleviate pain points in the AEZ, which they reside, for example. Especially one that includes the need for Mesh Security code.

These proposals are a social contract whether it’s a signaling prop or not, I have a hard time accepting the current state of this social contract. Let’s get a better one put on-chain so I and other people who wish for this proposal to not include items such as a “Apple Store” can vote yes.

A lot has been said. TL;DR is we have to start somewhere.

Torn here since

1. iterative development and growth of software is healthy,
2. decentralization is iterative, even L2 indexers do so, before they open up to be permissionless
3. some chains are well fit for Replicated Security, and some aren’t

We will vote YES on this.

Replicated Security and CW “App Store” seems like two entirely different things, one focuses on underlying bootstrapping of a chain, and another is user facing.

If there are other sentiments at play, let’s voice it out here or set it out in a Twitter Spaces discussion. Have someone like Chjango host (not sure what her handle is here). Happy to participate.