x/ibc-hooks
Last updated
Last updated
This module is a copy of osmosis' x/ibc-hooks module.
The wasm hook is an IBC middleware which is used to allow ICS-20 token transfers to initiate contract calls. This allows cross-chain contract calls, that involve token movement. This is useful for a variety of usecases. One of primary importance is cross-chain swaps, which is an extremely powerful primitive.
The mechanism enabling this is a memo field on every ICS20 transfer packet as of .
Wasm hooks is an IBC middleware that parses an ICS20 transfer, and if the memo field is of a particular form, executes a wasm contract call. We now detail the memo format for wasm contract calls, and the execution guarantees provided.
Before we dive into the IBC metadata format, we show the cosmwasm execute message format, so the reader has a sense of what are the fields we need to be setting in.
The cosmwasm MsgExecuteContract is defined as the following type:
So we detail where we want to get each of these fields from:
Sender: We cannot trust the sender of an IBC packet, the counterparty chain has full ability to lie about it.
We cannot risk this sender being confused for a particular user or module address on Osmosis.
So we replace the sender with an account to represent the sender prefixed by the channel and a wasm module prefix.
This is done by setting the sender to Bech32(Hash("ibc-wasm-hook-intermediary" || channelID || sender)), where the channelId is the channel id on the local chain.
Contract: This field should be directly obtained from the ICS-20 packet metadata
Msg: This field should be directly obtained from the ICS-20 packet metadata.
Funds: This field is set to the amount of funds being sent over in the ICS 20 packet. One detail is that the denom in the packet is the counterparty chains representation of the denom, so we have to translate it to Osmosis' representation.
So our constructed cosmwasm message that we execute will look like:
So given the details above, we propagate the implied ICS20 packet data structure. ICS20 is JSON native, so we use JSON for the memo format.
An ICS20 packet is formatted correctly for wasmhooks iff the following all hold:
memo is not blank
memo is valid JSON
memo has at least one key, with value "wasm"
memo["wasm"] has exactly two entries, "contract" and "msg"
memo["wasm"]["msg"] is a valid JSON object
receiver == "" || receiver == memo["wasm"]["contract"]
We consider an ICS20 packet as directed towards wasmhooks iff all of the following hold:
memo is not blank
memo is valid JSON
memo has at least one key, with name "wasm"
If an ICS20 packet is not directed towards wasmhooks, wasmhooks doesn't do anything. If an ICS20 packet is directed towards wasmhooks, and is formatted incorrectly, then wasmhooks returns an error.
Pre wasm hooks:
Ensure the incoming IBC packet is cryptogaphically valid
Ensure the incoming IBC packet is not timed out.
In Wasm hooks, pre packet execution:
Ensure the packet is correctly formatted (as defined above)
Edit the receiver to be the hardcoded IBC module account
In wasm hooks, post packet execution:
Construct wasm message as defined before
Execute wasm message
if wasm message has error, return ErrAck
otherwise continue through middleware
A contract that sends an IBC transfer, may need to listen for the ACK from that packet. To allow contracts to listen on the ack of specific packets, we provide Ack callbacks.
The sender of an IBC transfer packet may specify a callback for when the ack of that packet is received in the memo field of the transfer packet.
Crucially, only the IBC packet sender can set the callback.
The crosschain swaps implementation sends an IBC transfer. If the transfer were to fail, we want to allow the sender to be able to retrieve their funds (which would otherwise be stuck in the contract). To do this, we allow users to retrieve the funds after the timeout has passed, but without the ack information, we cannot guarantee that the send hasn't failed (i.e.: returned an error ack notifying that the receiving change didn't accept it)
Callback information in memo
For the callback to be processed, the transfer packet's memo should contain the following in its JSON:
{"ibc_callback": "osmo1contractAddr"}
The wasm hooks will keep the mapping from the packet's channel and sequence to the contract in storage. When an ack is received, it will notify the specified contract via a sudo message.
Interface for receiving the Acks and Timeouts
The contract that awaits the callback should implement the following interface for a sudo message:
IBC supports the ability to send an ack back to the sender of the packet asynchronously. This is useful for cases where the packet is received, but the ack is not immediately known. For example, if the packet is being forwarded to another chain, the ack may not be known until the packet is received on the other chain.
Note this ACK does not imply full revertability. It is possible that unrevertable actions have occurred even if there is an Ack Error. (This is distinct from the behavior of ICS-20 transfers). If you want to ensure revertability, your contract should be implemented in a way that actions are not finalized until a success ack is received.
Use case
Async acks are useful in cases where the contract needs to wait for a response from another chain before returning a result to the caller.
For example, if you want to send tokens to another chain after the contract is executed you need to add a new ibc packet and wait for its ack.
In the synchronous acks case, the caller will receive an ack from the contract before the second packet has been processed. This means that the caller will have to wait (and potentially track) if the second packet has been processed successfully or not.
With async acks, you contract can take this responsibility and only send an ack to the caller once the second packet has been processed
Making contract Acks async
To support this, we allow contracts to return an IBCAsync response from the function being executed when the
packet is received. That response specifies that the ack should be handled asynchronously.
Concretely the contract should return:
if is_async_ack is set to true, OnRecvPacket will return nil and the ack will not be written. Instead, the
contract will be stored as the "ack actor" for the packet so that only that contract is allowed to send an ack
for it.
It is up to the contract developers to decide which conditions will trigger the ack to be sent.
Sending an async ack
To send the async ack, the contract needs to send the MsgEmitIBCAck message to the chain. This message will then make a sudo call to the contract requesting the ack and write the ack to state.
That message can be specified in the contract as:
The contract is expected to implement the following sudo message handler:
and that sudo call should return an IBCAckResponse:
Note: the sudo call is required to potentially allow anyone to send the MsgEmitIBCAck message. For now, however, this is artificially limited so that the message can only be send by the same contract. This could be expanded in the future if needed.
See go tests.`
WARNING: Due to a in the packet forward middleware, we cannot trust the sender from chains that use PFM. Until that is fixed, we recommend chains to not trust the sender on contracts executed via IBC hooks.