How to Stress the IBC Security Model to Win Game of Zones


When we started thinking about Game of Zones in 2019, one of the most important goals we set was to use the challenge to prepare network operators for a whole new internet of blockchains. Once participants master liveness and throughput during Game of Zones, their final task will be to stress test the IBC Security Model. This exercise in adversarial thinking is designed to help teams identify and detect deception attacks in the wild, and to encourage the development of observability tooling to monitor for and alert on confusion attacks on the network.

The Double Spend Problem

Blockchains are notorious for attempting to implement solutions for the double spend problem. But the typical approach to solving this problem usually requires a world computer that runs about as fast as a calculator. Trying to scale solutions to the double spend problem has driven innovation and demand for zero knowledge proofs, random beacons, and complex sharding architectures. 

In designing IBC, we took a different approach that was inspired by the early works of the Agoric team and we focused on sovereignty. Core concept of sovereignty is that every user of a system needs to look at their own trust boundaries and preferences when choosing what chains, objects and tokens to interact with. With Game of Zones, we get to make that process of attack and defense real.

Token Distribution and ICS 20

At the launch of the GoZ Hub, we will be distributing tokens to each participating zone. Each of the zones will receive an equal number of tokens at the beginning of the competition, and those tokens will circulate in the IBC Network. While those tokens will not be a deciding factor in the first two phases of the competition, they are very important in assessing performance during the Phase 3. This is when we will look for confusion and deception attacks that trick users into accepting tokens that have been counterfeited and debased as if they were the real deal. The team with the most coins on the Hub may be the most likely to win. 

To compete in Game of Zones, your chain must support the ICS20 token transfer protocols during Phase 1 and Phase 2. If you want to bring a chain without ICS 20 support in the third phase, we suggest running a standard gaia in the first and second phases. We will be judging other application protocols during Phase 3, but they won’t be able to test the security model in the same way.

Confusion + Deception Attacks

One trend that we expect to emerge from participating teams during Phase 3 is fraudulent coin generation. An interesting implementation of this could be creating fractional exchange rates that enable zones to mint new coins out of nothing, and then send them on to other zones to convince other players to accept these coins. Though these tokens would never be redeemable, it would be difficult to judge whether they are valid coins or not.

Teams that are considering fraudulent coin strategies should pay special attention to the logic in the ics-20 implementation. Carefully manipulating the escrow and denom creation may also be a successful approach to trying to create underhanded state machines.


   if source {
       // clear the denomination from the prefix to send the coins to the escrow account
       coins := make(sdk.Coins, len(amount))
       for i, coin := range amount {
           if strings.HasPrefix(coin.Denom, prefix) {
               coins[i] = sdk.NewCoin(coin.Denom[len(prefix):], coin.Amount)
           } else {
               coins[i] = coin
           }
       }
 
       // escrow tokens if the destination chain is the same as the sender's
       escrowAddress := types.GetEscrowAddress(sourcePort, sourceChannel)
 
       // escrow source tokens. It fails if balance insufficient.
       if err := k.bankKeeper.SendCoins(
           ctx, sender, escrowAddress, coins,
       ); err != nil {
           return err
       }
 
   } else {
       // build the receiving denomination prefix if it's not present
       prefix = types.GetDenomPrefix(sourcePort, sourceChannel)
       for _, coin := range amount {
           if !strings.HasPrefix(coin.Denom, prefix) {
               return sdkerrors.Wrapf(types.ErrInvalidDenomForTransfer, "denom was: %s", coin.Denom)
           }
       }
 
       // transfer the coins to the module account and burn them
       if err := k.supplyKeeper.SendCoinsFromAccountToModule(
           ctx, sender, types.GetModuleAccountName(), amount,
       ); err != nil {
           return err
       }
 
       // burn vouchers from the sender's balance if the source is from another chain
       if err := k.supplyKeeper.BurnCoins(
           ctx, types.GetModuleAccountName(), amount,
       ); err != nil {
           // NOTE: should not happen as the module account was
           // retrieved on the step above and it has enough balance
           // to burn.
           return err
       }



Other attacks we expect to see during the competition include using a validator set to create difficult to detect light client forks and using state machines that conceal back doors and create tokens with arbitrary denominations to trick IBC users. Hopefully, we will see new ideas that we haven’t thought of before: to win this round of Game of Zones, teams will need to show their work by publishing technical details and write ups of their attacks once they’ve been carried out.

Has your team started working on your strategy for Phase 3? If not, take a closer look at ICS 20 and spend an afternoon with your team thinking about you would defend against deception attacks.

6 Important Updates from Game of Zones Opening Ceremonies

It’s almost here! Right now, the Game of Zones and Iqlusion teams are currently debugging the GoZ Hub. The launch of the Game of Zones is imminent– and Opening Ceremonies for the competition began this morning at 9am PST // 4pm UTC.

Prizes and Phase Objectives

One of the biggest updates we shared with GoZ participants this week was focused on challenge phase objectives and contest rewards. We designed the weekly phase challenge prizes to reward performance for specific contest goals, and contest prizes are intended to reward innovation and creativity throughout the competition. You can learn more about the opportunities to win Game of Zones here, or to listen to our commentary on prizes and challenge objectives at the beginning of the live stream.

Reuniting the Core IBC Team 

During Opening Ceremonies, we were joined by several core IBC developers to celebrate the beginning of Game of Zones. One common sentiment that Anca Zamfir, Chris Goes, Federico Kunze Küllmer and Aditya Sripal shared about working on IBC was the importance of developing decentralized protocols to power the future of the internet. This group of core developers also expressed their excitement about seeing IBC in action, and they looked forward to seeing challenge participants break IBC so they could return to the code to make it stronger and more resilient. 

Standing up the GoZ Hub

From today through Sunday, we will begin the launch process for the Game of Zones Hub that will run on the current version of gaia. Throughout the competition, we are expecting patch releases for gaia: there will definitely be a new version of gaia for Phase 2, and teams should be prepared for a new version of gaia to become available for Phase 3.

The GoZ Scoreboard

Over the past few weeks, the Game of Zones team and Iqlusion have been heads down building a Sagan-powered scoreboard. After the official launch of Phase 1, we will share this scoreboard with participants so that everyone is able to track their performance in the competition.

Judging criteria for the first two phases of the competition is quantitative and relatively straightforward, and the scoreboard will be an important tool that informs who will win each Phase. During Phase 3, observability becomes more of a challenge — we may not have full visibility into attacks taking place on the network. Throughout the competition, we expect many teams to share their network visualization tools as another way to experience the challenge.

Contest Pacing + Updates

During the planning of Game of Zones, we began thinking about contest design in terms of the start process for a race.The first weekend of the contest (May 1-3) is designed to help teams get into a strong starting position by standing up their nodes and making a connection to the GoZ hub in advance of official Phase 1 Launch on Monday. Because we are measuring performance from Monday through Friday each week, the weekends are essentially a pit stop for each team — you can use this down time to take a break before the next phase, build new tools or automation to set you up for success, or use the time to prepare for upcoming software updates. And on Fridays at noon PST, for anyone in the mood to come and hang out a bit, we will be hosting live-streams to recap the action that took place during the week and share important announcements with participants. 

Official Communication Channels

Throughout Game of Zones, the best way to get updates about the competition is through Twitter, our blog, and Github. Wherever we can, we will work to communicate updates and important competition details to the community all at once. If you need to get in touch with the Game of Zones team for any reason– to ask a question about the contest rules, see if we’re able to share data with your visualizer, or just to say hi– it is best to send an email to gameofzones@cosmosnetwork.dev. Sending an email is the fastest way to get a direct response from one of us.

The Game of Zones hub launch process will take place through the weekend, and Phase 1 of the Competition begins Monday, May 4th at 12am PST // 7am UTC, so be sure to connect to the node and watch for the Game of Zones scoreboard announcement on Monday morning. Best of luck to everyone competing in Game of Zones — we can’t wait to see what incredible things come out of the competition!