Skip to content

Handle IBC deposits/withdraws to/from payment addresses #4939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 68 commits into
base: main
Choose a base branch
from
Open

Handle IBC deposits/withdraws to/from payment addresses #4939

wants to merge 68 commits into from

Conversation

@sug0
Copy link
Collaborator

@sug0 sug0 commented Oct 22, 2025
edited
Loading

Describe your changes

Closes #4830
Closes #4168

Allow IBC deposits into payment addresses (without generating MASP transactions), and IBC withdraws from payment addresses (to automatically get refunded, if an IBC unshielding transfer fails on the counter-party).

These changes should substantially improve the UX of MASP over IBC.

Checklist before merging

  • If this PR has some consensus breaking changes, I added the corresponding breaking:: labels
    • This will require 2 reviewers to approve the changes
  • If this PR requires changes to the docs or specs, a corresponding PR is opened in the namada-docs repo
    • Relevant PR if applies:
  • If this PR affects services such as namada-indexer or namada-masp-indexer, a corresponding PR is opened in that repo

@sug0 sug0 added IBC UX MASP breaking-change breaking:consensus Consensus breaking change that requires a hard-fork do-not-merge Do not merge for now labels Oct 22, 2025
@sug0 sug0 requested review from grarco, murisi and yito88 October 22, 2025 17:55
@mergify
Copy link
Contributor

mergify bot commented Oct 22, 2025
edited
Loading

🧪 CI Insights

Here's what we observed from your CI run for ed70e61.

🟢 All jobs passed!

But CI Insights is watching 👀

@brentstone brentstone added this to the Next Release milestone Oct 24, 2025
@sug0 sug0 force-pushed the tiago/znam-ibc-shielding branch 2 times, most recently from 471aea1 to ab45ed0 Compare October 27, 2025 20:56
@sug0 sug0 mentioned this pull request Oct 28, 2025
Open
@sug0 sug0 force-pushed the tiago/znam-ibc-shielding branch from ab45ed0 to 2f12d8b Compare October 30, 2025 14:45
sug0 added a commit that referenced this pull request Oct 30, 2025
@sug0
Changelog for #4939
c4f3081
sug0 added 15 commits November 6, 2025 13:07
@sug0
Remove sus fee from shielded swaps args
810524a 
The sus fee can be obtained from the inner IBC args
@sug0
Handle refunds on IBC ack errors and timeouts
8889b97
@sug0
Allow IBC memoless shieldings in MASP VP
f35af42
@sug0
Refactor IBC shielding state updates
e1d5a33
@sug0
Read in-memory values from a virtual storage space
d8d0208
@sug0
Replace conversions host fns with virtual storage reads
2e3409d
@sug0
Refactor compact note borsh impl
a870489
@sug0
Reject MASP transfers that attempt to mint IBC tokens twice
93097e6
@sug0
Fix IBC e2e test Gaia timeout
a782e78
@sug0
Test rewards in IBC memoless shieldings
8d1fe26
@sug0
Increase IBC test time in CI
7593865
@sug0
Fix Osmosis shielded swaps
3399ece
@sug0
Deny payment addr as a refund target of transparent transfers
5502617
@sug0
Check if protocol shieldings revealed nullifiers
f3a8887
@sug0
Re-export either crate from namada_core
0002d4f
sug0 added a commit that referenced this pull request Nov 6, 2025
@sug0
Changelog for #4939
12e9a55
@sug0 sug0 force-pushed the tiago/znam-ibc-shielding branch from 4dde27b to 12e9a55 Compare November 6, 2025 13:07
@sug0
Copy link
Collaborator Author

sug0 commented Nov 6, 2025

oops, I broke something between the last two f-pushes

murisi
murisi reviewed Nov 6, 2025
View reviewed changes
sug0 added a commit that referenced this pull request Nov 7, 2025
@sug0
Changelog for #4939
12c5530
@sug0 sug0 force-pushed the tiago/znam-ibc-shielding branch from 12e9a55 to 12c5530 Compare November 7, 2025 10:11
@sug0 sug0 requested a review from grarco November 7, 2025 10:12
@sug0 sug0 force-pushed the tiago/znam-ibc-shielding branch from 12c5530 to ed70e61 Compare November 7, 2025 12:51
murisi
murisi approved these changes Nov 7, 2025
View reviewed changes
Copy link
Collaborator

@murisi murisi left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for clarifying the context of this code. I see nothing obviously wrong or improvable with the changes to the MASP VP or the transfer context. I just wonder if we could utilize existing code and execution paths more in order to minimize risk. For instance, the transfer context has code to update the note commitment tree and the undated balances though apply_shielded_transfer does something similar. In the MASP VP, the new logic skips the anchor check execution paths when the ProtocolIbcShielding condition is met.

I guess I just wonder if there could be a single function to create a dummy transaction based off (owner_pa, token, amount, ...) (potentially having correct anchors) that can be:

  • constructed (from the event) and used by clients to update their shielded state
  • constructed and used by the transfer context to update undated balances and note commitment tree (somehow using the apply_shielded_transfer function)
  • constructed by the MASP VP (from the event) and fed into the existing verification logic in a way that minimizes the number of checks that are disabled/the number of paths through the verification logic.

A unified dummy transaction logic would ensure that IBC transactions are synchronized, executed, and verified in the exactly same way. Overall the code is likely correct, but it would be nice to leverage existing mainnet code as much as possible to minimize risk of unexpected behaviour. Of course, this hypothetical approach might not be practical!

This was referenced Nov 12, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tzemanovic tzemanovic tzemanovic approved these changes

@murisi murisi murisi approved these changes

@yito88 yito88 yito88 approved these changes

@grarco grarco grarco approved these changes

Assignees

No one assigned

Labels

breaking:api public API breaking change breaking:consensus Consensus breaking change that requires a hard-fork breaking-change IBC MASP UX

Projects

None yet

Milestone

Next Release

Development

Successfully merging this pull request may close these issues.

Blind IBC to znam MASP depositing (memoless) Shielded refund design

7 participants

@sug0 @tzemanovic @murisi @yito88 @grarco @brentstone