cosmos · cwgoes · Aug 25, 2019 · Aug 25, 2019 · Aug 25, 2019 · Aug 25, 2019
diff --git a/misc/aspell_dict b/misc/aspell_dict
@@ -1,4 +1,4 @@
-personal_ws-1.1 en 412 
+personal_ws-1.1 en 430 
 unescrow
 onChanCloseConfirm
 clientKey
@@ -10,11 +10,11 @@ desiredCounterpartyIdentifier
 queryClientConnections
 stablecoins
 packetAcknowledgementPath
+ClientSubmitMisbehaviour
 encodings
 addConnectionToClient
 exfiltration
 relayer
-Cehalopod
 timeoutClose
 timeoutPacket
 Statefulness
@@ -52,6 +52,7 @@ handleConnOpenInit
 connOpenTry
 boolean
 LaTeX
+handlePacketTimeoutOnClose
 CommitmentProof
 getVerifiedRoot
 OPENTRY
@@ -63,6 +64,7 @@ chanOpenInit
 handleConnOpenTimeout
 callbackPath
 handleChanOpenAck
+unescrows
 ERC
 validator
 authenticationPath
@@ -102,6 +104,7 @@ middled
 channelId
 queryClientConsensusState
 consensusStatePath
+PacketSend
 unescrowing
 InitialPubkey
 handlePacketRecv
@@ -162,6 +165,7 @@ connOpenAck
 WASM
 queryConnectionChannels
 NFT
+onChanCloseInit
 newpubkey
 dataflow
 datagrams
@@ -195,6 +199,7 @@ auth
 unreceived
 handleConnOpenAck
 handleChanOpenTimeout
+portId
 chanCloseInit
 prover
 CommitmentState
@@ -207,13 +212,15 @@ proofInit
 nextSequenceSendPath
 getConsensusState
 png
+ClientMisbehaviour
 tokenized
 connectionId
 newCallbacks
 destChannel
 updateClient
 connectionChannelsPath
 onChanOpenAck
+channelEscrowAddresses
 Pre
 privateStore
 sdk
@@ -255,11 +262,13 @@ lifecycle
 desiredCounterpartyConnectionIdentifier
 chanCloseConfirm
 ChangeOperator
+handlePacketAcknowledgement
 UDP
 changelog
 synchrony
 chanOpenConfirm
 removeChannelFromConnection
+timeoutPacketClose
 queryClientFrozen
 recv
 repudiable
@@ -281,6 +290,7 @@ bijective
 Juwoon
 proofTimeout
 clientTypePath
+handleClientMisbehaviour
 interoperation
 tokenising
 authenticationKey
@@ -311,6 +321,7 @@ connOpenInit
 getValue
 channelIdentifier
 handleClientCreate
+channelSet
 ABCI
 struct
 consensusState
@@ -329,7 +340,9 @@ interoperability
 Betazoid
 callingModuleIdentifier
 LogStore
+PacketTimeoutOnClose
 introspectable
+unescrowed
 destPort
 ModuleCallbacks
 Multichain
@@ -338,6 +351,7 @@ blockchain's
 blockchains
 serialisable
 chanOpenTry
+onAcknowledgePacket
 incrementing
 queryConnection
 validValue
@@ -347,12 +361,14 @@ structs
 keyspaces
 counterpartyStateRoot
 JSON
+PacketAcknowledgement
 consensusHeight
 createMembershipProof
 Yun
 md
 counterpartyConnectionIdentifier
 OpCommitmentRoot
+onTimeoutPacketClose
 transactional
 counterpartyPortIdentifier
 packetCommitmentKey
@@ -373,6 +389,7 @@ collateralisation
 datapipe
 ConnCloseAck
 VM
+ModuleState
 Strawman
 tx
 bytestring
@@ -408,6 +425,7 @@ QUIC
 permissioning
 renderer
 chanId
+onSendPacket
 positionally
 OpHeaderProof
 CryptoKitty
diff --git a/spec.pdf b/spec.pdf
diff --git a/spec/ics-001-ics-standard/README.md b/spec/ics-001-ics-standard/README.md
@@ -5,7 +5,7 @@ stage: draft
 category: meta
 author: Christopher Goes <cwgoes@tendermint.com>
 created: 2019-02-12
-modified: 2019-08-17
+modified: 2019-08-25
 ---
 
 ## What is an ICS?

diff --git a/spec/ics-002-client-semantics/README.md b/spec/ics-002-client-semantics/README.md
@@ -7,7 +7,7 @@ requires: 23, 24
 required-by: 3
 author: Juwoon Yun <joon@tendermint.com>, Christopher Goes <cwgoes@tendermint.com>
 created: 2019-02-25
-modified: 2019-08-15
+modified: 2019-08-25
 ---
 
 ## Synopsis
@@ -70,11 +70,8 @@ could be provided as executable WASM functions when the client instance is creat
   can check that a particular machine has stored a particular `ConsensusState`.
 
 * `ClientState` is an opaque type representing the state of a client.
-  A `ClientState` must expose query functions to retrieve trusted state roots at previously
-  verified heights and retrieve the current `ConsensusState`.
-
-* `createClient`, `queryClient`, `updateClient`, `freezeClient`, and `deleteClient` function signatures are as defined in [ICS 25](../ics-025-handler-interface).
-  The function implementations are defined in this specification.
+  A `ClientState` must expose query functions to verify membership or non-membership of
+  key-value pairs in state at particular heights and to retrieve the current `ConsensusState`.
 
 ### Desired Properties
 
@@ -276,6 +273,8 @@ function createClient(
   provableStore.set(clientTypePath(id), clientType)
   privateStore.set(clientStatePath(id), clientState)
 }
+  assert(!client.frozen)
+  return client.verifiedRoots[height].verifyNonMembership(path, proof)
 ```
 
 #### Query
@@ -311,7 +310,7 @@ function updateClient(
   assert(clientType !== null)
   clientState = privateStore.get(clientStatePath(id))
   assert(clientState !== null)
-  assert(clientType.validityPredicate(clientState, header))
+  clientType.validityPredicate(clientState, header)
 }
 ```
 
@@ -328,7 +327,7 @@ function submitMisbehaviourToClient(
   assert(clientType !== null)
   clientState = privateStore.get(clientStatePath(id))
   assert(clientState !== null)
-  assert(clientType.misbehaviourPredicate(clientState, evidence))
+  clientType.misbehaviourPredicate(clientState, evidence)
 }
 ```
 
@@ -352,12 +351,12 @@ interface ClientState {
 }
 
 interface ConsensusState {
-  height: uint64
+  sequence: uint64
   publicKey: PublicKey
 }
 
 interface Header {
-  height: uint64
+  sequence: uint64
   commitmentRoot: CommitmentRoot
   signature: Signature
   newPublicKey: Maybe<PublicKey>
@@ -368,46 +367,66 @@ interface Evidence {
   h2: Header
 }
 
+// algorithm run by operator to commit a new block
 function commit(
   root: CommitmentRoot,
-  height: uint64,
+  sequence: uint64,
   newPublicKey: Maybe<PublicKey>): Header {
-  signature = privateKey.sign(root, height, newPublicKey)
-  header = Header{height, root, signature}
+  signature = privateKey.sign(root, sequence, newPublicKey)
+  header = Header{sequence, root, signature}
   return header
 }
 
+// initialisation function defined by the client type
 function initialize(consensusState: ConsensusState): ClientState {
   return ClientState{false, Set.singleton(consensusState.publicKey), Map.empty()}
 }
 
+// validity predicate function defined by the client type
 function validityPredicate(
   clientState: ClientState,
   header: Header) {
-  assert(consensusState.height + 1 === header.height)
+  assert(consensusState.sequence + 1 === header.sequence)
   assert(consensusState.publicKey.verify(header.signature))
-  if (header.newPublicKey !== null)
+  if (header.newPublicKey !== null) {
     consensusState.publicKey = header.newPublicKey
     clientState.pastPublicKeys.add(header.newPublicKey)
-  consensusState.height = header.height
-  clientState.verifiedRoots[height] = header.commitmentRoot
+  }
+  consensusState.sequence = header.sequence
+  clientState.verifiedRoots[sequence] = header.commitmentRoot
+}
+
+// state membership verification function defined by the client type
+function verifyMembership(
+  clientState: ClientState,
+  sequence: uint64,
+  proof: CommitmentProof
+  path: Path,
+  value: Value) {
+  assert(!client.frozen)
+  return client.verifiedRoots[sequence].verifyMembership(path, value, proof)
 }
 
-function getVerifiedRoot(
+// state non-membership function defined by the client type
+function verifyNonMembership(
   clientState: ClientState,
-  height: uint64) {
+  sequence: uint64,
+  proof: CommitmentProof,
+  path: Path) {
   assert(!client.frozen)
-  return client.verifiedRoots[height]
+  return client.verifiedRoots[sequence].verifyNonMembership(path, proof)
 }
 
+// misbehaviour verification function defined by the client type
+// any duplicate signature by a past or current key freezes the client
 function misbehaviourPredicate(
   clientState: ClientState,
   evidence: Evidence) {
   h1 = evidence.h1
   h2 = evidence.h2
   assert(h1.publicKey === h2.publicKey)
   assert(clientState.pastPublicKeys.contains(h1.publicKey))
-  assert(h1.height === h2.height)
+  assert(h1.sequence === h2.sequence)
   assert(h1.commitmentRoot !== h2.commitmentRoot)
   assert(h1.publicKey.verify(h1.signature))
   assert(h2.publicKey.verify(h2.signature))
@@ -417,16 +436,15 @@ function misbehaviourPredicate(
 
 ### Properties & Invariants
 
-- Client identifiers are immutable & first-come-first-serve: once a client identifier has been allocated, all future headers & trusted states stored under that identifier will have satisfied the client's validity predicate.
+- Client identifiers are immutable & first-come-first-serve. Clients cannot be deleted (allowing deletion would potentially allow future replay of past packets if identifiers were re-used).
 
 ## Backwards Compatibility
 
 Not applicable.
 
 ## Forwards Compatibility
 
-In a future version, this ICS will define a new function `unfreezeClient` that can be called 
-when the application logic resolves an misbehaviour event.
+New client types can be added by IBC implementations at-will as long as they confirm to this interface.
 
 ## Example Implementation
 

diff --git a/spec/ics-003-connection-semantics/README.md b/spec/ics-003-connection-semantics/README.md
@@ -7,7 +7,7 @@ requires: 2, 24
 required-by: 4, 25
 author: Christopher Goes <cwgoes@tendermint.com>, Juwoon Yun <joon@tendermint.com>
 created: 2019-03-07
-modified: 2019-05-17
+modified: 2019-08-25
 ---
 
 ## Synopsis
@@ -196,11 +196,11 @@ function connOpenTry(
   counterpartyConnectionIdentifier: Identifier,
   counterpartyClientIdentifier: Identifier,
   clientIdentifier: Identifier,
+  version: string,
+  counterpartyVersion: string
   proofInit: CommitmentProof,
   proofHeight: uint64,
-  consensusHeight: uint64,
-  version: string,
-  counterpartyVersion: string) {
+  consensusHeight: uint64) {
   assert(consensusHeight <= getCurrentHeight())
   client = queryClient(connection.clientIdentifier)
   expectedConsensusState = getConsensusState(consensusHeight)
@@
7C48
 -259,7 +259,7 @@ function connOpenConfirm(
   expected = ConnectionEnd{OPEN, identifier, connection.counterpartyClientIdentifier,
                            connection.clientIdentifier, connection.version}
   client = queryClient(connection.clientIdentifier)
-  assert(client.verifyMembership(counterpartyStateRoot, proofAck,
+  assert(client.verifyMembership(proofHeight, proofAck,
                                  connectionPath(connection.counterpartyConnectionIdentifier), expected))
   connection.state = OPEN
   provableStore.set(connectionPath(identifier), connection)
@@ -284,7 +284,7 @@ A correct protocol execution flows as follows (note that all calls are made thro
 | Actor     | `ConnCloseInit`     | A                | (ANY, ANY)         | (CLOSED, ANY)     |
 | Relayer   | `ConnCloseConfirm`  | B                | (CLOSED, ANY)      | (CLOSED, CLOSED)  |
 
-*ConnCloseInit* initialises a close attempt on chain A. It will succeed only if the associated connection does not have any channels.
+*ConnCloseInit* initialises a close attempt on chain A. It will succeed only if the associated connection does not have any associated open channels.
 
 Once closed, connections cannot be reopened.