Secret Network’s latest network upgrade has arrived, and with it comes some powerful new features that greatly improve interoperability, privacy, and security!
This upgrade brings the network to version 1.9, which we’ve simply named IBC v4 + VRF, as those are two of the major new features included. IBC v4 is an updated version of the IBC protocol, which includes its own set of new features. Secret VRF is a random number generation API that can be used by contracts on Secret and on other chains via cross-chain protocols, an example of Secret’s Privacy as a Service functionality. Additionally, the upgrade adds an IBC Emergency Button, a new contract security mechanism called Execution Finalization, and a new contract privacy enhancement called Gas Evaporation.
Now, let’s dive deeper into these new features and see what they unlock!
This network upgrade brings Secret’s IBC version from v3.4.0 to v4.3.0, and adds a few new protocol features in the process.
Packet-forward-middleware, developed by Strangelove, is a new module that enables IBC packets to be routed across multiple chains with a single transaction, simplifying the process of moving assets or data between blockchain networks. This is similar to how data packets are routed across devices on the internet in order to reach their destination. For example, imagine that you want to send some SCRT from Osmosis to Kujira. Previously, this would require two IBC transactions - one to send the SCRT from Osmosis to Secret, and a second to send the SCRT from Secret to Kujira. With packet-forward-middleware, a single transaction is all that is required to move the SCRT from Osmosis > Secret > Kujira. This enhancement fosters seamless connectivity and broadens the potential use cases for Secret!
Fee middleware is a new module that allows IBC relayers to charge fees for their services, making it economically sustainable to facilitate transactions between different chains. Relayers are a vital part of the infrastructure that powers the IBC protocol, as they are responsible for connecting chains and sending data between them. Despite having this essential role, the first few versions of the IBC protocol did not have a built-in way of compensating relayers for their operations. Relayer teams have had to rely on compensation from indirect sources such as delegations to their validator nodes, but getting enough delegations to cover operational costs is not always easy. ICS-29 solves this problem, and will result in a healthier, more sustainable IBC ecosystem that can continue to scale upwards.
The latest network upgrade also introduces an integrated advanced random number generation feature, which we’re calling Secret VRF (verifiable random function). This allows smart contracts on Secret, as well as dApps on other networks via cross-chain messaging protocols like IBC, to make use of random numbers generated securely by Secret inside of a trusted execution environment.
The ability to generate fair and verifiable random numbers on a blockchain, without compromising security or usability, is critical for many decentralized applications. Verifiable randomness guarantees that operations such as the minting of NFTs, on-chain games, and DAOs are equitable and secure. In the case of NFT minting, randomness allows for features such as unordered minting, trait randomization, and identity numbering, all of which are critical for verifying the authenticity and security of NFT collections. In Web3 gaming, components such as gambling, damage calculation, loot boxes, boss drops, etc, rely on randomness to create trust amongst players and ensure that no player has an unfair advantage. And in the case of DAO tooling, randomness is required for features such as wallet initialization, task assigning, unordered voting/liquidations, order book ordering, etc.
Secret VRF is especially exciting because it’s one of the first publicly available examples of Secret’s Privacy as a Service capability! This means that Secret is able to provide a privately computed resource that wouldn’t be natively available on a fully public blockchain, like Ethereum or Osmosis. Developers on IBC connected chains can start using Secret VRF in their applications immediately by using the provided documentation. It will likely become available to EVM chains eventually through another cross-chain protocol like Axelar GMP.
The introduction of the FinalizeTx message feature allows developers to enhance their smart contract security by indicating when a transaction should end.
Secret Network, like all Cosmos SDK based chains, runs discrete blocks of execution instructions called transactions. A single transaction can contain multiple messages. Each message contains a specific instruction. Any failure of any message in the transaction will cause the entire transaction to be reverted. This behavior can be exploited by attackers to select only favorable scenarios to be executed, while the unfavorable ones would be reverted.
For example, imagine an on-chain dice game. The user sends some tokens as a bet. If the dice rolls in their favor, they will receive their original bet plus the winnings. Otherwise, the tokens they bet are lost. An attacker can abuse this logic by sending a transaction with two messages. The first is the bet message, while the second is message that will conditionally fail if the bet is lost. This way, the attacker is guaranteed to make a profit.
Secret's new execution finalization feature allows a contract to notify the chain that the current execution must be the last message in the transaction, providing protection against these types of rollback attacks.
Gas evaporation is a new privacy-enhancing API feature that allows developers to create contracts that consume a consistent amount of gas, no matter what kind of transactions are involved. It does this by allowing unused gas to be deliberately consumed during execution, and it does this from within the enclave. This helps harden contracts against information leakage from the amount of gas consumed, greatly improving the privacy-preservation capabilities of secret contracts!
For a simplified example, imagine a DEX on Secret has three common transaction types: swapping, providing liquidity, and voting on DEX governance proposals. Each of these transactions consume very different amounts of gas, to the point that if an observer viewed a list of transactions and the amounts of gas consumed, they could determine with a high degree of certainty what kind of transaction took place, despite the fact that the contents of transactions on Secret are encrypted. Now imagine you wanted to vote on a DEX governance proposal from a wallet address that is publicly known to be yours, but didn’t want anyone to know that you voted. Evaporation makes that possible by obfuscating the amount of gas needed for the voting transaction to occur, meaning the only thing an observer could determine is that you interacted with the DEX, but not what kind of transaction took place.
Credit for this evaporation feature goes to the StarShell Wallet team!
IBC Emergency Button
This new feature provides a way for the chain to quickly respond to an emergency situation by disabling IBC channels. The IBC protocol is a powerful tool, enabling funds to be transferred permissionlessly across chains with ease. However, in certain situations, this level of interoperability can also benefit malicious actors. For example, if a vulnerability was found on a DEX that allowed funds to be stolen, a malicious user would likely want to move the funds out of the network as quickly as possible in order to maintain control of them. This could be a DEX on Secret, in which case the attacker would likely move the funds out of Secret to another IBC chain, or it could be a DEX on another chain, in which case they might move the funds into Secret. The goal would likely be to either hide the funds long term, or convert them into fiat.
The IBC Emergency Button provides a way to contain this kind of situation by allowing a multisig of trusted network partners, or an on-chain governance proposal, to temporarily halt IBC transactions. The IBC channels could later be reactivated after the emergency situation has been resolved. The multi-sig address that is allowed to use the IBC Emergency Button must also be approved by governance. While decentralization is a core value of the network, SCRT Labs believes that the ability to rapidly respond to ecosystem-critical events is essential, and this feature ensures increased security and confidence in the network's safety measures.
What's next for Secret?
This upgrade includes massive improvements at the network level, but there are also huge things happening in the Secret dApp ecosystem! The past month has seen ShadeSwap, ShadeLend, Silk, Blizzard, Secret Tunnel, and YOIU launch on mainnet. At the same time, the Secret Surge LP incentive campaign aims to take Secret’s DeFi ecosystem to the next level, and the HackSecret hackathon is fostering the next generation of Secret dApps!
Going beyond the dApps being built on Secret, there is also extremely exciting work being done at the network level. Privacy as a Service will allow other blockchains to connect to Secret and make use of its private computation capability, and there are currently several implementations of this being built out. Research and development is also currently going into integrating new forms of cryptography to deliver decentralized private computation in brand new ways, including making use of multi-party computation and fully homomorphic encryption. To learn more about this effort, see the Beyond ZK blog.
Secret is positioned to provide web3 with the next generation of decentralized privacy technology. There’s never been a better time to get involved! If you’re interested in building an application on Secret, check out our developer resources and grant funding. If you’re a VC interested in investing in the Secret ecosystem, schedule a call with our business development team to learn about the opportunities available. If you’re interested in getting involved with the community, you can join the Secret Agents program. For any other types of inquiries, contact us here.