Feat/wasmvm3 v10.5.0

[2xburnt]

This pull request introduces enhanced validation for ProtoJSON unmarshalling in ICS-27 Interchain Accounts (ICA), updates dependencies, and improves test coverage for stricter JSON handling. The main changes are grouped into protocol improvements, dependency updates, and testing enhancements.

Protocol Improvements

• Added extra validation for ProtoJSON unmarshalling in ICS-27 ICA by re-encoding and comparing JSON representations to ensure consistency and correctness. This enforces that all optional fields are explicitly set and that enums/integers are represented as strings. [1] [2] [3]
• Updated documentation to describe the new validation requirements for proto3 JSON encoding in Interchain Accounts.

Dependency Updates

• Upgraded github.com/cosmos/ibc-go/v10 from v10.3.0 to v10.4.0 in both e2e/go.mod and modules/light-clients/08-wasm/go.mod. [1] [2]
• Upgraded github.com/CosmWasm/wasmvm from v2 to v3 and updated all relevant import paths throughout the WASM light client modules. [1] [2] [3] [4] [5] [6] [7]

Testing Enhancements

• Expanded and updated ICA host keeper tests to cover new validation logic, including stricter checks for enum and integer representations, explicit optional fields, and error cases for non-compliant JSON. Test case descriptions were also clarified to indicate success or failure scenarios. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]

Changelog

• Added a new entry for version v10.5.0 documenting the enhanced ProtoJSON validation in ICS-27 ICA.

[crucible-burnt]

✅ Approved — ICS-27 ProtoJSON validation hardening + wasmvm v3 upgrade.

What This Does

Adds a round-trip validation to DeserializeCosmosTx for ProtoJSON encoding: after unmarshalling the CosmosTx, it re-marshals to JSON and compares with the original input via equalJSON(). This catches:

• Missing optional fields (e.g., metadata on MsgVote)
• Numeric enum values instead of string names (e.g., 1 vs "VOTE_OPTION_YES")
• Numeric integer fields instead of string (e.g., 1 vs "1" for proposal_id)

Security Impact

This is a significant hardening for ICA host chains. Without this check, ProtoJSON deserialization silently accepts multiple representations of the same message (numeric vs string enums, missing optional fields with zero defaults). An attacker could craft packets that deserialize correctly but differ from the canonical representation — potentially exploiting discrepancies between chains or relayers that parse the same JSON differently.

This aligns with upstream cosmos/ibc-go#8734 (v10.5.0).

Code Review

codec.go — equalJSON() helper:

• Uses json.Unmarshal into any + reflect.DeepEqual — correct approach for semantic JSON comparison (ignores whitespace/formatting, compares structure).
• ⚠️ Minor: reflect.DeepEqual treats float64(1) and float64(1.0) as equal (both unmarshal to float64 from JSON), which is the correct behavior here since JSON numbers are all floats.

Test changes (relay_test.go):

• Existing passing tests updated to use strict ProtoJSON format (string enums, string integers, explicit optional fields)
• 3 new failure test cases added:
  1. Missing optional metadata field → rejected ✅
  2. Integer enum "option": 1 instead of string → rejected ✅
  3. Integer "proposal_id": 1 instead of string "1" → rejected ✅
• Test naming standardized to success:/failure: prefix — nice consistency improvement

Dependency updates:

• wasmvm/v2 → wasmvm/v3 (go.sum cleanup confirms v2 removed)
• ibc-go/v10 internal ref v10.3.0 → v10.4.0
• e2e deps downgraded (docker 28→27, gogoproto 1.7.2→1.7.0, interchaintest v10.0.1→v10.0.0) — presumably aligning with tested versions
• root.go updated to check wasmvm/v3 path

One note on the transfer test:

"encoding": ""

There's a trailing blank line after this field in the JSON literal (two newlines before }). Cosmetic only — equalJSON handles whitespace correctly.

Verdict

Clean, targeted security hardening. Test coverage is thorough for the new validation. No functional concerns. 🔥