cip13
titleOn-chain Governance Parameters for Celestia Network
descriptionSpecification of Mainnet governance parameters in the Celestia network
authorYaz Khoury [email protected], Evan Forbes [email protected]
discussions-tohttps://forum.celestia.org/t/cip-13-mainnet-on-chain-governance-parameters/1390
statusDraft
typeStandards Track
categoryCore
created2023-12-08

Abstract

This CIP outlines the on-chain governance parameters for the Celestia Mainnet. It details both global and module-specific parameters, including their default settings, summaries, and whether they are changeable via on-chain governance. This CIP serves as a reference to making on-chain governance parameters in their current status on Celestia Mainnet transparent for all contributors.

Motivation

Given the Celestia community and core developers are adopting the CIP process, it helps to have a CIP that references all active on-chain governance parameters as well as their current values.

Because of that, the recommendation for this CIP is to move towards being a Living status for a document as on-chain governance parameters will change over time.

Furthermore, the motivation for adding on-chain governance parameters as a reference CIP in the CIP process is to ensure discussions about on-chain parameters can still happen off-chain and in the Core Devs Calls and working groups given those are steered by the core developers of the Celestia community. This does not necessarily need to apply to parameters that are not part of the Core track of the CIP process.

Specification

These are the parameters that are active on Celestia Mainnet. Note that not all of these parameters are changeable via on-chain governance. This list also includes parameter that require a breaking network upgrade to change due to being manually hardcoded in the application or they are blocked by the x/paramfilter module. The Celestia Mainnet on-chain governance parameters are as follows:

Global parameters

ParameterDefaultSummaryChangeable via Governance
MaxBlockBytes100MiBHardcoded value in CometBFT for the protobuf encoded block.False
MaxSquareSize128Hardcoded maximum square size determined per shares per row or column for the original data square (not yet extended).False

Module parameters

Module.ParameterDefaultSummaryChangeable via Governance
auth.MaxMemoCharacters256Largest allowed size for a memo in bytes.True
auth.SigVerifyCostED25519590Gas used to verify Ed25519 signature.True
auth.SigVerifyCostSecp256k11000Gas used to verify secp256k1 signature.True
auth.TxSigLimit7Max number of signatures allowed in a multisig transaction.True
auth.TxSizeCostPerByte10Gas used per transaction byte.True
bank.SendEnabledtrueAllow transfers.False
blob.GasPerBlobByte8Gas used per blob byte.True
blob.GovMaxSquareSize64Governance parameter for the maximum square size determined per shares per row or column for the original data square (not yet extended)s. If larger than MaxSquareSize, MaxSquareSize is used.True
blobstream.DataCommitmentWindow400Number of blocks that are included in a signed batch (DataCommitment).True
consensus.block.MaxBytes1.88MiBGovernance parameter for the maximum size of the protobuf encoded block.True
consensus.block.MaxGas-1Maximum gas allowed per block (-1 is infinite).True
consensus.block.TimeIotaMs1000Minimum time added to the time in the header each block.False
consensus.evidence.MaxAgeDuration1814400000000000 (21 days)The maximum age of evidence before it is considered invalid in nanoseconds. This value should be identical to the unbonding period.True
consensus.evidence.MaxAgeNumBlocks120960The maximum number of blocks before evidence is considered invalid. This value will stop CometBFT from pruning block data.True
consensus.evidence.MaxBytes1MiBMaximum size in bytes used by evidence in a given block.True
consensus.validator.PubKeyTypesEd25519The type of public key used by validators.False
consensus.Version.AppVersion1Determines protocol rules used for a given height. Incremented by the application upon an upgrade.True
distribution.BaseProposerReward0Reward in the mint denomination for proposing a block.True
distribution.BonusProposerReward0Extra reward in the mint denomination for proposers based on the voting power included in the commit.True
distribution.CommunityTax0.02 (2%)Percentage of the inflation sent to the community pool.True
distribution.WithdrawAddrEnabledtrueEnables delegators to withdraw funds to a different address.True
gov.DepositParams.MaxDepositPeriod604800000000000 (1 week)Maximum period for token holders to deposit on a proposal in nanoseconds.True
gov.DepositParams.MinDeposit10_000_000_000 utia (10,000 TIA)Minimum deposit for a proposal to enter voting period.True
gov.TallyParams.Quorum0.334 (33.4%)Minimum percentage of total stake needed to vote for a result to be considered valid.True
gov.TallyParams.Threshold0.50 (50%)Minimum proportion of Yes votes for proposal to pass.True
gov.TallyParams.VetoThreshold0.334 (33.4%)Minimum value of Veto votes to Total votes ratio for proposal to be vetoed.True
gov.VotingParams.VotingPeriod604800000000000 (1 week)Duration of the voting period in nanoseconds.True
ibc.ClientGenesis.AllowedClients[]string{“06-solomachine”, “07-tendermint”}List of allowed IBC light clients.True
ibc.ConnectionGenesis.MaxExpectedTimePerBlock7500000000000 (75 seconds)Maximum expected time per block in nanoseconds under normal operation.True
ibc.Transfer.ReceiveEnabledtrueEnable receiving tokens via IBC.True
ibc.Transfer.SendEnabledtrueEnable sending tokens via IBC.True
mint.BondDenomutiaDenomination that is inflated and sent to the distribution module account.False
mint.DisinflationRate0.10 (10%)The rate at which the inflation rate decreases each year.False
mint.InitialInflationRate0.08 (8%)The inflation rate the network starts at.False
mint.TargetInflationRate0.015 (1.5%)The inflation rate that the network aims to stabalize at.False
slashing.DowntimeJailDuration1 minDuration of time a validator must stay jailed.True
slashing.MinSignedPerWindow0.75 (75%)The percentage of SignedBlocksWindow that must be signed not to get jailed.True
slashing.SignedBlocksWindow5000The range of blocks used to count for downtime.True
slashing.SlashFractionDoubleSign0.02 (2%)Percentage slashed after a validator is jailed for double signing.True
slashing.SlashFractionDowntime0.00 (0%)Percentage slashed after a validator is jailed for downtime.True
staking.BondDenomutiaBondable coin denomination.False
staking.HistoricalEntries10000Number of historical entries to persist in store.True
staking.MaxEntries7Maximum number of entries in the redelegation queue.True
staking.MaxValidators100Maximum number of validators.True
staking.MinCommissionRate0.05 (5%)Minimum commission rate used by all validators.True
staking.UnbondingTime1814400 (21 days)Duration of time for unbonding in seconds.False

Rationale

This section will cover the rationale of making a CIP to track Mainnet on-chain governance parameters to help the CIP process be the primary specification reference over time for those parameters. Parameters change over time, some can be added in future CIPs and authors can update this CIP doc with future ones to conveniently reflect the changes that are active on Celestia Mainnet.

This is the primary reason for recommending this document become a Living document. Furthermore as mentioned in the Motivation section, it helps ensure that changes to on-chain governance parameters happen off-chain due to ensuring the client teams in the Core Devs Call ensure rough consensus before proposing changes to consensus-critical on-chain governance parameters and activations that require a network upgrade.

Backwards Compatibility

The proposed parameters are intended for the Mainnet and some of the parameters do require a breaking network upgrade, which introduces backward incompatibility after a network upgrade if one of those values needs to be changed.

Security Considerations

Each parameter within the governance model must be scrutinized for its security implications. This would primarily happen in the Celestia Core Devs calls. Special attention should be paid to parameters that affect network consensus, as improper settings could lead to vulnerabilities.

Copyright and related rights waived via CC0.