IBC Rate-Limiter Extension

x/ibcratelimiterext adds an independent, governance-managed operator whitelist for IBC rate-limiter operations. Packet enforcement remains the same as upstream ratelimiting middleware. The extension stores its own whitelist, lets governance update that whitelist through MsgUpdateParams, and lets whitelisted operators call rate-limiter mutation APIs.

Operation authorization

An address can operate the rate limiter if it can execute:

MsgAddRateLimit
MsgUpdateRateLimit
MsgRemoveRateLimit
MsgResetRateLimit

Authorization passes when either:

The signer is the ratelimiting authority, normally governance authority.
The signer is in the ibcratelimiterext whitelist.

Authority authorization is evaluated on the canonical decoded bech32 address, not raw input string casing.

Architecture

Area	Behavior
Independent whitelist module	`x/ibcratelimiterext` owns `Params.whitelist`, `MsgUpdateParams`, and `QueryWhitelist`.
Ratelimiter service override	Keeps ratelimiting data plane, queries, and genesis, but overrides `ratelimit.v1.Msg` authorization.
Middleware stack v1	`transfer -> erc20 -> callbacks -> ratelimiting -> channel`
Middleware stack v2	`transferv2 -> erc20v2 -> ratelimitingv2`

Default genesis

{
  "ibcratelimiterext": {
    "params": {
      "whitelist": []
    }
  }
}

params.whitelist contains bech32 account addresses allowed to execute rate-limiter write operations through this extension. Default is empty, so only ratelimiter authority can operate those commands until whitelist entries are added. The upstream ratelimiting module has its own separate genesis in app_state.ratelimiting, including hour_epoch. ibcratelimiterext does not store or initialize those ratelimiting fields.

Query CLI

ctmd query ibcratelimiterext whitelist --node <rpc> --chain-id <chain-id>
ctmd query ibcratelimiterext list-rate-limits --node <rpc> --chain-id <chain-id>
ctmd query ibcratelimiterext rate-limit channel-0 --denom ibc/ABCDEF123 --node <rpc> --chain-id <chain-id>
ctmd query ibcratelimiterext rate-limits-by-chain osmosis-1 --node <rpc> --chain-id <chain-id>
ctmd query ibcratelimiterext list-blacklisted-denoms --node <rpc> --chain-id <chain-id>
ctmd query ibcratelimiterext list-whitelisted-addresses --node <rpc> --chain-id <chain-id>

Transaction CLI

Whitelist updates are authority-only:

ctmd tx ibcratelimiterext update-params \
  --whitelist "c8...,c8..." \
  --from <gov-authority-wallet> \
  --chain-id <chain-id> \
  --node <rpc> \
  --gas auto --gas-adjustment 1.4 \
  --fees 5000ctm

Rate-limit write commands require either governance authority or a whitelisted operator:

ctmd tx ibcratelimiterext add-rate-limit channel-0 ibc/ABCDEF123 \
  --max-percent-send 10 \
  --max-percent-recv 20 \
  --duration-hours 24 \
  --from <operator-wallet> \
  --chain-id <chain-id> \
  --node <rpc> \
  --gas auto --gas-adjustment 1.4 \
  --fees 5000ctm

ctmd tx ibcratelimiterext update-rate-limit channel-0 ibc/ABCDEF123 \
  --max-percent-send 15 \
  --max-percent-recv 25 \
  --duration-hours 24 \
  --from <operator-wallet> \
  --chain-id <chain-id> \
  --node <rpc> \
  --gas auto --gas-adjustment 1.4 \
  --fees 5000ctm

ctmd tx ibcratelimiterext remove-rate-limit channel-0 ibc/ABCDEF123 \
  --from <operator-wallet> \
  --chain-id <chain-id> \
  --node <rpc> \
  --gas auto --gas-adjustment 1.4 \
  --fees 5000ctm

ctmd tx ibcratelimiterext reset-rate-limit channel-0 ibc/ABCDEF123 \
  --from <operator-wallet> \
  --chain-id <chain-id> \
  --node <rpc> \
  --gas auto --gas-adjustment 1.4 \
  --fees 5000ctm

​Operation authorization

​Architecture

​Default genesis

​Query CLI

​Transaction CLI

Operation authorization

Architecture

Default genesis

Query CLI

Transaction CLI