Atonement

Cosmos formalizes chain-level sovereignty and interoperable communication without formalizing many of the retention and coordination mechanisms that other blockchain architectures place inside a shared settlement layer or common security regime. Inter-Blockchain Communication enables sovereign chains to exchange packets. The Cosmos SDK enables application-specific chains. But relayer continuity, route maintenance, monitoring quality, treasury stewardship, crisis management, and ecosystem legitimacy remain only partially formalized. This Article argues that sovereignty-first ecosystems therefore impose an institutional-completion requirement: residual institutions must perform the coordination, monitoring, and conflict-containment work that the strongest protocol layer leaves outside itself.

The Article develops that claim through Hirschman’s exit-voice-loyalty framework, Ostrom’s design principles, and Helmke and Levitsky’s typology of formal-informal institutional relations. It engages the closest adjacent scholarship on blockchain exit and forking, blockchain commons, DAO governance, and Cosmos Interchain Security. The empirical reconstruction focuses on three clusters: residual interdependence around relayers and route continuity, the 2023 liquid-staking-module governance crisis and subsequent Interchain Foundation accountability dispute, and AtomOne as design-level counter-design rather than as an already completed falsification test.

Several points require precision. Proposal 952 is treated correctly as an ICF no-confidence vote rather than as a late-stage liquid-staking proposal. AtomOne is treated as a design-level comparator whose constitutional structure can be analyzed now, while long-run stress-pattern evaluation remains a follow-up question. Interchain Security is analyzed as a failed counter-design whose limits strengthen rather than weaken the residual-formalization thesis. The Article’s contribution is therefore not a generic claim that Cosmos has governance problems. It is a specific institutional claim: sovereignty-first architectures redistribute governance burden into residual institutions, and when those institutions weaken, exit becomes more attractive relative to voice.

Keywords: Cosmos, institutional completion, Hirschman, Ostrom, Helmke-Levitsky, Interchain Security, AtomOne, IBC, relayers, blockchain governance, residual institutions.

Cosmos is often described as a sovereignty-first blockchain ecosystem. The description is accurate and incomplete. The SDK lets teams build application-specific chains. IBC lets those chains communicate without collapsing into a common settlement layer or single validator set. But sovereignty at the chain layer does not remove ecosystem dependence. It relocates dependence into relayers, channels, governance procedures, foundations, public coordination, and shared legitimacy.

This Article treats Cosmos as a residual-formalization case in the programme’s primary sense. Residual here refers to institutional work left outside the coded layer: maintenance, monitoring, stewardship, conflict management, and legitimacy production. The central claim is that sovereignty-first ecosystems impose an institutional-completion requirement. Formal architecture that reduces protocol-enforced commitments necessarily shifts coordinating and monitoring work onto residual institutions. When those institutions come under stress, exit becomes more attractive relative to voice, and branching becomes a recurrent governance response rather than an exceptional one.

Institutional completion names a specific architectural sequence. A sovereignty-first design formalizes autonomy and interoperability strongly while leaving retention, monitoring, repair, and legitimacy-production less fully specified. Those omitted functions do not disappear. They reappear as burdens on relayer operators, foundations, governance forums, and other ecosystem bodies. The concept therefore does different work from a general public-goods story or a generic account of informal coordination. It identifies the mismatch between what the architecture formalizes most strongly and what the ecosystem still has to supply in order to remain governable.

The argument is narrower than earlier drafts. It does not claim to explain all cryptoeconomic governance or all sovereign-appchain systems. It does not claim to measure loyalty directly. It does not treat AtomOne as a completed empirical test. It advances a Cosmos-specific argument with bounded comparative implications: the architecture leaves key retention and repair functions outside its strongest formal commitments, and later political stress reveals how consequential those residual institutions were.

Three episodes make the case visible. First, relayer and route maintenance show that interoperability without shared settlement remains operationally dependent on under-formalized ecosystem work. Second, the liquid-staking-module crisis and the Interchain Foundation reporting dispute reveal that monitoring, disclosure, and stewardship were not peripheral questions but core institutional supports. Third, AtomOne shows how actors inside the ecosystem attempted to constitutionalize functions they believed Cosmos Hub governance had left too informal.

Williamson is relevant but not primary. Transaction-cost economics can describe parts of the case, especially validator investment, relayer persistence, and incomplete contracting around interchain arrangements. Allen, Berg, and Davidson’s analysis of Interchain Security makes that explicit. But this Article’s central object is not governance-form choice in the Williamsonian market-hybrid-hierarchy sense. It is the institutional burden that remains after a sovereignty-first architectural commitment has already been made. Hirschman, Ostrom, and Helmke-Levitsky therefore remain primary, while Williamson and Vatiero are engaged as important adjacent resources rather than as the paper’s main frame.

The Article is a public-architecture and public-governance study. It relies on four source classes.

First, protocol and documentation sources establish the baseline architecture: Cosmos SDK materials, IBC materials, Interchain Security materials, and AtomOne constitutional and launch materials. Second, governance sources establish formal voice and public institutional conflict: governance proposals, forum discussions, and associated public records. Third, operational materials establish residual maintenance burden: relayer documentation, subsidy requests, and public service commitments. Fourth, public disclosures and reporting reconstruct the LSM and Interchain Foundation controversies.

Source asymmetry matters. Repository and governance artifacts are stronger than press coverage. Interested-party disclosures can still be important, especially where they reveal what public participants were told and when. The Article therefore distinguishes between strong architectural claims, which rest on public formal artifacts, and interpretive crisis claims, which rest on mixed evidentiary surfaces.

Forensic discipline therefore matters more than decimal precision. The governance surfaces that do most of the work here are public and nameable: Cosmos forum materials around Proposal 787 and Grace Yu’s Proposal 952 no-confidence thread, public governance interfaces such as Tally, the AtomOne constitution and launch materials, Polkachu’s gm-ibc documentation, and the Interchain Foundation Treasury Snapshot series. The Article deliberately avoids building its institutional argument on exact vote percentages where the stronger point is proposal identity, source class, and sequence.

The behavioral boundary also matters. This Article does not measure loyalty through interviews or survey instruments. Its Hirschman claims are strongest on observable exit and voice, and more cautious on loyalty. Loyalty is treated as an institutional achievement inferred from patterns of alignment, public trust, and continued participation, not as a directly measured psychological variable.

Cosmos formalizes sovereignty at the chain layer. That is the beginning of the story, not the end. Interoperability depends on relayers, route continuity, governance-mediated upgrades, and counterpart coordination. These are not small details. They are the operational conditions under which sovereign interoperability works at all.

The best evidence here is concrete. Public relayer operators document extensive unpaid or under-subsidized maintenance burdens. Polkachu reports operating dozens of relayer hubs and hundreds of IBC relay channels. Its gm-ibc documentation states plainly that every relayer ends up maintaining its own infrastructure and that channels can remain broken before anyone notices. Governance subsidy requests reinforce the same point. Cosmos Hub Proposal 2399 sought an 8,000 ATOM fee-grant subsidy for relayer gas after fee increases. Persistence Proposal 3413 sought roughly 40,113 XPRT for a two-month relayer service commitment across ten chains with a 99 percent service target. These are not signs of trivial operational substitution. They are signs that interoperability depends on real ecosystem labor.

The economic structure of that labor is constitutive of the argument and bears its own analytical weight. Route continuity creates ecosystem-wide value, but the costs appear in operator-specific form: infrastructure upkeep, gas expenditure, monitoring time, upgrade coordination, and response capacity when channels fail. Benefits are diffuse across chains and users; costs are concentrated in the organizations that keep routes live. That is why subsidy politics recur. The architecture creates a maintenance function with public-good characteristics but does not embed a strong automatic financing mechanism for it. Institutional completion therefore has a fiscal dimension as well as a governance one.

Nabben’s language of self-infrastructuring is useful here. Cosmos continuously rebuilds the maintenance conditions that make its interchain protocol meaningful in practice. Route continuity, client upgrades, fee markets, and relayer persistence are part of the governance problem even when they are not coded as governance modules.

Interchain Security was the most explicit attempt to formalize some of this dependence more strongly. That matters because it shows Cosmos’s own recognition that sovereignty without stronger attachment mechanisms carried limits. But ICS now reads more as failed counter-design than as stable institutional completion. The exit of early consumer arrangements, the migration of others, and Gaia’s disabling of new consumer-chain creation all suggest that the attempt did not become the durable solution its advocates hoped for. The residual burden returned elsewhere.

The strongest theoretical contribution remains the combined Helmke-Levitsky and Ostrom reading of the ecosystem.

Complementary informal institutions appear where validator coordination, relayer operation, and conference-centered discussion reinforce formal governance rather than displace it. Accommodating institutions appear where lobbying, coalition-building, and off-chain pressure shape formal outcomes without openly contesting formal rules. Competing institutions appear most clearly in the LSM crisis, where informational and trust conflicts cut against the effectiveness of the formal process itself. Substitutive institutions appear where the Interchain Foundation, relayer operators, and other ecosystem bodies perform tasks the architecture cannot complete by itself.

The point is not that these categories are metaphysically pure. The reviewer was right that they are adversarially reassignable if left undefended. The point is that the ecosystem simultaneously exhibits multiple formal-informal relations and that this coexistence is analytically consequential. That remains a real contribution.

The assignments are strongest when tied to specific formal rules. Validator and relayer coordination are complementary because they help the existing governance and interoperability rules work as intended. Coalition-building around proposals is accommodating because it operates through the formal process while reshaping its practical use. The LSM controversy is competing because the informational conflict damaged the capacity of the formal process to generate trusted outcomes. Interchain Foundation stewardship and relayer subsidy arrangements are substitutive because they perform monitoring, treasury communication, and continuity functions the architecture does not itself specify in enforceable protocol form.

The process tracing is strongest when each assignment is tied to a visible formal surface. Complementary relations attach to IBC continuity and governance execution rules that still require operators to keep channels live in practice. Accommodating relations attach to proposal-centered voice, where coalition building and conference politics influence outcomes without replacing voting itself. Competing relations attach to the 790-821-952 sequence, where the formal governance path remained available but confidence in the information entering that path became a contested object. Substitutive relations attach to stewardship and continuity functions visible in the Treasury Snapshot repair effort and relayer-subsidy proposals such as 2399 and 3413, where actors supplied monitoring and maintenance work that the architecture did not fully constitutionalize.

Ostrom sharpens the same diagnosis from another angle. Cosmos strongly supports rights to organize and nested enterprises. It only partially supports boundaries, congruence, and collective choice in the Ostromian sense. Monitoring, graduated sanctions, and conflict resolution remain the weakest points. This distribution is exactly what the institutional-completion argument predicts: the architecture formalizes sovereignty-supporting principles more strongly than crisis-management and stewardship principles.

AtomOne should not be treated as an already completed falsification test. It is too young for that. The right use is design-level comparison.

On that level, AtomOne is extremely informative. The relevant dates and terms matter. The airdrop snapshot belongs to November 25, 2023, not January 2024. GovGen’s governance-chain launch is a separate February 27, 2024 event. The mainnet token is ATONE, not the earlier provisional ATOM1 label. Its constitutional design also matters more than earlier drafts allowed. Ordinary supermajority and constitutional-majority thresholds are not the same thing, and the latter sits above 90 percent rather than at two-thirds or three-quarters.

Those specifics matter because AtomOne’s design constitutes a systematic formalization of the monitoring, agenda control, constitutional amendment, and oversight functions that Cosmos Hub governance was perceived to leave too informal. That makes AtomOne a design-level counter-design to the institutional-completion problem. It does not yet give us enough time horizon to claim long-run comparative success or failure. It does tell us what some actors inside the ecosystem thought had to be constitutionalized if the same pattern was to be avoided.

The causal linkage also has to be stated carefully. The public October 2024 DPRK disclosure post-dates AtomOne mainnet. So the claim cannot be a naive "public scandal caused AtomOne design." The tighter claim is that visible governance stress around monitoring, stewardship, agenda discipline, and legitimacy helped shape the counter-design, while later disclosures amplified rather than created the sense that institutional safeguards had been inadequate.

That narrower use also solves the timing problem in earlier drafts. AtomOne is not yet old enough to function as a completed stress-pattern falsification test at a 24-to-36-month horizon. It is, however, old enough to function as a design document written in institutional form. As such, it reveals which missing functions participants believed needed stronger constitutional treatment.

The paper’s central claim would weaken under three conditions.

First, it would weaken if comparable sovereignty-first ecosystems repeatedly sustained contested governance without relying on significant residual maintenance, monitoring, or legitimacy work outside the coded layer. Second, it would weaken if IBC continuity and route maintenance turned out to be operationally trivial rather than institutionally costly. Third, it would weaken if later evidence showed that formal constitutional redesign in AtomOne produces no meaningful difference at all in how governance stress is metabolized over time.

Alternative explanations still deserve engagement. Founder politics plainly matter. Market conditions matter. External regulation matters at the margin. But none of those explanations replaces the institutional-completion argument because none explains why these particular sites of weakness, monitoring, stewardship, relayer continuity, and governance legitimacy, became so load-bearing in a sovereignty-first architecture.

The scope is deliberately narrow. This is a Cosmos-specific paper with bounded implications for other sovereignty-oriented systems. It does not claim the same mechanism explains Ethereum, Solana, or Bitcoin directly. It argues only that when a blockchain ecosystem formalizes sovereignty and interoperability more strongly than monitoring and retention, the omitted work does not disappear. It returns as residual institutional burden.

Cosmos shows that sovereignty and interdependence are not opposites. A sovereignty-first architecture can formalize autonomy while still depending heavily on residual institutions for maintenance, monitoring, legitimacy, and crisis repair.

That is the contribution of the institutional-completion claim. The architecture does not abolish governance burden. It redistributes it. Relayers, route coordinators, foundations, public governance processes, and legitimacy-producing institutions become the places where the system’s stability is actually carried.

Put more mechanically, the sequence runs as follows. Sovereignty-first design weakens shared enforcement and shared retention at the protocol layer. That design choice pushes continuity, monitoring, and repair into actors that sit outside the strongest formal commitments. Those actors then require subsidies, legitimacy, and discretionary coordination to keep the ecosystem coherent. When any of those supports weaken, the architecture has fewer internal shock absorbers than a more vertically integrated system. Institutional completion is the name for that sequence.

The LSM crisis, the ICF no-confidence episode, and AtomOne’s constitutional redesign attempt all make the same point from different angles. Residual institutions were not secondary to Cosmos governance. They were among its core supports. When those supports weakened, exit became more attractive relative to voice, and the ecosystem’s sovereignty-first character expressed itself not as frictionless pluralism but as institutional strain.

That is why Cosmos matters to the broader programme. It shows a version of residual consequence that is neither settlement concentration nor claim partitioning nor commensuration failure. It is the persistence of ecosystem maintenance and legitimacy work after sovereignty has been formalized at the chain layer. The code narrowed some commitments. The institution still had to be completed.