Atonement

Cosmos formalizes chain-level sovereignty and interoperable communication without formalizing many of the retention and coordination mechanisms that other blockchain architectures place inside a shared settlement layer or common security regime. Inter-Blockchain Communication enables sovereign chains to exchange packets. The Cosmos SDK enables application-specific chains. Relayer continuity, route maintenance, monitoring quality, treasury stewardship, crisis management, and ecosystem legitimacy remain only partially formalized. Sovereignty-first ecosystems therefore impose an institutional-completion requirement: residual institutions must perform the coordination, monitoring, and conflict-containment work that the strongest protocol layer leaves outside itself.

The claim is developed through Hirschman’s (1970) exit-voice-loyalty framework, Ostrom’s (1990) design principles, and Helmke and Levitsky’s (2004) typology of formal-informal institutional relations. It engages the closest adjacent scholarship on blockchain exit and forking, blockchain commons, DAO governance, and Cosmos Interchain Security. The empirical reconstruction focuses on three clusters: residual interdependence around relayers and route continuity, the 2023 liquid-staking-module governance crisis and subsequent Interchain Foundation accountability dispute, and AtomOne as a design-level counter-design with completed falsification still unavailable.

Several points require precision. Proposal 952 is an ICF no-confidence vote; it is separate from late-stage liquid-staking proposals. AtomOne is treated as a design-level comparator whose constitutional structure can be analyzed now, while long-run stress-pattern evaluation remains a follow-up question. Interchain Security is analyzed as a limited and retreating counter-design whose public difficulties make the residual-formalization thesis visible without proving it as a general law. The institutional claim is specific: sovereignty-first architectures redistribute governance burden into residual institutions, and when those institutions weaken, exit becomes more attractive relative to voice.

Keywords: Cosmos, institutional completion, Hirschman, Ostrom, Helmke-Levitsky, Interchain Security, AtomOne, IBC, relayers, blockchain governance, residual institutions.

Cosmos is often described as a sovereignty-first blockchain ecosystem. The description is accurate and incomplete. The SDK lets teams build application-specific chains, and IBC lets those chains communicate without collapsing into a common settlement layer or single validator set (Kwon and Buchman 2016). Sovereignty at the chain layer relocates ecosystem dependence into relayers, channels, governance procedures, foundations, public coordination, and shared legitimacy.

Cosmos is a residual-formalization case because sovereignty is strongly specified at the chain layer while maintenance, monitoring, stewardship, conflict management, and legitimacy production remain institutional burdens outside the coded layer. The central claim is that sovereignty-first ecosystems impose an institutional-completion requirement. Formal architecture that reduces protocol-enforced commitments necessarily shifts coordinating and monitoring work onto residual institutions. When those institutions come under stress, exit becomes more attractive relative to voice, and branching becomes a recurrent governance response.

Institutional completion names a specific architectural sequence. A sovereignty-first design formalizes autonomy and interoperability strongly while leaving retention, monitoring, repair, and legitimacy-production less fully specified. Those omitted functions do not disappear. They reappear as burdens on relayer operators, foundations, governance forums, and other ecosystem bodies. The concept therefore does different work from a general public-goods story or a generic account of informal coordination. It identifies the mismatch between what the architecture formalizes most strongly and what the ecosystem still has to supply in order to remain governable.

The claim is Cosmos-specific and bounded. The architecture leaves key retention and repair functions outside its strongest formal commitments, and later political stress reveals how consequential those residual institutions were. Loyalty is inferred from observable alignment, public trust, continued participation, and exit or branch behavior. AtomOne functions as a design-level comparator, with long-run stress-pattern evaluation left to follow-up work.

Three episodes make the case visible. First, relayer and route maintenance show that interoperability without shared settlement remains operationally dependent on under-formalized ecosystem work. Second, the liquid-staking-module crisis and the Interchain Foundation reporting dispute reveal monitoring, disclosure, and stewardship as core institutional supports. Third, AtomOne shows how actors inside the ecosystem attempted to constitutionalize functions they believed Cosmos Hub governance had left too informal.

Williamson (1985) is relevant but secondary. Transaction-cost economics can describe parts of the case, especially validator investment, relayer persistence, and incomplete contracting around interchain arrangements. The application of transaction-cost economics to blockchain institutions is itself established (Davidson, De Filippi, and Potts 2018), and Allen, Berg, and Davidson’s (2023) analysis of Interchain Security makes that explicit for shared security. The central object is the institutional burden that remains after a sovereignty-first architectural commitment has already been made. Hirschman, Ostrom, and Helmke-Levitsky remain primary, while Williamson and Vatiero are engaged as adjacent resources.

The analysis is a public-architecture and public-governance study, structured as a theory-developing single-case design (George and Bennett 2005; Gerring 2007). It relies on four source classes.

First, protocol and documentation sources establish the baseline architecture: Cosmos SDK materials, IBC materials, Interchain Security materials, and AtomOne constitutional and launch materials. Second, governance sources establish formal voice and public institutional conflict: governance proposals, forum discussions, and associated public records. Third, operational materials establish residual maintenance burden: relayer documentation, subsidy requests, and public service commitments. Fourth, public disclosures and reporting reconstruct the LSM and Interchain Foundation controversies.

Source asymmetry matters. Repository and governance artifacts are stronger than press coverage. Interested-party disclosures can still be important, especially where they reveal what public participants were told and when. The analysis therefore distinguishes between strong architectural claims, which rest on public formal artifacts, and interpretive crisis claims, which rest on mixed evidentiary surfaces.

Forensic discipline therefore matters more than decimal precision. The governance surfaces that do most of the work here are public and nameable: Cosmos forum materials around Proposal 787 and Grace Yu’s Proposal 952 no-confidence thread, governance records such as Observatory and Polkachu, the AtomOne constitution and launch materials, Polkachu’s gm-ibc documentation, Cosmos Hub governance and liquid-staking documentation, and the Interchain Foundation Treasury Snapshot series. The source spine was refreshed on May 4, 2026; a May 17 local packet then pinned exact proposal fields, vote windows, final tallies, AtomOne Proposal 2 API custody, and corrected relayer proposal identifiers. The institutional argument does not rely on exact vote percentages where the stronger point is proposal identity, source class, and sequence.

The sequence would weaken if the public record showed that route continuity, reporting, monitoring, and constitutional redesign were isolated adjacent episodes, with no recurrence as architecture-produced burdens. It would also weaken if later evidence showed that comparable sovereignty-first ecosystems absorbed the same stresses through protocol-level mechanisms without relying on residual institutions.

The behavioral boundary is observable exit and voice. Loyalty is treated more cautiously as an institutional achievement inferred from patterns of alignment, public trust, and continued participation; no psychological measurement is attempted.

Cosmos formalizes sovereignty at the chain layer. That is the beginning of the story, not the end. Interoperability depends on relayers, route continuity, governance-mediated upgrades, and counterpart coordination. These are not small details. They are the operational conditions under which sovereign interoperability works at all.

The evidence is concrete. Public relayer operators document extensive unpaid or under-subsidized maintenance burdens. Polkachu reports operating dozens of relayer hubs and hundreds of IBC relay channels. Its gm-ibc documentation states plainly that every relayer ends up maintaining its own infrastructure and that channels can remain broken before anyone notices. Governance subsidy requests reinforce the same point. Cosmos Hub Proposal 862 (Cosmos Hub Governance 2023) sought an 8,000 ATOM fee-grant subsidy for relayer gas after fee increases. Persistence Proposal 97 (Persistence Governance 2024) sought roughly 40,113 XPRT for a two-month relayer service commitment across ten chains with a 99 percent service target. Interoperability depends on material ecosystem labor.

The economic structure of that labor is constitutive of the argument and bears its own analytical weight. Route continuity creates ecosystem-wide value, but the costs appear in operator-specific form: infrastructure upkeep, gas expenditure, monitoring time, upgrade coordination, and response capacity when channels fail. Benefits are diffuse across chains and users; costs are concentrated in the organizations that keep routes live. That is why subsidy politics recur. The architecture creates a maintenance function with public-good characteristics but does not embed a strong automatic financing mechanism for it. Institutional completion therefore has a fiscal dimension as well as a governance one.

Nabben’s language of self-infrastructuring (Nabben 2023) is useful here. Cosmos continuously rebuilds the maintenance conditions that make its interchain protocol meaningful in practice. Route continuity, client upgrades, fee markets, and relayer persistence are part of the governance problem even when they are not coded as governance modules.

Interchain Security was the most explicit attempt to formalize some of this dependence more strongly. Cosmos therefore recognized that sovereignty without stronger attachment mechanisms carried limits. By 2026, ICS reads less as stable institutional completion than as a limited counter-design whose replicated-security path had lost momentum. The exit of early consumer arrangements, the migration of others, and Gaia’s disabling of new consumer-chain creation all suggest that the attempt did not become the durable solution its advocates hoped for. The residual burden returned elsewhere.

Helmke-Levitsky supplies the coding discipline for residual institutions, and Ostrom supplies the diagnostic for governance functions the architecture weakly supports.

The Helmke-Levitsky assignments depend on two questions: whether the informal or off-chain practice converges with the formal institution’s purpose, and whether the formal institution is effective enough to do the work on its own. Complementary relations support effective formal rules. Accommodating relations work around formal rules while continuing to use them. Competing relations pull against formal outcomes and weaken the formal process’s capacity to generate trusted decisions. Substitutive relations supply a function that the formal architecture needs but has left institutionally incomplete.

Complementary informal institutions appear where validator coordination, relayer operation, and conference-centered discussion reinforce formal governance. Accommodating institutions appear where lobbying, coalition-building, and off-chain pressure shape formal outcomes without openly contesting formal rules. Competing institutions are most visible in the LSM crisis, where informational and trust conflicts cut against the effectiveness of the formal process itself. Substitutive institutions appear where the Interchain Foundation, relayer operators, and other ecosystem bodies perform tasks the architecture cannot complete by itself.

These categories are adversarially reassignable if left undefended, so their value depends on assignment discipline. The ecosystem simultaneously exhibits multiple formal-informal relations, and that coexistence is analytically consequential.

The assignments are strongest when tied to specific formal rules. Validator and relayer coordination are complementary because they help the existing governance and interoperability rules work as intended. Coalition-building around proposals is accommodating because it operates through the formal process while reshaping its practical use. The LSM controversy is competing because the informational conflict damaged the capacity of the formal process to generate trusted outcomes. Interchain Foundation stewardship and relayer subsidy arrangements are substitutive because they perform monitoring, treasury communication, and continuity functions the architecture does not itself specify in enforceable protocol form.

The process tracing is strongest when each assignment is tied to a visible formal surface. Complementary relations attach to IBC continuity and governance execution rules that still require operators to keep channels live in practice. Accommodating relations attach to proposal-centered voice, where coalition building and conference politics influence outcomes without replacing voting itself. Competing relations attach to the 790-821-952 sequence, where the formal governance path remained available but confidence in the information entering that path became a contested object. Substitutive relations attach to stewardship and continuity functions visible in the Treasury Snapshot repair effort and relayer-subsidy proposals such as Cosmos Hub Proposal 862 and Persistence Proposal 97, where actors supplied monitoring and maintenance work that the architecture did not fully constitutionalize.

Ostrom sharpens the same diagnosis from another angle. Cosmos strongly supports rights to organize and nested enterprises. It only partially supports boundaries, congruence, and collective choice in the Ostromian sense. Monitoring, graduated sanctions, and conflict resolution remain the weakest points. This distribution is exactly what the institutional-completion argument predicts: the architecture formalizes sovereignty-supporting principles more strongly than crisis-management and stewardship principles.

AtomOne should not be treated as an already completed falsification test. It is too young for that. The right use is design-level comparison.

On that level, AtomOne is extremely informative. The relevant dates and terms matter. The airdrop snapshot belongs to November 25, 2023, not January 2024. GovGen’s governance-chain launch is a separate February 27, 2024 event. The mainnet token is ATONE, not the earlier provisional ATOM1 label. Its constitutional design is central to the comparison. Ordinary supermajority and constitutional-majority thresholds are not the same thing, and the latter sits above 90 percent, beyond two-thirds or three-quarters.

Those specifics matter because AtomOne’s design constitutes a systematic formalization of the monitoring, agenda control, constitutional amendment, and oversight functions that Cosmos Hub governance was perceived to leave too informal. That makes AtomOne a design-level counter-design to the institutional-completion problem. The available time horizon is too short to claim long-run comparative success or failure. The design still shows what some actors inside the ecosystem thought had to be constitutionalized if the same pattern was to be avoided.

The causal linkage also has to be stated carefully. The October 2024 disclosure controversy post-dates AtomOne mainnet, so the claim cannot be a direct scandal-to-design sequence. The tighter claim is that visible governance stress around monitoring, stewardship, agenda discipline, and legitimacy helped shape the counter-design, while later disclosures amplified an existing sense that institutional safeguards had been inadequate.

AtomOne is too young to function as a completed stress-pattern falsification test at a 24-to-36-month horizon. It can function as a design document written in institutional form. As such, it reveals which missing functions participants believed needed stronger constitutional treatment.

The central claim would weaken under three conditions.

First, it would weaken if comparable sovereignty-first ecosystems repeatedly sustained contested governance without relying on significant residual maintenance, monitoring, or legitimacy work outside the coded layer. Second, it would weaken if IBC continuity and route maintenance turned out to be operationally trivial and institutionally light. Third, it would weaken if later evidence showed that formal constitutional redesign in AtomOne produces no meaningful difference at all in how governance stress is metabolized over time.

Alternative explanations still deserve engagement. Founder politics plainly matter. Market conditions matter. External regulation matters at the margin. Those explanations do not replace the institutional-completion argument because they do not explain why these particular sites of weakness, monitoring, stewardship, relayer continuity, and governance legitimacy, became so load-bearing in a sovereignty-first architecture.

The scope is deliberately narrow: a Cosmos-specific paper with bounded implications for other sovereignty-oriented systems. The mechanism addresses cases where a blockchain ecosystem formalizes sovereignty and interoperability more strongly than monitoring and retention. In that setting, omitted work returns as residual institutional burden.

Cosmos shows that sovereignty and interdependence are not opposites. A sovereignty-first architecture can formalize autonomy while still depending heavily on residual institutions for maintenance, monitoring, legitimacy, and crisis repair.

That is the force of the institutional-completion claim. The architecture redistributes governance burden into relayers, route coordinators, foundations, public governance processes, and legitimacy-producing institutions, which become the places where the system’s stability is carried.

Put more mechanically, the sequence runs as follows. Sovereignty-first design weakens shared enforcement and shared retention at the protocol layer. That design choice pushes continuity, monitoring, and repair into actors that sit outside the strongest formal commitments. Those actors then require subsidies, legitimacy, and discretionary coordination to keep the ecosystem coherent. When any of those supports weaken, the architecture has fewer internal shock absorbers than a more vertically integrated system. Institutional completion is the name for that sequence.

The LSM crisis, the ICF no-confidence episode, and AtomOne’s constitutional redesign attempt all make the same point from different angles. Residual institutions were core supports of Cosmos governance. When those supports weakened, exit became more attractive relative to voice, and the ecosystem’s sovereignty-first character expressed itself as institutional strain.

Cosmos shows a version of residual consequence that is neither settlement concentration nor claim partitioning nor commensuration failure. It is the persistence of ecosystem maintenance and legitimacy work after sovereignty has been formalized at the chain layer. The code narrowed some commitments while leaving ecosystem maintenance and legitimacy work to residual institutions.