Add /cosmos.authz.v1beta1.MsgExec to the Allowed ICA Host Messages

Summary

This proposal adds /cosmos.authz.v1beta1.MsgExec to the ICA host allowlist.
Osmosis already supports /cosmos.authz.v1beta1.MsgGrant and /cosmos.authz.v1beta1.MsgRevoke — adding MsgExec completes the core Authz set.

Background

The Interchain Accounts (ICA) module lets a controlled account on one chain perform transactions on another.
In Osmosis today, ICA hosts can grant and revoke permissions, but they cannot execute via MsgExec. This is the missing link for many automation and delegation patterns.

We’re integrating Intento with Osmosis to enable advanced interchain flows — e.g. DCA, token streaming, auto-compounding, and portfolio rebalancing. Intento executes these flows self-custodially via ICAs, without third-party smart contracts or custody.

Why MsgExec Matters

• Enables secure delegation inside ICA — allowing a hosted ICA to run batched, permissioned actions on behalf of a user.

• Improves efficiency — one hosted ICA can serve many users, reducing fee overhead and infra complexity.

• Preserves self-custody — flows enforce strict granter verification: the MsgExec signer must be the flow owner.

This doesn’t introduce new powers for ICAs beyond what regular accounts already have — it simply allows ICAs to use an existing, widely-tested message type.
We’ve already validated MsgExec in Osmosis testnet for:

• tokenstream.fun streaming flows

• StreamSwap contract calls

Current Supported Authz Messages in ICA

• /cosmos.authz.v1beta1.MsgGrant

• /cosmos.authz.v1beta1.MsgRevoke
  (plus others like MsgSend, MsgTransfer — see Osmosis ICA host params)

MsgExec lets an authorized account execute transactions granted via Authz.

Proposal Details

Add to ICA Allowlist:

• Message: /cosmos.authz.v1beta1.MsgExec

• Function: Executes any messages previously authorized by the granter.

Benefits

1. Parity with other chains – Neutron, Cosmos Hub, and Injective mainnets already allow this.

2. Completes Authz support – grant, revoke, and execute.

3. Enables advanced automation – critical for complex cross-chain integrations.

Risks & Mitigation

• Complexity – More allowed types can increase risk, but:

  • Any Osmosis account can already use MsgExec.

  • ICA accounts are just Osmosis accounts; allowing them this ability introduces no new network risk.

  • Extensively tested on high-value chains and in Osmosis testnet.

Implementation Plan

1. Testnet – Proposal #262 on Osmosis testnet submitted and validated.

2. Mainnet – Governance proposal for deployment.

Conclusion

Adding MsgExec to the ICA host allowlist is a high-utility improvement that aligns Osmosis with other IBC chains and unlocks new automation capabilities for integrators.

References:

• Adding authz messages into allowed ICA messages list

• Adding MsgCreateBalancerPool into approved ICA messages list

• Adding Superfluid messages into allowed ICA messages list

• Adding Poolmanager messages into allowed ICA messages list