Summary of Bug

MsgRegisterCounterparty accepts an unbounded counterparty_merkle_prefix ([][]byte) and the keeper persists it directly in the client store. This enables durable state bloat by registering multi‑KB prefixes or a very large number of prefix parts.

Expected Behaviour

The counterparty_merkle_prefix should be size-bounded (per-part and total bytes, and ideally also max number of parts) so users cannot persist arbitrarily large metadata in the IBC client store.

Actual Behaviour

No size limits are enforced on counterparty_merkle_prefix elements or list length, one can amplify by creating many clients and registering large prefixes once per client (bounded only by tx size limits/fees).

Version

v10.4.0

Steps to Reproduce

• Create a new IBC client (permissionless).
• Submit MsgRegisterCounterparty for that client, with either:
  Large part bloat: one prefix element sized in the multi‑KB range, or
  List bloat: a very large number of small prefix parts.
• Observe the stored CounterpartyInfo in the client store contains the large prefix bytes and remains persisted (increasing state/snapshot size).

For Admin Use

• Not duplicate issue
• Appropriate labels applied
• Appropriate contributors tagged/assigned
• Estimate provided