fix(app): RootMultiStore interface and version mismatch(backport:#1179)

[songgaoye]

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

solution:
update memival,store,versondb
related prs
crypto-org-chain/cronos#1684
crypto-org-chain/cronos#1685
crypto-org-chain/cronos#1688
(Do not include versionDB.SetSkipVersionZero(true) in app.go)
crypto-org-chain/cronos#1751
crypto-org-chain/cronos#1759
(note: Do not include cronos storeloader and upgrades)

note:
I don't use this.
crypto-org-chain/cronos#1780
because it update rocksdbs from version 9.2.1 to 9.11.2
and grocksdb from 1.9.2 to v1.9.10-0.20250331012329-9d5f074653d1
I need to look into the differences.

PR Checklist:

• Have you read the CONTRIBUTING.md?
• Does your PR follow the C4 patch requirements?
• Have you rebased your work on top of the latest master?
• Have you checked your code compiles? (make)
• Have you included tests for any non-trivial functionality?
• Have you checked your code passes the unit tests? (make test)
• Have you checked your code formatting is correct? (go fmt)
• Have you checked your basic code style is fine? (golangci-lint run)
• If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
• If your changes affect the client infrastructure, have you run the integration test?
• If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
• If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
• If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

[codecov]

Codecov Report

❌ Patch coverage is 28.57143% with 60 lines in your changes missing coverage. Please review.
✅ Project coverage is 34.22%. Comparing base (bcd5bcb) to head (30260dc).
⚠️ Report is 2 commits behind head on release/v6.

Files with missing lines	Patch %	Lines
cmd/chain-maind/app/versiondb.go	25.64%	57 Missing and 1 partial ⚠️
cmd/chain-maind/app/versiondb_placeholder.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@              Coverage Diff               @@
##           release/v6    #1180      +/-   ##
==============================================
- Coverage       34.25%   34.22%   -0.03%     
==============================================
  Files             101      101              
  Lines           17423    17507      +84     
==============================================
+ Hits             5968     5992      +24     
- Misses          10503    10562      +59     
- Partials          952      953       +1     

Flag	Coverage Δ
integration_tests	24.08% <29.26%> (+0.02%)	⬆️
integration_tests_byzantine	11.25% <29.26%> (+0.08%)	⬆️
integration_tests_gov	11.50% <29.26%> (+0.08%)	⬆️
integration_tests_grpc	11.50% <29.26%> (+0.08%)	⬆️
integration_tests_ibc	26.65% <29.26%> (+0.01%)	⬆️
integration_tests_ledger	11.48% <29.26%> (+0.08%)	⬆️
integration_tests_slow	11.48% <29.26%> (+0.08%)	⬆️
integration_tests_solomachine	11.29% <29.26%> (+0.08%)	⬆️
integration_tests_upgrade	11.50% <29.26%> (+0.08%)	⬆️
unit_tests	11.86% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[semgrep-code-crypto-org-chain]

High severity vulnerability introduced by a package you're using:
Line 24 lists a dependency (github.com/cosmos/cosmos-sdk) with a known High severity vulnerability. Fixing requires upgrading or replacing the dependency.

ℹ️ Why this matters

Affected versions of github.com/cosmos/cosmos-sdk are vulnerable to Integer Overflow or Wraparound. A malicious validator can exploit improperly handled arithmetic in the distribution module by making a crafted deposit to the validator rewards pool. This integer overflow can trigger a chain halt, resulting in a denial-of-service.

References: GHSA

To resolve this comment:
Upgrade this dependency to at least version 0.50.14 at go.mod.

💬 Ignore this finding

To ignore this, reply with:

• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons

_{You can view more details on this finding in the Semgrep AppSec Platform here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	golang/​github.com/​crypto-org-chain/​cosmos-sdk@​v0.50.6-0.20250515092613-f67eec43305b

View full report