extract verifier finality config

Author: RensR

chains/evm/.gas-snapshot

@@ -446,6 +446,14 @@ contract CCTPVerifier is Ownable2StepMsgSender, BaseVerifier {
     _applyAllowlistUpdates(allowlistConfigArgsItems);
   }
 
+  /// @notice Sets the finality config according to the FinalityCodec library encoding.
+  /// @param allowedFinality The finality settings allowed by this verifier.
+  function setAllowedFinalityConfig(
+    bytes4 allowedFinality
+  ) external onlyOwner {
+    _setAllowedFinalityConfig(allowedFinality);
+  }
+
   /// @notice Updates the storage location identifiers.
   /// @param newLocations The new storage location identifiers.
   function updateStorageLocations(

chains/evm/contracts/ccvs/CCTPVerifier.sol

@@ -163,6 +163,14 @@ contract CommitteeVerifier is Ownable2StepMsgSender, ICrossChainVerifierV1, Sign
     _applyAllowlistUpdates(allowlistConfigArgsItems);
   }
 
+  /// @notice Sets the finality config according to the FinalityCodec library encoding.
+  /// @param allowedFinality The finality settings allowed by this verifier.
+  function setAllowedFinalityConfig(
+    bytes4 allowedFinality
+  ) external onlyOwner {
+    _setAllowedFinalityConfig(allowedFinality);
+  }
+
   /// @notice Returns the account currently authorized to manage the storage location.
   /// @return storageLocationsAdmin The active storage locations admin.
   function getStorageLocationsAdmin() external view returns (address storageLocationsAdmin) {

chains/evm/contracts/ccvs/CommitteeVerifier.sol

@@ -510,6 +510,14 @@ contract LombardVerifier is BaseVerifier, Ownable2StepMsgSender {
     _applyAllowlistUpdates(allowlistConfigArgsItems);
   }
 
+  /// @notice Sets the finality config according to the FinalityCodec library encoding.
+  /// @param allowedFinality The finality settings allowed by this verifier.
+  function setAllowedFinalityConfig(
+    bytes4 allowedFinality
+  ) external onlyOwner {
+    _setAllowedFinalityConfig(allowedFinality);
+  }
+
   /// @notice Updates the storage location identifiers.
   /// @param newLocations The new storage location identifiers.
   function updateStorageLocations(

chains/evm/contracts/ccvs/LombardVerifier.sol

@@ -7,8 +7,8 @@ import {IRouter} from "../../interfaces/IRouter.sol";
 import {ITypeAndVersion} from "@chainlink/contracts/src/v0.8/shared/interfaces/ITypeAndVersion.sol";
 
 import {Client} from "../../libraries/Client.sol";
-
 import {FinalityCodec} from "../../libraries/FinalityCodec.sol";
+
 import {IERC165} from "@openzeppelin/contracts@5.3.0/utils/introspection/IERC165.sol";
 import {EnumerableSet} from "@openzeppelin/contracts@5.3.0/utils/structs/EnumerableSet.sol";
 
@@ -29,14 +29,14 @@ abstract contract BaseVerifier is ICrossChainVerifierV1, ITypeAndVersion {
   event AllowListSendersRemoved(uint64 indexed destChainSelector, address senders);
   event AllowListStateChanged(uint64 indexed destChainSelector, bool allowlistEnabled);
   event StorageLocationsUpdated(string[] oldLocations, string[] newLocations);
+  event FinalityConfigSet(bytes4 allowedFinality);
 
   // solhint-disable-next-line gas-struct-packing
   struct RemoteChainConfig {
     IRouter router; // ─────────────╮ Local router to use for messages to/from this chain.
     uint16 feeUSDCents; //          │ The fee in US dollar cents for messages to this remote chain. [0, $655.35]
     uint32 gasForVerification; //   │ The gas to reserve for verification of messages on the remote chain.
     uint16 payloadSizeBytes; //     │ The size of the verification payload on the remote chain.
-    bytes4 allowedFinalityConfig; //│ The finality configuration for the local chain for messages to the remote chain.
     bool allowlistEnabled; // ──────╯ True if the allowlist is enabled.
     EnumerableSet.AddressSet allowedSendersList; // The list of addresses allowed to send messages.
   }
@@ -46,9 +46,8 @@ abstract contract BaseVerifier is ICrossChainVerifierV1, ITypeAndVersion {
     uint64 remoteChainSelector; // │ Remote chain selector.
     bool allowlistEnabled; //      │ True if the allowlist is enabled.
     uint16 feeUSDCents; // ────────╯ The fee in US dollar cents for messages to this remote chain.
-    uint32 gasForVerification; // ────╮ The gas to reserve for verification of messages on the remote chain.
-    uint16 payloadSizeBytes; //       │ The size of the verification payload on the remote chain.
-    bytes4 allowedFinalityConfig; // ─╯ The finality configuration for the local chain for messages to the remote chain.
+    uint32 gasForVerification; // ─╮ The gas to reserve for verification of messages on the remote chain.
+    uint16 payloadSizeBytes; // ───╯ The size of the verification payload on the remote chain.
   }
 
   /// @dev Struct to hold the allowlist configuration args per dest chain.
@@ -69,6 +68,10 @@ abstract contract BaseVerifier is ICrossChainVerifierV1, ITypeAndVersion {
   /// implement a way to update this value if needed.
   string[] internal s_storageLocations;
 
+  /// @dev Allowed finality config for fast finality transfers (see `FinalityCodec`).
+  /// FinalityCodec.WAIT_FOR_FINALITY_FLAG means wait for finality.
+  bytes4 internal s_allowedFinalityConfig;
+
   constructor(
     string[] memory storageLocations,
     address rmnAddress
@@ -110,6 +113,25 @@ abstract contract BaseVerifier is ICrossChainVerifierV1, ITypeAndVersion {
     return s_storageLocations;
   }
 
+  /// @notice Gets the finality config as defined in the FinalityCodec library. This value does NOT 1:1 translate to
+  /// a block depth. The finality config contains special flags and should only be encoded/decoded using the
+  /// FinalityCodec library. Checks must happen by calling `FinalityCodec._ensureRequestedFinalityAllowed`.
+  function getAllowedFinalityConfig() public view virtual returns (bytes4 allowedFinality) {
+    return s_allowedFinalityConfig;
+  }
+
+  /// @notice Sets the finality config according to the FinalityCodec library encoding.
+  /// @param allowedFinality The finality settings allowed in this verifier, according to the FinalityCodec encoding.
+  function _setAllowedFinalityConfig(
+    bytes4 allowedFinality
+  ) internal virtual {
+    // Any bytes4 value is accepted as allowedFinality; the FinalityCodec semantics are enforced when requests are
+    // checked against this value via FinalityCodec._ensureRequestedFinalityAllowed.
+    s_allowedFinalityConfig = allowedFinality;
+
+    emit FinalityConfigSet(allowedFinality);
+  }
+
   /// @notice get ChainConfig configured for the remoteChainSelector.
   /// @param remoteChainSelector The remote chain selector.
   /// @return remoteChainConfig The struct containing the remote chain settings.
@@ -130,8 +152,7 @@ abstract contract BaseVerifier is ICrossChainVerifierV1, ITypeAndVersion {
         allowlistEnabled: config.allowlistEnabled,
         feeUSDCents: config.feeUSDCents,
         gasForVerification: config.gasForVerification,
-        payloadSizeBytes: config.payloadSizeBytes,
-        allowedFinalityConfig: config.allowedFinalityConfig
+        payloadSizeBytes: config.payloadSizeBytes
       }),
       config.allowedSendersList.values()
     );
@@ -168,7 +189,6 @@ abstract contract BaseVerifier is ICrossChainVerifierV1, ITypeAndVersion {
       remoteChainConfig.gasForVerification = remoteChainConfigArg.gasForVerification;
       // The payload could be zero bytes if no offchain data is required.
       remoteChainConfig.payloadSizeBytes = remoteChainConfigArg.payloadSizeBytes;
-      remoteChainConfig.allowedFinalityConfig = remoteChainConfigArg.allowedFinalityConfig;
 
       emit RemoteChainConfigSet(
         remoteChainSelector, address(remoteChainConfigArg.router), remoteChainConfig.allowlistEnabled
@@ -265,7 +285,7 @@ abstract contract BaseVerifier is ICrossChainVerifierV1, ITypeAndVersion {
     if (config.router == IRouter(address(0))) {
       revert RemoteChainNotSupported(destChainSelector);
     }
-    FinalityCodec._ensureRequestedFinalityAllowed(requestedFinality, config.allowedFinalityConfig);
+    FinalityCodec._ensureRequestedFinalityAllowed(requestedFinality, getAllowedFinalityConfig());
 
     return (config.feeUSDCents, config.gasForVerification, config.payloadSizeBytes);
   }

chains/evm/contracts/ccvs/components/BaseVerifier.sol

@@ -9,14 +9,14 @@ import {IERC165} from "@openzeppelin/contracts@5.3.0/utils/introspection/IERC165
 /// Each pool type handles a different child token model e.g. lock/release, mint/burn.
 interface IPoolV2 is IERC165 {
   struct TokenTransferFeeConfig {
-    uint32 destGasOverhead; // ───────────────────────╮ Gas charged to execute the token transfer on the destination chain.
-    uint32 destBytesOverhead; //                      │ Data availability bytes.
-    uint32 finalityFeeUSDCents; //   │ Fee to charge for token transfer with default (wait-for-finality) finality, multiples of 0.01 USD.
-    uint32 fastFinalityFeeUSDCents; //    │ Fee to charge for token transfer with fast finality (FTF), multiples of 0.01 USD.
-    //                                                │ The following two fee is deducted from the transferred asset, not added on top.
-    uint16 finalityTransferFeeBps; //│ Fee in basis points for default finality transfers [0-10_000].
-    uint16 fastFinalityTransferFeeBps; // │ Fee in basis points for custom finality transfers [0-10_000].
-    bool isEnabled; // ───────────────────────────────╯ Whether this config is enabled.
+    uint32 destGasOverhead; // ──────────╮ Gas charged to execute the token transfer on the destination chain.
+    uint32 destBytesOverhead; //         │ Data availability bytes.
+    uint32 finalityFeeUSDCents; //       │ Fee to charge for token transfer with default (wait-for-finality) finality, multiples of 0.01 USD.
+    uint32 fastFinalityFeeUSDCents; //   │ Fee to charge for token transfer with fast finality (FTF), multiples of 0.01 USD.
+    //                                   │ The following two fee is deducted from the transferred asset, not added on top.
+    uint16 finalityTransferFeeBps; //    │ Fee in basis points for default finality transfers [0-10_000].
+    uint16 fastFinalityTransferFeeBps; //│ Fee in basis points for custom finality transfers [0-10_000].
+    bool isEnabled; // ──────────────────╯ Whether this config is enabled.
   }
 
   enum MessageDirection {

chains/evm/contracts/interfaces/IPoolV2.sol

@@ -465,7 +465,6 @@ abstract contract TokenPool is IPoolV1V2, Ownable2StepMsgSender {
   /// @param releaseOrMintIn The input to validate.
   /// @param localAmount The local amount to be released or minted.
   /// @param requestedFinalityConfig The requested finality encoding (see `FinalityCodec`).
-  /// FinalityCodec.WAIT_FOR_FINALITY_FLAG means wait for finality.
   /// @dev This function should always be called before executing a release or mint. Not doing so would allow
   /// for various exploits.
   function _validateReleaseOrMint(
@@ -484,10 +483,6 @@ abstract contract TokenPool is IPoolV1V2, Ownable2StepMsgSender {
       revert InvalidSourcePoolAddress(releaseOrMintIn.sourcePoolAddress);
     }
     if (requestedFinalityConfig != FinalityCodec.WAIT_FOR_FINALITY_FLAG) {
-      // Validate that the finality carried in the inbound message is permitted by this pool's config. This mirrors
-      // the outbound check in _validateLockOrBurn and ensures the FTF inbound rate-limit bucket is only consumed for
-      // modes the pool has explicitly enabled, even if a future OffRamp skips this check.
-      FinalityCodec._ensureRequestedFinalityAllowed(requestedFinalityConfig, s_allowedFinalityConfig);
       _consumeFastFinalityInboundRateLimit(releaseOrMintIn.localToken, releaseOrMintIn.remoteChainSelector, localAmount);
     } else {
       _consumeInboundRateLimit(releaseOrMintIn.localToken, releaseOrMintIn.remoteChainSelector, localAmount);

chains/evm/contracts/pools/TokenPool.sol

@@ -4,7 +4,6 @@ pragma solidity ^0.8.24;
 import {IRouter} from "../../../interfaces/IRouter.sol";
 
 import {BaseVerifier} from "../../../ccvs/components/BaseVerifier.sol";
-import {FinalityCodec} from "../../../libraries/FinalityCodec.sol";
 import {CCTPVerifierSetup} from "./CCTPVerifierSetup.t.sol";
 import {Ownable2Step} from "@chainlink/contracts/src/v0.8/shared/access/Ownable2Step.sol";
 
@@ -20,8 +19,7 @@ contract CCTPVerifier_applyRemoteChainConfigUpdates is CCTPVerifierSetup {
       allowlistEnabled: true,
       feeUSDCents: DEFAULT_CCV_FEE_USD_CENTS,
       gasForVerification: DEFAULT_CCV_GAS_LIMIT,
-      payloadSizeBytes: DEFAULT_CCV_PAYLOAD_SIZE,
-      allowedFinalityConfig: FinalityCodec.WAIT_FOR_FINALITY_FLAG
+      payloadSizeBytes: DEFAULT_CCV_PAYLOAD_SIZE
     });
 
     vm.expectEmit();

chains/evm/contracts/test/ccvs/CCTPVerifier/CCTPVerifier.applyDestChainConfigUpdates.t.sol

@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity ^0.8.24;
+
+import {BaseVerifier} from "../../../ccvs/components/BaseVerifier.sol";
+import {FinalityCodec} from "../../../libraries/FinalityCodec.sol";
+import {CCTPVerifierSetup} from "./CCTPVerifierSetup.t.sol";
+import {Ownable2Step} from "@chainlink/contracts/src/v0.8/shared/access/Ownable2Step.sol";
+
+contract CCTPVerifier_setAllowedFinalityConfig is CCTPVerifierSetup {
+  function test_setAllowedFinalityConfig() public {
+    bytes4 newFinality = FinalityCodec._encodeBlockDepth(42);
+
+    vm.expectEmit();
+    emit BaseVerifier.FinalityConfigSet(newFinality);
+
+    s_cctpVerifier.setAllowedFinalityConfig(newFinality);
+    assertEq(s_cctpVerifier.getAllowedFinalityConfig(), newFinality);
+  }
+
+  function test_setAllowedFinalityConfig_RevertWhen_OnlyCallableByOwner() public {
+    vm.startPrank(STRANGER);
+
+    vm.expectRevert(Ownable2Step.OnlyCallableByOwner.selector);
+    s_cctpVerifier.setAllowedFinalityConfig(FinalityCodec._encodeBlockDepth(1));
+  }
+}

chains/evm/contracts/test/ccvs/CCTPVerifier/CCTPVerifier.setAllowedFinalityConfig.t.sol

@@ -85,8 +85,7 @@ contract CCTPVerifierSetup is BaseVerifierSetup {
       allowlistEnabled: false,
       feeUSDCents: DEFAULT_CCV_FEE_USD_CENTS,
       gasForVerification: DEFAULT_CCV_GAS_LIMIT,
-      payloadSizeBytes: DEFAULT_CCV_PAYLOAD_SIZE,
-      allowedFinalityConfig: FinalityCodec.WAIT_FOR_FINALITY_FLAG
+      payloadSizeBytes: DEFAULT_CCV_PAYLOAD_SIZE
     });
     s_cctpVerifier.applyRemoteChainConfigUpdates(remoteChainConfigArgs);