fix naming, comments, errors

Author: RensR

chains/evm/contracts/ccvs/VersionedVerifierResolver.sol

@@ -2,9 +2,9 @@
 pragma solidity ^0.8.24;
 
 import {ICrossChainVerifierResolver} from "../interfaces/ICrossChainVerifierResolver.sol";
-import {FeeTokenHandler} from "../libraries/FeeTokenHandler.sol";
 import {ITypeAndVersion} from "@chainlink/contracts/src/v0.8/shared/interfaces/ITypeAndVersion.sol";
 
+import {FeeTokenHandler} from "../libraries/FeeTokenHandler.sol";
 import {Ownable2StepMsgSender} from "@chainlink/contracts/src/v0.8/shared/access/Ownable2StepMsgSender.sol";
 
 import {EnumerableSet} from "@openzeppelin/contracts@5.3.0/utils/structs/EnumerableSet.sol";

chains/evm/contracts/ccvs/components/BaseVerifier.sol

@@ -32,7 +32,7 @@ abstract contract BaseVerifier is ICrossChainVerifierV1, ITypeAndVersion {
 
   // solhint-disable-next-line gas-struct-packing
   struct RemoteChainConfig {
-    IRouter router; // ──────────╮ Local router to use for messages to/fom this chain.
+    IRouter router; // ──────────╮ Local router to use for messages to/from this chain.
     uint16 feeUSDCents; //       │ The fee in US dollar cents for messages to this remote chain. [0, $655.35]
     uint32 gasForVerification; //│ The gas to reserve for verification of messages on the remote chain.
     uint16 payloadSizeBytes; //  │ The size of the verification payload on the remote chain.

chains/evm/contracts/libraries/FinalityCodec.sol

@@ -100,10 +100,8 @@ library FinalityCodec {
     }
   }
 
-  /// @notice Ensures `requestedFinality` is permitted by `allowedFinality`. When matching on flags, the request must not
-  /// carry a block depth (lower bits zero aside from the all-zero finality case, which is handled earlier).
-  /// @param requestedFinality The requested finality params to check. This value must already be validated by
-  /// `_validateRequestedFinality` to ensure it is well-formed.
+  /// @notice Validates that `requestedFinality` is well-formed and permitted by `allowedFinality`.
+  /// @param requestedFinality The requested finality params to check.
   /// @param allowedFinality The allowed finality params to check against.
   function _ensureRequestedFinalityAllowed(
     bytes2 requestedFinality,
@@ -113,6 +111,10 @@ library FinalityCodec {
     if (requestedFinality == WAIT_FOR_FINALITY_FLAG) {
       return;
     }
+
+    // Validate the structural shape of the requested finality, as it is only allowed to signal one mode.
+    _validateRequestedFinality(requestedFinality);
+
     // If any of the flags match, the request is allowed only when it has no depth field (flag-only request).
     if ((requestedFinality >> BLOCK_DEPTH_BITS) & (allowedFinality >> BLOCK_DEPTH_BITS) != 0) {
       if (uint16(requestedFinality & BLOCK_DEPTH_MASK) != 0) {

chains/evm/contracts/libraries/MessageV1Codec.sol

@@ -136,7 +136,7 @@ library MessageV1Codec {
     // Configurable per-message finality value.
     bytes2 finality;
     // A hash of the verifiers and executor addresses. This is used by the offchain systems to validate the list of CCVs
-    // and executor that should be used for this message. This has no meaning on the destination chain ans is not
+    // and executor that should be used for this message. This has no meaning on the destination chain and is not
     // checked against anything.
     bytes32 ccvAndExecutorHash;
     // Variable length fields - must match wire format order.

chains/evm/contracts/offRamp/OffRamp.sol

@@ -499,8 +499,13 @@ contract OffRamp is ITypeAndVersion, Ownable2StepMsgSender {
     address[] memory requiredReceiverCCVs;
     if (isTokenOnlyTransfer) {
       if (tokenTransfer.length > 0) {
-        // For token-only transfers, we skip querying the receiver for CCVs, and don't add the defaults. This enables
-        // pure token transfers to only require the pool CCVs, as the token issuer is the only party that takes any risk.
+        // For token-only transfers with tokens, we skip querying the receiver for CCVs, and don't add the defaults.
+        // This enables pure token transfers to only require the pool CCVs, as the token issuer is the only party that
+        // takes any risk. As a consequence, the receiver's finality policy (getCCVsAndFinalityConfig) is intentionally
+        // NOT checked against message.finality for this path — finality enforcement is delegated entirely to the pool
+        // (which validates finality in _validateReleaseOrMint). If a receiver wants to enforce its own finality policy
+        // for token transfers it must NOT qualify as a token-only transfer (i.e. it must have a non-zero data payload
+        // or a non-zero ccipReceiveGasLimit).
         requiredReceiverCCVs = new address[](0);
         optionalCCVs = new address[](0);
         optionalThreshold = 0;

chains/evm/contracts/onRamp/OnRamp.sol

@@ -565,6 +565,10 @@ contract OnRamp is IEVM2AnyOnRampClient, ITypeAndVersion, Ownable2StepMsgSender
       resolvedArgs.executor = destChainConfig.defaultExecutor;
     }
 
+    // Validate the wire shape of the requested finality. Note: the receiver's finality policy
+    // (getCCVsAndFinalityConfig) is checked on delivery by the OffRamp, not here. A sender using a non-zero
+    // finalityConfig targeting a receiver that only accepts bytes2(0) will succeed at send time but fail on
+    // execution. Senders should consult the receiver's policy off-chain before choosing a finalityConfig.
     FinalityCodec._validateRequestedFinality(resolvedArgs.finalityConfig);
 
     return resolvedArgs;

chains/evm/contracts/pools/TokenPool.sol

@@ -9,11 +9,11 @@ import {IRMN} from "../interfaces/IRMN.sol";
 import {IRouter} from "../interfaces/IRouter.sol";
 
 import {FeeTokenHandler} from "../libraries/FeeTokenHandler.sol";
+import {FinalityCodec} from "../libraries/FinalityCodec.sol";
 import {Pool} from "../libraries/Pool.sol";
 import {RateLimiter} from "../libraries/RateLimiter.sol";
 import {Ownable2StepMsgSender} from "@chainlink/contracts/src/v0.8/shared/access/Ownable2StepMsgSender.sol";
 
-import {FinalityCodec} from "../libraries/FinalityCodec.sol";
 import {IERC20} from "@openzeppelin/contracts@5.3.0/token/ERC20/IERC20.sol";
 import {IERC20Metadata} from "@openzeppelin/contracts@5.3.0/token/ERC20/extensions/IERC20Metadata.sol";
 import {SafeERC20} from "@openzeppelin/contracts@5.3.0/token/ERC20/utils/SafeERC20.sol";
@@ -43,8 +43,6 @@ abstract contract TokenPool is IPoolV1V2, Ownable2StepMsgSender {
   using RateLimiter for RateLimiter.TokenBucket;
   using SafeERC20 for IERC20;
 
-  error InvalidFinalityConfig(uint16 requested, uint16 minFinality);
-  error FastFinalityNotEnabled();
   error InvalidTransferFeeBps(uint256 bps);
   error InvalidTokenTransferFeeConfig(uint64 destChainSelector);
   error CallerIsNotARampOnRouter(address caller);
@@ -89,7 +87,7 @@ abstract contract TokenPool is IPoolV1V2, Ownable2StepMsgSender {
     RateLimiter.Config outboundRateLimiterConfig,
     RateLimiter.Config inboundRateLimiterConfig
   );
-  event FinalityConfigSet(bytes2 minFinality);
+  event FinalityConfigSet(bytes2 allowedFinality);
   event AdvancedPoolHooksUpdated(IAdvancedPoolHooks oldHook, IAdvancedPoolHooks newHook);
 
   struct ChainUpdate {
@@ -253,7 +251,8 @@ abstract contract TokenPool is IPoolV1V2, Ownable2StepMsgSender {
   function setFinalityConfig(
     bytes2 allowedFinality
   ) public virtual onlyOwner {
-    // Every value
+    // Any bytes2 value is accepted as allowedFinality; the FinalityCodec semantics are enforced when requests are
+    // checked against this value via FinalityCodec._ensureRequestedFinalityAllowed.
     s_finalityConfig = allowedFinality;
 
     emit FinalityConfigSet(allowedFinality);
@@ -485,6 +484,10 @@ abstract contract TokenPool is IPoolV1V2, Ownable2StepMsgSender {
       revert InvalidSourcePoolAddress(releaseOrMintIn.sourcePoolAddress);
     }
     if (finalityConfig != WAIT_FOR_FINALITY) {
+      // Validate that the finality carried in the inbound message is permitted by this pool's config. This mirrors
+      // the outbound check in _validateLockOrBurn and ensures the FTF inbound rate-limit bucket is only consumed for
+      // modes the pool has explicitly enabled, even if a future OffRamp skips this check.
+      FinalityCodec._ensureRequestedFinalityAllowed(finalityConfig, s_finalityConfig);
       _consumeFastFinalityInboundRateLimit(releaseOrMintIn.localToken, releaseOrMintIn.remoteChainSelector, localAmount);
     } else {
       _consumeInboundRateLimit(releaseOrMintIn.localToken, releaseOrMintIn.remoteChainSelector, localAmount);
@@ -1066,8 +1069,7 @@ abstract contract TokenPool is IPoolV1V2, Ownable2StepMsgSender {
     virtual
     returns (uint256 feeUSDCents, uint32 destGasOverhead, uint32 destBytesOverhead, uint16 tokenFeeBps, bool isEnabled)
   {
-    // Use the codec to validate that the requested finality is allowed by the pool's configuration. This will revert
-    // if the requested finality is not allowed.
+    // Validate that the requested finality is well-formed and permitted by this pool's config.
     FinalityCodec._ensureRequestedFinalityAllowed(finalityConfig, s_finalityConfig);
 
     TokenTransferFeeConfig memory feeConfig = s_tokenTransferFeeConfig[destChainSelector];

chains/evm/contracts/pools/USDC/CCTPThroughCCVTokenPool.sol

@@ -1,12 +1,12 @@
 // SPDX-License-Identifier: BUSL-1.1
 pragma solidity ^0.8.24;
 
+import {ICrossChainVerifierResolver} from "../../interfaces/ICrossChainVerifierResolver.sol";
 import {IPoolV1} from "../../interfaces/IPool.sol";
 import {IPoolV2} from "../../interfaces/IPoolV2.sol";
 import {ITypeAndVersion} from "@chainlink/contracts/src/v0.8/shared/interfaces/ITypeAndVersion.sol";
 
 import {CCTPVerifier} from "../../ccvs/CCTPVerifier.sol";
-import {ICrossChainVerifierResolver} from "../../interfaces/ICrossChainVerifierResolver.sol";
 import {Pool} from "../../libraries/Pool.sol";
 import {USDCSourcePoolDataCodec} from "../../libraries/USDCSourcePoolDataCodec.sol";
 import {TokenPool} from "../TokenPool.sol";

chains/evm/contracts/test/Router/Router.recoverTokens.t.sol

@@ -1,13 +1,12 @@
 // SPDX-License-Identifier: BUSL-1.1
 pragma solidity ^0.8.24;
 
-import {IERC20} from "@openzeppelin/contracts@5.3.0/token/ERC20/IERC20.sol";
-
 import {Router} from "../../Router.sol";
-
 import {MaybeRevertMessageReceiver} from "../helpers/receivers/MaybeRevertMessageReceiver.sol";
 import {RouterSetup} from "./RouterSetup.t.sol";
 
+import {IERC20} from "@openzeppelin/contracts@5.3.0/token/ERC20/IERC20.sol";
+
 contract Router_recoverTokens is RouterSetup {
   function test_RecoverTokens() public {
     // Assert we can recover sourceToken

chains/evm/contracts/test/ccvs/components/BaseVerifier/BaseVerifier.getFee.t.sol

@@ -37,7 +37,7 @@ contract BaseVerifier_getFee is BaseVerifierSetup {
     s_baseVerifier.applyRemoteChainConfigUpdates(configs);
 
     Client.EVM2AnyMessage memory message;
-    // Request 10 blocks — meets the minimum of 5 (request more security than required is fine).
+    // Request 10 blocks — meets the minimum of 10 (requesting at least the minimum is allowed).
     (uint256 feeUSDCents,,) =
       s_baseVerifier.getFee(DEST_CHAIN_SELECTOR, message, "", FinalityCodec._encodeBlockDepth(10));
     assertEq(feeUSDCents, DEFAULT_CCV_FEE_USD_CENTS);