Skip to content

Finality config changes#1898

Merged
RensR merged 33 commits intomainfrom
finality
Apr 8, 2026
Merged

Finality config changes#1898
RensR merged 33 commits intomainfrom
finality

Conversation

@RensR
Copy link
Copy Markdown
Collaborator

@RensR RensR commented Mar 24, 2026

We added an extra 2 bits to the finality config to allow for flag signals. This will support the upcoming FCR tag and potentially more in the future.

Comment thread chains/evm/contracts/libraries/FinalityCodec.sol Outdated
uint16 minBlockConfirmations
/// @notice Sets the finality config according to the FinalityCodec library encoding.
/// @param allowedFinality The finality settings allowed in this pool, according to the FinalityCodec encoding.
function setFinalityConfig(
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To keep future expansion but also limit weird configurations we should have the tooling check for misconfigurations when setting this value. Things like setting WAIT_FOR_SAFE_FLAG to true on some chain that doesn't support that.

Comment thread chains/evm/contracts/pools/TokenPool.sol Outdated
_validateRequestedFinality(requestedFinality);

// If any of the flags match, the request is allowed only when it has no depth field (flag-only request).
if ((requestedFinality >> BLOCK_DEPTH_BITS) & (allowedFinality >> BLOCK_DEPTH_BITS) != 0) {
Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's not immediately obvious if & or != 0 takes precedence, in quite some languages, != has higher precedence; let's add a paren here

Copy link
Copy Markdown
Collaborator Author

@RensR RensR Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the bit math & not &&, are there any languages that bit math takes precedence over comparisons?

I'll add the parens though

///
/// @dev Bit layout of the `bytes2` finality value (16 bits, MSB on the left):
///
/// Bit: 15 14 13 12 11 10 | 9 8 7 6 5 4 3 2 1 0
Copy link
Copy Markdown
Collaborator

@matYang matYang Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

random idea, do we wanna enshrine a bit, e.g leftmost bit, as a union flag, e.g set the flag to 1, then flags and depth become an "AND", as opposed to default "OR", for the potential special cases:

  1. people wanna introduce a minimum block delay, e.g. 100 blocks, but also ensure on the off-chance finality not reached by then, additionally wait for finality
  2. people not trusting FCR on some alt-L1 or L2s that wanna add additional depth protection

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do not support any delay beyond finality as this would lead to unbounded delays in msg processing being potentially an attack vector.

If you do not trust a tag you must not use it.

revert TokenHandlingError(localToken, err);
}
} else if (localPoolAddress._supportsInterfaceReverting(Pool.CCIP_POOL_V1)) {
try IPoolV1(localPoolAddress).releaseOrMint(releaseOrMintInput) returns (Pool.ReleaseOrMintOutV1 memory result) {
Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we have pool asymmetry, e.g source pool is a v2 pool that uses FTF, dest pool is a v1 pool, seems this will succeed without finality validation; wanna sanity check that this is a known and explicitly accepted behavior

Copy link
Copy Markdown
Collaborator Author

@RensR RensR Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Finality validation is done through _getCCVsFromPool, not here. In the case of a V1 pool it must use finality

@RensR RensR changed the title [WIP] Finality config changes Finality config changes Mar 27, 2026
/// @return usdCentsFee The USD denominated fee for the executor.
function getFee(
uint64 destChainSelector,
uint16 blockConfirmationsRequested,
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pool uses finalityConfig whereas verifier and executor uses requestedFinality

Comment thread chains/evm/contracts/ccvs/components/BaseVerifier.sol Outdated
Comment thread chains/evm/contracts/pools/TokenPool.sol Outdated
mateusz-sekara
mateusz-sekara previously approved these changes Apr 8, 2026
# Conflicts:
#	ccv/chains/evm/deployment/v1_7_0/sequences/configure_chain_for_lanes_test.go
#	ccv/chains/evm/deployment/v1_7_0/sequences/tokens/configure_token_pool_for_remote_chain_test.go
#	deployment/tokens/configure_tokens_for_transfers.go
#	integration-tests/go.mod
0xsuryansh
0xsuryansh previously approved these changes Apr 8, 2026
carte7000
carte7000 previously approved these changes Apr 8, 2026
@RensR RensR dismissed stale reviews from carte7000 and 0xsuryansh via 6c65759 April 8, 2026 14:18
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2026

Metric finality main
Coverage 70.1% 69.8%

@RensR RensR added this pull request to the merge queue Apr 8, 2026
Merged via the queue into main with commit 22e2d05 Apr 8, 2026
57 of 58 checks passed
@RensR RensR deleted the finality branch April 8, 2026 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

9 participants