@bananapus/721-hook-v6 0.0.50 → 0.0.52

package/src/JB721TiersHookStore.sol

@@ -71,7 +71,7 @@ contract JB721TiersHookStore is IJB721TiersHookStore {
     /// @custom:param hook The 721 contract that the tier belongs to.
     /// @custom:param tierId The ID of the tier to get the encoded IPFS URI of.
     /// @custom:returns The encoded IPFS URI.
-    mapping(address hook => mapping(uint256 tierId => bytes32)) public override encodedIPFSUriOf;
+    mapping(address hook => mapping(uint256 tierId => bytes32)) public override encodedIpfsUriOf;
 
     /// @notice Returns the largest tier ID currently used on the provided 721 contract.
     /// @dev This may not include the last tier ID if it has been removed.
@@ -166,7 +166,7 @@ contract JB721TiersHookStore is IJB721TiersHookStore {
     /// @return The encoded IPFS URI for the NFT's tier.
     // forge-lint: disable-next-line(mixed-case-function)
     function encodedTierIPFSUriOf(address hook, uint256 tokenId) external view override returns (bytes32) {
-        return encodedIPFSUriOf[hook][tierIdOfToken(tokenId)];
+        return encodedIpfsUriOf[hook][tierIdOfToken(tokenId)];
     }
 
     /// @notice Get the behavioral flags for a hook — such as whether transfers are pausable, whether NFT holders can
@@ -628,7 +628,7 @@ contract JB721TiersHookStore is IJB721TiersHookStore {
             // No reserve frequency if there is no reserve beneficiary.
             reserveFrequency: reserveBeneficiary == address(0) ? 0 : storedTier.reserveFrequency,
             reserveBeneficiary: reserveBeneficiary,
-            encodedIPFSUri: encodedIPFSUriOf[hook][tierId],
+            encodedIpfsUri: encodedIpfsUriOf[hook][tierId],
             category: storedTier.category,
             discountPercent: storedTier.discountPercent,
             flags: JB721TierFlags({
@@ -1051,9 +1051,9 @@ contract JB721TiersHookStore is IJB721TiersHookStore {
                 }
             }
 
-            // Set the `encodedIPFSUri` if needed.
-            if (tierToAdd.encodedIPFSUri != bytes32(0)) {
-                encodedIPFSUriOf[msg.sender][tierId] = tierToAdd.encodedIPFSUri;
+            // Set the `encodedIpfsUri` if needed.
+            if (tierToAdd.encodedIpfsUri != bytes32(0)) {
+                encodedIpfsUriOf[msg.sender][tierId] = tierToAdd.encodedIpfsUri;
             }
 
             if (startSortedTierId != 0) {
@@ -1392,10 +1392,10 @@ contract JB721TiersHookStore is IJB721TiersHookStore {
 
     /// @notice Record a new encoded IPFS URI for a tier.
     /// @param tierId The ID of the tier to set the encoded IPFS URI of.
-    /// @param encodedIPFSUri The encoded IPFS URI to set for the tier.
+    /// @param encodedIpfsUri The encoded IPFS URI to set for the tier.
     // forge-lint: disable-next-line(mixed-case-function)
-    function recordSetEncodedIPFSUriOf(uint256 tierId, bytes32 encodedIPFSUri) external override {
-        encodedIPFSUriOf[msg.sender][tierId] = encodedIPFSUri;
+    function recordSetEncodedIpfsUriOf(uint256 tierId, bytes32 encodedIpfsUri) external override {
+        encodedIpfsUriOf[msg.sender][tierId] = encodedIpfsUri;
     }
 
     /// @notice Record a newly set token URI resolver.

package/src/abstract/ERC721.sol

@@ -40,9 +40,9 @@ abstract contract ERC721 is Context, ERC165, IERC721, IERC721Metadata, IERC721Er
     /**
      * @dev Initializes the contract by setting a `name` and a `symbol` to the token collection.
      */
-    function _initialize(string memory name_, string memory symbol_) internal {
-        _name = name_;
-        _symbol = symbol_;
+    function _initialize(string memory collectionName, string memory collectionSymbol) internal {
+        _name = collectionName;
+        _symbol = collectionSymbol;
     }
 
     /**

package/src/abstract/JB721Hook.sol

@@ -50,7 +50,7 @@ abstract contract JB721Hook is ERC721, IJB721Hook {
     //*********************************************************************//
 
     /// @notice The ID of the project that this contract is associated with.
-    uint256 public override PROJECT_ID;
+    uint256 public override projectId;
 
     //*********************************************************************//
     // -------------------------- constructor ---------------------------- //
@@ -194,16 +194,16 @@ abstract contract JB721Hook is ERC721, IJB721Hook {
         override
     {
         // Keep a reference to the project ID.
-        uint256 projectId = PROJECT_ID;
+        uint256 localProjectId = projectId;
 
         // Make sure the caller is a terminal of the project, and that the call is being made on behalf of an
         // interaction with the correct project.
         if (
-            msg.value != 0 || !DIRECTORY.isTerminalOf({projectId: projectId, terminal: IJBTerminal(msg.sender)})
-                || context.projectId != projectId
+            msg.value != 0 || !DIRECTORY.isTerminalOf({projectId: localProjectId, terminal: IJBTerminal(msg.sender)})
+                || context.projectId != localProjectId
         ) {
             revert JB721Hook_InvalidCashOut({
-                caller: msg.sender, contextProjectId: context.projectId, projectId: projectId, msgValue: msg.value
+                caller: msg.sender, contextProjectId: context.projectId, projectId: localProjectId, msgValue: msg.value
             });
         }
 
@@ -243,15 +243,17 @@ abstract contract JB721Hook is ERC721, IJB721Hook {
     /// @dev Reverts if the calling contract is not one of the project's terminals.
     /// @param context The payment context passed in by the terminal.
     function afterPayRecordedWith(JBAfterPayRecordedContext calldata context) external payable virtual override {
-        uint256 projectId = PROJECT_ID;
+        uint256 localProjectId = projectId;
 
         // Make sure the caller is a terminal of the project, and that the call is being made on behalf of an
         // interaction with the correct project.
         if (
-            !DIRECTORY.isTerminalOf({projectId: projectId, terminal: IJBTerminal(msg.sender)})
-                || context.projectId != projectId
+            !DIRECTORY.isTerminalOf({projectId: localProjectId, terminal: IJBTerminal(msg.sender)})
+                || context.projectId != localProjectId
         ) {
-            revert JB721Hook_InvalidPay({caller: msg.sender, contextProjectId: context.projectId, projectId: projectId});
+            revert JB721Hook_InvalidPay({
+                caller: msg.sender, contextProjectId: context.projectId, projectId: localProjectId
+            });
         }
 
         // Process the payment.
@@ -267,12 +269,12 @@ abstract contract JB721Hook is ERC721, IJB721Hook {
     function _didBurn(uint256[] memory tokenIds) internal virtual;
 
     /// @notice Initializes the contract by associating it with a project and adding ERC721 details.
-    /// @param projectId The ID of the project that this contract is associated with.
+    /// @param initialProjectId The ID of the project that this contract is associated with.
     /// @param name The name of the NFT collection.
     /// @param symbol The symbol representing the NFT collection.
-    function _initialize(uint256 projectId, string memory name, string memory symbol) internal {
-        ERC721._initialize({name_: name, symbol_: symbol});
-        PROJECT_ID = projectId;
+    function _initialize(uint256 initialProjectId, string memory name, string memory symbol) internal {
+        ERC721._initialize({collectionName: name, collectionSymbol: symbol});
+        projectId = initialProjectId;
     }
 
     /// @notice Process a received payment by minting NFTs and/or updating credits. Subclasses implement the

package/src/interfaces/IJB721Checkpoints.sol

@@ -11,7 +11,7 @@ interface IJB721Checkpoints is IERC5805 {
     /// @notice The hook that this module tracks voting power for.
     /// @return The hook address.
     // forge-lint: disable-next-line(mixed-case-function)
-    function HOOK() external view returns (address);
+    function hook() external view returns (address);
 
     /// @notice The owner of an NFT at a past block.
     /// @dev Returns `address(0)` for tokens that have never been enrolled (via `delegate(address, uint256[])`) or
@@ -36,8 +36,8 @@ interface IJB721Checkpoints is IERC5805 {
 
     /// @notice Initializes a cloned module with its hook reference.
     /// @dev Can only be called once. Called by the deployer after cloning.
-    /// @param hook The hook this module serves.
-    function initialize(address hook) external;
+    /// @param hookAddress The hook this module serves.
+    function initialize(address hookAddress) external;
 
     /// @notice Called by the hook after every NFT transfer to update checkpointed voting power.
     /// @dev Looks up the token's tier voting units from the store internally.

package/src/interfaces/IJB721Hook.sol

@@ -18,5 +18,5 @@ interface IJB721Hook is IJBRulesetDataHook, IJBPayHook, IJBCashOutHook {
 
     /// @notice The ID of the project that this contract is associated with.
     /// @return The project ID.
-    function PROJECT_ID() external view returns (uint256);
+    function projectId() external view returns (uint256);
 }

package/src/interfaces/IJB721TiersHook.sol

@@ -89,7 +89,7 @@ interface IJB721TiersHook is IJB721Hook {
     /// @param tierId The ID of the tier whose encoded IPFS URI was set.
     /// @param encodedUri The new encoded IPFS URI.
     /// @param caller The address that called the function.
-    event SetEncodedIPFSUri(uint256 indexed tierId, bytes32 encodedUri, address caller);
+    event SetEncodedIpfsUri(uint256 indexed tierId, bytes32 encodedUri, address caller);
 
     /// @notice Emitted when the token URI resolver is set.
     /// @param resolver The new token URI resolver.
@@ -140,8 +140,7 @@ interface IJB721TiersHook is IJB721Hook {
     /// @notice The checkpoint module that manages IVotes-compatible checkpointed voting power for this hook's NFTs.
     /// @dev Deployed lazily on first mint. Pass this to JBTokenDistributor as the IVotes token.
     /// @return The checkpoint module.
-    // forge-lint: disable-next-line(mixed-case-function)
-    function CHECKPOINTS() external view returns (IJB721Checkpoints);
+    function checkpoints() external view returns (IJB721Checkpoints);
 
     /// @notice The contract that exposes price feeds for currency conversions.
     /// @return The prices contract.
@@ -165,7 +164,7 @@ interface IJB721TiersHook is IJB721Hook {
     function adjustTiers(JB721TierConfig[] calldata tiersToAdd, uint256[] calldata tierIdsToRemove) external;
 
     /// @notice Initializes a cloned copy of the original `JB721TiersHook` contract.
-    /// @param projectId The ID of the project this hook is associated with.
+    /// @param initialProjectId The ID of the project this hook is associated with.
     /// @param name The name of the NFT collection.
     /// @param symbol The symbol representing the NFT collection.
     /// @param baseUri The URI to use as a base for full NFT `tokenUri`s.
@@ -174,7 +173,7 @@ interface IJB721TiersHook is IJB721Hook {
     /// @param tiersConfig The NFT tiers and pricing context to initialize the hook with.
     /// @param flags A set of additional options which dictate how the hook behaves.
     function initialize(
-        uint256 projectId,
+        uint256 initialProjectId,
         string memory name,
         string memory symbol,
         string memory baseUri,
@@ -217,16 +216,16 @@ interface IJB721TiersHook is IJB721Hook {
     /// @param tokenUriResolver The new URI resolver. Pass `IJB721TokenUriResolver(address(this))` as a sentinel value
     /// to leave unchanged. `address(this)` is used instead of `address(0)` because `address(0)` is a valid value that
     /// clears the resolver.
-    /// @param encodedIPFSUriTierId The ID of the tier to set the encoded IPFS URI of.
-    /// @param encodedIPFSUri The encoded IPFS URI to set.
+    /// @param encodedIpfsUriTierId The ID of the tier to set the encoded IPFS URI of.
+    /// @param encodedIpfsUri The encoded IPFS URI to set.
     function setMetadata(
         string calldata name,
         string calldata symbol,
         string calldata baseUri,
         string calldata contractUri,
         IJB721TokenUriResolver tokenUriResolver,
-        uint256 encodedIPFSUriTierId,
-        bytes32 encodedIPFSUri
+        uint256 encodedIpfsUriTierId,
+        bytes32 encodedIpfsUri
     )
         external;
 }

package/src/interfaces/IJB721TiersHookStore.sol

@@ -42,7 +42,7 @@ interface IJB721TiersHookStore {
     /// @param tierId The ID of the tier to get the encoded IPFS URI of.
     /// @return The encoded IPFS URI.
     // forge-lint: disable-next-line(mixed-case-function)
-    function encodedIPFSUriOf(address hook, uint256 tierId) external view returns (bytes32);
+    function encodedIpfsUriOf(address hook, uint256 tierId) external view returns (bytes32);
 
     /// @notice The encoded IPFS URI for the tier of the 721 with the provided token ID.
     /// @param hook The 721 contract that the encoded IPFS URI belongs to.
@@ -246,9 +246,9 @@ interface IJB721TiersHookStore {
 
     /// @notice Record a new encoded IPFS URI for a tier.
     /// @param tierId The ID of the tier to set the encoded IPFS URI of.
-    /// @param encodedIPFSUri The encoded IPFS URI to set for the tier.
+    /// @param encodedIpfsUri The encoded IPFS URI to set for the tier.
     // forge-lint: disable-next-line(mixed-case-function)
-    function recordSetEncodedIPFSUriOf(uint256 tierId, bytes32 encodedIPFSUri) external;
+    function recordSetEncodedIpfsUriOf(uint256 tierId, bytes32 encodedIpfsUri) external;
 
     /// @notice Record a newly set token URI resolver.
     /// @param resolver The resolver to set.

package/src/libraries/JB721TiersHookLib.sol

@@ -360,7 +360,7 @@ library JB721TiersHookLib {
         // attributable to tier splits. Downstream compositors (e.g. JBOmnichainDeployer) use this
         // to preserve split credit when an extra hook (buyback) returns weight=0.
         if (totalSplitAmount != 0 && context.amount.value != 0 && store.flagsOf(address(this)).issueTokensForSplits) {
-            splitCreditWeight = mulDiv(context.weight, totalSplitAmount, context.amount.value);
+            splitCreditWeight = mulDiv({x: context.weight, y: totalSplitAmount, denominator: context.amount.value});
         }
 
         // Resolve the effective beneficiary from payment metadata.
@@ -690,6 +690,149 @@ library JB721TiersHookLib {
     // ----------------------- private helpers --------------------------- //
     //*********************************************************************//
 
+    /// @notice Approves `terminal` to spend `amount` of `token`, calls `addToBalanceOf`, then revokes any
+    /// unconsumed allowance and reports the actual amount consumed via the allowance delta.
+    /// @dev Allowance-delta consumption protects against terminals that return successfully without pulling
+    /// the full granted amount, and the unconditional final `forceApprove(..., 0)` ensures no stale allowance
+    /// is left behind on either the success or failure path.
+    /// @param terminal The terminal to call.
+    /// @param token The ERC-20 token. Native must not be passed here.
+    /// @param projectId The destination project ID.
+    /// @param amount The amount to grant as allowance and request the terminal to pull.
+    /// @return consumed The amount actually consumed by the terminal (0 on revert; otherwise
+    /// `amount - remainingAllowance` after the call).
+    /// @return failureReason The revert reason from the terminal call, or empty bytes if the call succeeded.
+    function _approveAndAddToBalance(
+        IJBTerminal terminal,
+        address token,
+        uint256 projectId,
+        uint256 amount
+    )
+        private
+        returns (uint256 consumed, bytes memory failureReason)
+    {
+        // Grant the terminal allowance to pull up to `amount` of `token` from this contract. `forceApprove`
+        // sets the allowance to exactly `amount` regardless of any prior allowance, so a leftover non-zero
+        // allowance from a previous failed call cannot inflate this one.
+        SafeERC20.forceApprove({token: IERC20(token), spender: address(terminal), value: amount});
+
+        // Track whether the external call returned successfully. Initialized to `false` so a revert path
+        // leaves it unset and the consumption math below is skipped.
+        bool succeeded;
+
+        // Call the terminal's `addToBalanceOf` inside try/catch so a reverting terminal can't brick the
+        // surrounding payment. The terminal is expected to `transferFrom` against the allowance set above.
+        try terminal.addToBalanceOf({
+            projectId: projectId,
+            token: token,
+            amount: amount,
+            // Don't release any held fees on this call — fee returns are handled separately.
+            shouldReturnHeldFees: false,
+            // No memo or metadata is forwarded; the leftover routing is opaque to off-chain consumers.
+            memo: "",
+            metadata: bytes("")
+        }) {
+            // The terminal returned without reverting. The actual amount it consumed is measured below
+            // via the allowance delta — `succeeded` only records that there was no revert to report.
+            succeeded = true;
+        } catch (bytes memory reason) {
+            // The terminal reverted. Capture the reason so the caller can surface it via the
+            // `SplitPayoutReverted` event (or, for the leftover fallback, the
+            // `JB721TiersHookLib_SplitFallbackFailed` error) without re-throwing here.
+            failureReason = reason;
+        }
+
+        // On success, compute how much the terminal actually pulled. The post-call allowance equals
+        // `amount - actuallyConsumed` (since `forceApprove` set the pre-call allowance to `amount`), so
+        // `consumed = amount - postAllowance`. On failure, `succeeded` is `false` and `consumed` stays at
+        // its default `0`, which lets the caller route the full `amount` to the project's leftover balance.
+        if (succeeded) {
+            // Safe to use `unchecked`: `postAllowance` cannot exceed `amount` because the terminal can
+            // only decrement (via `transferFrom`) the allowance we just set to `amount`.
+            unchecked {
+                consumed = amount - IERC20(token).allowance({owner: address(this), spender: address(terminal)});
+            }
+        }
+
+        // Unconditionally revoke any remaining allowance. This is the load-bearing safety step — without
+        // it, a terminal that returns successfully without pulling the full `amount` would leave a stale
+        // non-zero allowance that the terminal could drain later. Running on both the success and failure
+        // paths means no allowance ever leaks out of this function.
+        SafeERC20.forceApprove({token: IERC20(token), spender: address(terminal), value: 0});
+    }
+
+    /// @notice Approves `terminal` to spend `amount` of `token`, calls `pay`, then revokes any unconsumed
+    /// allowance and reports the actual amount consumed via the allowance delta.
+    /// @dev Mirrors `_approveAndAddToBalance` for the `pay` entry point.
+    /// @param terminal The terminal to call.
+    /// @param token The ERC-20 token. Native must not be passed here.
+    /// @param projectId The destination project ID.
+    /// @param amount The amount to grant as allowance and request the terminal to pull.
+    /// @param beneficiary The beneficiary for the `pay` call.
+    /// @return consumed The amount actually consumed by the terminal.
+    /// @return failureReason The revert reason from the terminal call, or empty bytes on success.
+    function _approveAndPay(
+        IJBTerminal terminal,
+        address token,
+        uint256 projectId,
+        uint256 amount,
+        address payable beneficiary
+    )
+        private
+        returns (uint256 consumed, bytes memory failureReason)
+    {
+        // Grant the terminal allowance to pull up to `amount` of `token` from this contract. `forceApprove`
+        // sets the allowance to exactly `amount` regardless of any prior allowance, so a leftover non-zero
+        // allowance from a previous failed call cannot inflate this one.
+        SafeERC20.forceApprove({token: IERC20(token), spender: address(terminal), value: amount});
+
+        // Track whether the external call returned successfully. Initialized to `false` so a revert path
+        // leaves it unset and the consumption math below is skipped.
+        bool succeeded;
+
+        // Call the terminal's `pay` inside try/catch so a reverting terminal can't brick the surrounding
+        // payment. The terminal is expected to `transferFrom` against the allowance set above and mint
+        // project tokens to `beneficiary` in return.
+        try terminal.pay({
+            projectId: projectId,
+            token: token,
+            amount: amount,
+            beneficiary: beneficiary,
+            // No minimum is enforced on the terminal-side mint — the split-level minimum (if any) is
+            // enforced by the caller before reaching this helper.
+            minReturnedTokens: 0,
+            // No memo or metadata is forwarded; the leftover routing is opaque to off-chain consumers.
+            memo: "",
+            metadata: bytes("")
+        }) {
+            // The terminal returned without reverting. The actual amount it consumed is measured below
+            // via the allowance delta — `succeeded` only records that there was no revert to report.
+            succeeded = true;
+        } catch (bytes memory reason) {
+            // The terminal reverted. Capture the reason so the caller can surface it via the
+            // `SplitPayoutReverted` event without re-throwing here.
+            failureReason = reason;
+        }
+
+        // On success, compute how much the terminal actually pulled. The post-call allowance equals
+        // `amount - actuallyConsumed` (since `forceApprove` set the pre-call allowance to `amount`), so
+        // `consumed = amount - postAllowance`. On failure, `succeeded` is `false` and `consumed` stays at
+        // its default `0`, which lets the caller route the full `amount` to the project's leftover balance.
+        if (succeeded) {
+            // Safe to use `unchecked`: `postAllowance` cannot exceed `amount` because the terminal can
+            // only decrement (via `transferFrom`) the allowance we just set to `amount`.
+            unchecked {
+                consumed = amount - IERC20(token).allowance({owner: address(this), spender: address(terminal)});
+            }
+        }
+
+        // Unconditionally revoke any remaining allowance. This is the load-bearing safety step — without
+        // it, a terminal that returns successfully without pulling the full `amount` would leave a stale
+        // non-zero allowance that the terminal could drain later. Running on both the success and failure
+        // paths means no allowance ever leaks out of this function.
+        SafeERC20.forceApprove({token: IERC20(token), spender: address(terminal), value: 0});
+    }
+
     /// @notice Distributes funds for a single tier's split group.
     /// @dev `_sendPayoutToSplit` returns the actual amount that left this contract — `payoutAmount` on full
     /// success, `0` when the split fully fails (revert or missing recipient), or a partial value when an ERC-20
@@ -779,20 +922,16 @@ library JB721TiersHookLib {
                     });
                 }
             } else {
-                SafeERC20.forceApprove({token: IERC20(token), spender: address(terminal), value: leftoverAmount});
-                try terminal.addToBalanceOf({
-                    projectId: projectId,
-                    token: token,
-                    amount: leftoverAmount,
-                    shouldReturnHeldFees: false,
-                    memo: "",
-                    metadata: bytes("")
-                }) {}
-                catch (bytes memory reason) {
-                    // Reset approval on failure.
-                    SafeERC20.forceApprove({token: IERC20(token), spender: address(terminal), value: 0});
+                // Allowance-delta + unconditional cleanup: a terminal that returns successfully without pulling
+                // the full allowance would otherwise leave funds stranded in this library/hook and leak a
+                // non-zero allowance to the terminal. Fail closed: revert if either the call reverts OR the
+                // terminal under-consumed the granted allowance.
+                (uint256 consumed, bytes memory failureReason) = _approveAndAddToBalance({
+                    terminal: terminal, token: token, projectId: projectId, amount: leftoverAmount
+                });
+                if (failureReason.length != 0 || consumed != leftoverAmount) {
                     revert JB721TiersHookLib_SplitFallbackFailed({
-                        projectId: projectId, token: token, amount: leftoverAmount, reason: reason
+                        projectId: projectId, token: token, amount: leftoverAmount, reason: failureReason
                     });
                 }
             }
@@ -895,24 +1034,24 @@ library JB721TiersHookLib {
                         return 0;
                     }
                 } else {
-                    SafeERC20.forceApprove({token: IERC20(token), spender: address(terminal), value: amount});
-                    try terminal.addToBalanceOf({
-                        projectId: split.projectId,
-                        token: token,
-                        amount: amount,
-                        shouldReturnHeldFees: false,
-                        memo: "",
-                        metadata: bytes("")
-                    }) {
-                        return amount;
-                    } catch (bytes memory reason) {
-                        // Reset approval on failure so tokens aren't left approved to the terminal.
-                        SafeERC20.forceApprove({token: IERC20(token), spender: address(terminal), value: 0});
+                    // Allowance-delta + unconditional cleanup. `sent` reflects the amount the terminal actually
+                    // pulled; the unconsumed remainder (if any) stays in this contract and is routed back to the
+                    // project's leftover balance by the caller. On revert, `sent` stays 0 and the SplitPayoutReverted
+                    // event records the failure reason.
+                    bytes memory failureReason;
+                    (sent, failureReason) = _approveAndAddToBalance({
+                        terminal: terminal, token: token, projectId: split.projectId, amount: amount
+                    });
+                    if (failureReason.length != 0) {
                         emit SplitPayoutReverted({
-                            projectId: projectId, split: split, amount: amount, reason: reason, caller: msg.sender
+                            projectId: projectId,
+                            split: split,
+                            amount: amount,
+                            reason: failureReason,
+                            caller: msg.sender
                         });
-                        return 0;
                     }
+                    return sent;
                 }
             } else {
                 if (isNativeToken) {
@@ -933,25 +1072,25 @@ library JB721TiersHookLib {
                         return 0;
                     }
                 } else {
-                    SafeERC20.forceApprove({token: IERC20(token), spender: address(terminal), value: amount});
-                    try terminal.pay({
-                        projectId: split.projectId,
+                    // Same allowance-delta pattern as the `preferAddToBalance` branch, for the `pay` entry point.
+                    bytes memory failureReason;
+                    (sent, failureReason) = _approveAndPay({
+                        terminal: terminal,
                         token: token,
+                        projectId: split.projectId,
                         amount: amount,
-                        beneficiary: split.beneficiary,
-                        minReturnedTokens: 0,
-                        memo: "",
-                        metadata: bytes("")
-                    }) {
-                        return amount;
-                    } catch (bytes memory reason) {
-                        // Reset approval on failure so tokens aren't left approved to the terminal.
-                        SafeERC20.forceApprove({token: IERC20(token), spender: address(terminal), value: 0});
+                        beneficiary: split.beneficiary
+                    });
+                    if (failureReason.length != 0) {
                         emit SplitPayoutReverted({
-                            projectId: projectId, split: split, amount: amount, reason: reason, caller: msg.sender
+                            projectId: projectId,
+                            split: split,
+                            amount: amount,
+                            reason: failureReason,
+                            caller: msg.sender
                         });
-                        return 0;
                     }
+                    return sent;
                 }
             }
         } else if (split.beneficiary != address(0)) {

package/src/structs/JB721Tier.sol

@@ -12,7 +12,7 @@ import {JB721TierFlags} from "./JB721TierFlags.sol";
 /// tier. With a `reserveFrequency` of 5, an extra NFT will be minted for the `reserveBeneficiary` for every 5 NFTs
 /// purchased.
 /// @custom:member reserveBeneficiary The address which receives any reserve NFTs from this tier.
-/// @custom:member encodedIPFSUri The IPFS URI to use for each NFT in this tier.
+/// @custom:member encodedIpfsUri The IPFS URI to use for each NFT in this tier.
 /// @custom:member category The category that NFTs in this tier belongs to. Used to group NFT tiers.
 /// @custom:member discountPercent The discount that should be applied to the tier.
 /// @custom:member flags Boolean flags for this tier (allowOwnerMint, transfersPausable, cantBeRemoved,
@@ -29,7 +29,7 @@ struct JB721Tier {
     uint104 votingUnits;
     uint16 reserveFrequency;
     address reserveBeneficiary;
-    bytes32 encodedIPFSUri;
+    bytes32 encodedIpfsUri;
     uint24 category;
     uint8 discountPercent;
     JB721TierFlags flags;

package/src/structs/JB721TierConfig.sol

@@ -14,7 +14,7 @@ import {JB721TierConfigFlags} from "./JB721TierConfigFlags.sol";
 /// purchased.
 /// @custom:member reserveBeneficiary The address which receives any reserve NFTs from this tier. Overrides the default
 /// reserve beneficiary if one is set.
-/// @custom:member encodedIPFSUri The IPFS URI to use for each NFT in this tier.
+/// @custom:member encodedIpfsUri The IPFS URI to use for each NFT in this tier.
 /// @custom:member category The category that NFTs in this tier belongs to. Used to group NFT tiers.
 /// @custom:member discountPercent The discount that should be applied to the tier.
 /// @custom:member flags Boolean flags for this tier config (allowOwnerMint, useReserveBeneficiaryAsDefault,
@@ -29,7 +29,7 @@ struct JB721TierConfig {
     uint32 votingUnits;
     uint16 reserveFrequency;
     address reserveBeneficiary;
-    bytes32 encodedIPFSUri;
+    bytes32 encodedIpfsUri;
     uint24 category;
     uint8 discountPercent;
     JB721TierConfigFlags flags;

package/src/structs/JBPayDataHookRulesetMetadata.sol

@@ -24,8 +24,6 @@ pragma solidity ^0.8.0;
 /// @custom:member holdFees A flag indicating if fees should be held during this ruleset.
 /// @custom:member scopeCashOutsToLocalBalances A flag indicating if omnichain cash-out calculations should use only
 /// the local chain's terminal balance instead of the project's balance held in all terminals.
-/// @custom:member pauseCrossProjectFeeFreeInflows If `true`, the project cannot be targeted by
-/// `payAfterCashOutTokensOf` / `addToBalanceAfterCashOutTokensOf` calls during this ruleset.
 /// @custom:member useDataHookForCashOuts A flag indicating if the data hook should be used for cash out transactions
 /// during
 /// this ruleset.
@@ -46,7 +44,6 @@ struct JBPayDataHookRulesetMetadata {
     bool ownerMustSendPayouts;
     bool holdFees;
     bool scopeCashOutsToLocalBalances;
-    bool pauseCrossProjectFeeFreeInflows;
     bool useDataHookForCashOut;
     uint16 metadata;
 }

package/test/utils/ForTest_JB721TiersHook.sol

@@ -162,7 +162,7 @@ contract ForTest_JB721TiersHookStore is JB721TiersHookStore, IJB721TiersHookStor
                 votingUnits: storedTier.price,
                 reserveFrequency: storedTier.reserveFrequency,
                 reserveBeneficiary: reserveBeneficiaryOf(nft, currentSortIndex),
-                encodedIPFSUri: encodedIPFSUriOf[nft][currentSortIndex],
+                encodedIpfsUri: encodedIpfsUriOf[nft][currentSortIndex],
                 category: storedTier.category,
                 discountPercent: storedTier.discountPercent,
                 flags: JB721TierFlags({