Add ERC7984Freezable

.changeset/seven-books-dig.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-confidential-contracts': minor
+---
+
+Add `ERC7984Freezable` extension.

contracts/mocks/token/ConfidentialFungibleTokenVotesMock.sol

@@ -48,5 +48,5 @@ abstract contract ConfidentialFungibleTokenVotesMock is ConfidentialFungibleToke
         _clockOverrideVal = val;
     }
 
-    function _validateHandleAllowance(bytes32 handle) internal view override {}
+    function _validateHandleAllowance(bytes32 handle, address account) internal view override {}
 }

contracts/mocks/token/ERC7984FreezableMock.sol

@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.24;
+
+import {SepoliaConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+import {FHE, euint64, externalEuint64} from "@fhevm/solidity/lib/FHE.sol";
+import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
+import {ConfidentialFungibleToken} from "../../token/ConfidentialFungibleToken.sol";
+import {ERC7984Freezable} from "../../token/extensions/ERC7984Freezable.sol";
+import {HandleAccessManager} from "../../utils/HandleAccessManager.sol";
+
+// solhint-disable func-name-mixedcase
+contract ERC7984FreezableMock is ERC7984Freezable, AccessControl, HandleAccessManager, SepoliaConfig {
+    bytes32 public constant FREEZER_ROLE = keccak256("FREEZER_ROLE");
+
+    error UnallowedHandleAccess(bytes32 handle, address account);
+
+    constructor(
+        string memory name,
+        string memory symbol,
+        string memory tokenUri,
+        address freezer
+    ) ConfidentialFungibleToken(name, symbol, tokenUri) {
+        _grantRole(FREEZER_ROLE, freezer);
+    }
+
+    function confidentialAvailableAccess(address account) public {
+        euint64 available = confidentialAvailable(account);
+        FHE.allowThis(available);
+        getHandleAllowance(euint64.unwrap(available), account, true);
+    }
+
+    function _validateHandleAllowance(bytes32 handle, address account) internal view override {
+        require(msg.sender == account, UnallowedHandleAccess(handle, account));
+    }
+
+    function $_mint(address to, uint64 amount) public returns (euint64 transferred) {
+        return _mint(to, FHE.asEuint64(amount));
+    }
+
+    function _checkFreezer() internal override onlyRole(FREEZER_ROLE) {}
+}

contracts/mocks/utils/HandleAccessManagerMock.sol

@@ -8,7 +8,7 @@ import {HandleAccessManager} from "./../../utils/HandleAccessManager.sol";
 contract HandleAccessManagerMock is HandleAccessManager, SepoliaConfig {
     event HandleCreated(euint64 handle);
 
-    function _validateHandleAllowance(bytes32 handle) internal view override {}
+    function _validateHandleAllowance(bytes32 handle, address account) internal view override {}
 
     function createHandle(uint64 amount) public returns (euint64) {
         euint64 handle = FHE.asEuint64(amount);

contracts/token/extensions/ERC7984Freezable.sol

@@ -0,0 +1,85 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.27;
+
+import {FHE, ebool, euint64, externalEuint64} from "@fhevm/solidity/lib/FHE.sol";
+import {FHESafeMath} from "../../utils/FHESafeMath.sol";
+import {ConfidentialFungibleToken} from "../ConfidentialFungibleToken.sol";
+
+/**
+ * Inspired by https://github.com/OpenZeppelin/openzeppelin-community-contracts/pull/186.
+ *
+ * @dev Extension of {ERC7984} that allows to implement a confidential
+ * freezing mechanism that can be managed by an authorized account with
+ * the {_setConfidentialFrozen} function.
+ *
+ * The freezing mechanism provides the guarantee to the contract owner
+ * (e.g. a DAO or a well-configured multisig) that a specific confidential
+ * amount of tokens held by an account won't be transferable until those
+ * tokens are unfrozen.
+ */
+abstract contract ERC7984Freezable is ConfidentialFungibleToken {
+    /// @dev Confidential frozen amount of tokens per address.
+    mapping(address account => euint64 encryptedAmount) private _frozenBalances;
+
+    /// @dev Emitted when a confidential amount of token is frozen for an account
+    event Frozen(address indexed account, euint64 encryptedAmount);
+
+    error ERC7984UnauthorizedUseOfEncryptedAmount(euint64 encryptedAmount, address user);
+
+    /// @dev Returns the confidential frozen balance of an account.
+    function confidentialFrozen(address account) public view virtual returns (euint64) {
+        return _frozenBalances[account];
+    }
+
+    /// @dev Returns the confidential available (unfrozen) balance of an account. Up to {confidentialBalanceOf}.
+    function confidentialAvailable(address account) public virtual returns (euint64) {
+        (ebool success, euint64 unfrozen) = FHESafeMath.tryDecrease(
+            confidentialBalanceOf(account),
+            confidentialFrozen(account)
+        );
+        return FHE.select(success, unfrozen, FHE.asEuint64(0));
+    }
+
+    /// @dev Freezes a confidential amount of token amount for an account with a proof.
+    function setConfidentialFrozen(
+        address account,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) public virtual {
+        return setConfidentialFrozen(account, FHE.fromExternal(encryptedAmount, inputProof));
+    }
+
+    /// @dev Freezes a confidential amount of token amount for an account.
+    function setConfidentialFrozen(address account, euint64 encryptedAmount) public virtual {
+        require(
+            FHE.isAllowed(encryptedAmount, msg.sender),
+            ERC7984UnauthorizedUseOfEncryptedAmount(encryptedAmount, msg.sender)
+        );
+        return _setConfidentialFrozen(account, encryptedAmount);
+    }
+
+    /// @dev Internal function to freeze a confidential amount of token amount for an account.
+    function _setConfidentialFrozen(address account, euint64 encryptedAmount) internal virtual {
+        _checkFreezer();
+        FHE.allowThis(encryptedAmount);
+        FHE.allow(encryptedAmount, account);
+        _frozenBalances[account] = encryptedAmount;
+        emit Frozen(account, encryptedAmount);
+    }
+
+    /// @dev Checks has freezer role.
+    function _checkFreezer() internal virtual;
+
+    /**
+     * @dev See {ERC7984-_update}. The `from` account must have sufficient unfrozen balance,
+     * otherwise the update is performed with a zero amount.
+     */
+    function _update(address from, address to, euint64 encryptedAmount) internal virtual override returns (euint64) {
+        if (from != address(0)) {
+            euint64 unfrozen = confidentialAvailable(from);
+            encryptedAmount = FHE.select(FHE.le(encryptedAmount, unfrozen), encryptedAmount, FHE.asEuint64(0));
+        }
+        return super._update(from, to, encryptedAmount);
+    }
+}

contracts/utils/HandleAccessManager.sol

@@ -12,7 +12,7 @@ abstract contract HandleAccessManager {
      * {_validateHandleAllowance} function.
      */
     function getHandleAllowance(bytes32 handle, address account, bool persistent) public virtual {
-        _validateHandleAllowance(handle);
+        _validateHandleAllowance(handle, account);
         if (persistent) {
             Impl.allow(handle, account);
         } else {
@@ -24,5 +24,5 @@ abstract contract HandleAccessManager {
      * @dev Unimplemented function that must revert if the message sender is not allowed to call
      * {getHandleAllowance} for the given handle.
      */
-    function _validateHandleAllowance(bytes32 handle) internal view virtual;
+    function _validateHandleAllowance(bytes32 handle, address account) internal view virtual;
 }

test/helpers/accounts.ts

@@ -4,7 +4,7 @@ import { Addressable, Signer, ethers } from 'ethers';
 import fs from 'fs';
 import { HardhatRuntimeEnvironment } from 'hardhat/types';
 
-const ACL_ADDRESS = constants.ACL_CONTRACT_ADDRESS;
+export const ACL_ADDRESS = constants.ACL_CONTRACT_ADDRESS;
 
 const DEFAULT_BALANCE: bigint = 10000n * ethers.WeiPerEther;
 

test/token/extensions/ERC7984Freezable.test.ts

@@ -0,0 +1,168 @@
+import { IACL__factory } from '../../../types';
+import { ACL_ADDRESS } from '../../helpers/accounts';
+import { FhevmType } from '@fhevm/hardhat-plugin';
+import { expect } from 'chai';
+import { ethers, fhevm } from 'hardhat';
+
+/* eslint-disable no-unexpected-multiline */
+describe('ERC7984Freezable', function () {
+  async function deployFixture() {
+    const [holder, recipient, freezer, operator, anyone] = await ethers.getSigners();
+    const token = await ethers.deployContract('ERC7984FreezableMock', ['name', 'symbol', 'uri', freezer.address]);
+    const acl = IACL__factory.connect(ACL_ADDRESS, ethers.provider);
+    return { token, acl, holder, recipient, freezer, operator, anyone };
+  }
+
+  it('should set and get confidential frozen', async function () {
+    const { token, acl, holder, recipient, freezer } = await deployFixture();
+    await token
+      .connect(holder)
+      .$_mint(recipient.address, 1000)
+      .then(tx => tx.wait());
+    const encryptedInput = await fhevm
+      .createEncryptedInput(await token.getAddress(), freezer.address)
+      .add64(100)
+      .encrypt();
+    await expect(
+      token
+        .connect(freezer)
+        ['setConfidentialFrozen(address,bytes32,bytes)'](
+          recipient.address,
+          encryptedInput.handles[0],
+          encryptedInput.inputProof,
+        ),
+    )
+      .to.emit(token, 'Frozen')
+      .withArgs(recipient.address, encryptedInput.handles[0]);
+    const frozenHandle = await token.confidentialFrozen(recipient.address);
+    expect(frozenHandle).to.equal(ethers.hexlify(encryptedInput.handles[0]));
+    expect(await acl.isAllowed(frozenHandle, recipient.address)).to.be.true;
+    expect(await fhevm.userDecryptEuint(FhevmType.euint64, frozenHandle, await token.getAddress(), recipient)).to.equal(
+      100,
+    );
+    const balanceHandle = await token.confidentialBalanceOf(recipient.address);
+    expect(
+      await fhevm.userDecryptEuint(FhevmType.euint64, balanceHandle, await token.getAddress(), recipient),
+    ).to.equal(1000);
+    const confidentialAvailableArgs = recipient.address;
+    const availableHandle = await token.confidentialAvailable.staticCall(confidentialAvailableArgs);
+    await (token as any)
+      .connect(recipient)
+      .confidentialAvailableAccess(confidentialAvailableArgs)
+      .then(tx => tx.wait());
+    expect(
+      await fhevm.userDecryptEuint(FhevmType.euint64, availableHandle, await token.getAddress(), recipient),
+    ).to.equal(900);
+  });
+
+  it('should not set confidential frozen if not called by freezer', async function () {
+    const { token, holder, recipient, anyone } = await deployFixture();
+    await token.$_mint(holder.address, 1000).then(tx => tx.wait());
+    const encryptedInput = await fhevm
+      .createEncryptedInput(await token.getAddress(), anyone.address)
+      .add64(100)
+      .encrypt();
+
+    await expect(
+      token
+        .connect(anyone)
+        ['setConfidentialFrozen(address,bytes32,bytes)'](
+          recipient.address,
+          encryptedInput.handles[0],
+          encryptedInput.inputProof,
+        ),
+    )
+      .to.be.revertedWithCustomError(token, 'AccessControlUnauthorizedAccount')
+      .withArgs(anyone.address, ethers.id('FREEZER_ROLE'));
+  });
+
+  it('should transfer max available', async function () {
+    const { token, holder, recipient, freezer, anyone } = await deployFixture();
+    await token
+      .connect(holder)
+      .$_mint(recipient.address, 1000)
+      .then(tx => tx.wait());
+    const encryptedInput = await fhevm
+      .createEncryptedInput(await token.getAddress(), freezer.address)
+      .add64(100)
+      .encrypt();
+    await token
+      .connect(freezer)
+      ['setConfidentialFrozen(address,bytes32,bytes)'](
+        recipient.address,
+        encryptedInput.handles[0],
+        encryptedInput.inputProof,
+      )
+      .then(tx => tx.wait());
+    const confidentialAvailableArgs = recipient.address;
+    const availableHandle = await token.confidentialAvailable.staticCall(confidentialAvailableArgs);
+    await (token as any)
+      .connect(recipient)
+      .confidentialAvailableAccess(confidentialAvailableArgs)
+      .then(tx => tx.wait());
+    expect(
+      await fhevm.userDecryptEuint(FhevmType.euint64, availableHandle, await token.getAddress(), recipient),
+    ).to.equal(900);
+    const encryptedInput2 = await fhevm
+      .createEncryptedInput(await token.getAddress(), recipient.address)
+      .add64(900)
+      .encrypt();
+    await token
+      .connect(recipient)
+      ['confidentialTransfer(address,bytes32,bytes)'](
+        anyone.address,
+        encryptedInput2.handles[0],
+        encryptedInput2.inputProof,
+      )
+      .then(tx => tx.wait());
+    expect(
+      await fhevm.userDecryptEuint(
+        FhevmType.euint64,
+        await token.confidentialBalanceOf(recipient.address),
+        await token.getAddress(),
+        recipient,
+      ),
+    ).to.equal(100);
+  });
+
+  it('should transfer zero if transferring more than available', async function () {
+    const { token, holder, recipient, freezer, anyone } = await deployFixture();
+    await token
+      .connect(holder)
+      .$_mint(recipient.address, 1000)
+      .then(tx => tx.wait());
+    const encryptedInput = await fhevm
+      .createEncryptedInput(await token.getAddress(), freezer.address)
+      .add64(500)
+      .encrypt();
+    await token
+      .connect(freezer)
+      ['setConfidentialFrozen(address,bytes32,bytes)'](
+        recipient.address,
+        encryptedInput.handles[0],
+        encryptedInput.inputProof,
+      )
+      .then(tx => tx.wait());
+    const encryptedInput2 = await fhevm
+      .createEncryptedInput(await token.getAddress(), recipient.address)
+      .add64(501)
+      .encrypt();
+    await token
+      .connect(recipient)
+      ['confidentialTransfer(address,bytes32,bytes)'](
+        anyone.address,
+        encryptedInput2.handles[0],
+        encryptedInput2.inputProof,
+      )
+      .then(tx => tx.wait());
+    expect(
+      await fhevm.userDecryptEuint(
+        FhevmType.euint64,
+        await token.confidentialBalanceOf(recipient.address),
+        await token.getAddress(),
+        recipient,
+      ),
+    ).to.equal(1000);
+  });
+});
+/* eslint-disable no-unexpected-multiline */