Remove public setters from ERC7984Freezable

[arr00]

Summary by Sourcery

Restrict the confidential freezing API to the internal _setConfidentialFrozen function and update the mock and tests to use a new $_setConfidentialFrozen wrapper, removing the public setters from ERC7984Freezable.

Enhancements:

• Remove public setConfidentialFrozen functions from ERC7984Freezable
• Add $_setConfidentialFrozen public wrapper in ERC7984FreezableMock for testing

Tests:

• Refactor tests to call $_setConfidentialFrozen instead of the removed public setters
• Remove obsolete test cases for the original setConfidentialFrozen overloads

Summary by CodeRabbit

• Refactor

  • Consolidated confidential freezing workflow by removing direct public endpoints; freezing is now handled internally by authorized roles for improved encapsulation.

• Tests

  • Introduced a helper used in tests to set confidential frozen state with an external encrypted amount and proof.
  • Updated test cases to use the new flow, simplifying scenarios and removing redundant unauthorized-path coverage.

[netlify]

✅ Deploy Preview for confidential-tokens ready!

Name	Link
🔨 Latest commit	0d52006
🔍 Latest deploy log	https://app.netlify.com/projects/confidential-tokens/deploys/68bb12cc0ff7e9000870dc94
😎 Deploy Preview	https://deploy-preview-198--confidential-tokens.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[sourcery-ai]

Reviewer's Guide

This PR enforces freezing exclusively via the internal _setConfidentialFrozen method by removing its public overloads, exposes a test-only $_setConfidentialFrozen wrapper in the mock contract, and refactors the test suite to call only the proof-based API.

Class diagram for ERC7984Freezable and ERC7984FreezableMock after removal of public setters

classDiagram
    class ERC7984Freezable {
        <<abstract>>
        +_setConfidentialFrozen(account, encryptedAmount) internal
    }
    class ERC7984FreezableMock {
        +$_setConfidentialFrozen(account, encryptedAmount, inputProof) public
    }
    ERC7984FreezableMock --|> ERC7984Freezable

Loading

Class diagram showing removed public methods from ERC7984Freezable

classDiagram
    class ERC7984Freezable {
        -setConfidentialFrozen(account, externalEuint64, inputProof) public
        -setConfidentialFrozen(account, euint64) public
        +_setConfidentialFrozen(account, encryptedAmount) internal
    }

Loading

File-Level Changes

Change	Details	Files
Remove public setters from ERC7984Freezable	Deleted the two public setConfidentialFrozen overloads (with and without proof) Relied solely on the internal _setConfidentialFrozen for freezing logic	contracts/token/ERC7984/extensions/ERC7984Freezable.sol
Expose internal freezing function in mock contract	Added public $_setConfidentialFrozen wrapper to forward external input and proof Ensured tests can call the internal freezing logic	contracts/mocks/token/ERC7984FreezableMock.sol
Refactor tests to use proof-based API only	Removed withProof/no-proof test branching and deprecated helpers Replaced all setConfidentialFrozen calls with $_setConfidentialFrozen Eliminated tests covering the removed no-proof scenario	test/token/ERC7984/extensions/ERC7984Freezable.test.ts

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Walkthrough

Replaces the mock’s encrypted-amount creator with a wrapper that forwards an external encrypted value and proof into the internal freezing path. Removes public freeze setters from the core extension, retaining only the internal _setConfidentialFrozen. Tests are updated to use the mock’s $_setConfidentialFrozen(address,bytes32,bytes) and drop prior overload/proof-path variants.

Changes

Cohort / File(s)	Summary
Mock contract wrapper update contracts/mocks/token/ERC7984FreezableMock.sol	Removes createEncryptedAmount(uint64) and adds $_setConfidentialFrozen(address, externalEuint64, bytes) that calls _setConfidentialFrozen(account, FHE.fromExternal(...)); adds solhint disable for the name.
Core extension public API removal contracts/token/ERC7984/extensions/ERC7984Freezable.sol	Removes public setConfidentialFrozen overloads (externalEuint64+proof and euint64). Keeps internal _setConfidentialFrozen(address, euint64); access control remains internal via _checkFreezer.
Tests aligned to new entrypoint test/token/ERC7984/extensions/ERC7984Freezable.test.ts	Rewrites tests to call $_setConfidentialFrozen(address,bytes32,bytes); removes prior with/without proof paths and an unauthorized-freezer test; updates assertions for event, handles, ACL, and decrypted values.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant T as Test
  participant M as ERC7984FreezableMock
  participant F as FHE Lib
  participant C as ERC7984Freezable (internal)

  T->>M: $_setConfidentialFrozen(account, externalEncrypted, proof)
  M->>F: fromExternal(externalEncrypted, proof)
  F-->>M: euint64 encryptedAmount
  M->>C: _setConfidentialFrozen(account, encryptedAmount)
  C-->>T: (no return) • emits TokensFrozen • updates state

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I thump my paws on cryptic ground,
Freeze bytes where silent sums are found;
No public gates, just hidden keys—
A mock now whispers to the freeze.
Proofs in paw, I hop with glee,
Events like fireflies—one, two, three. 🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/remove-public-setters-freezable

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

contracts/mocks/token/ERC7984FreezableMock.sol (1)

35-42: Make access control explicit at the entry point (fail-fast, clearer intent)

_setConfidentialFrozen enforces onlyRole(FREEZER_ROLE) via _checkFreezer, but adding it here clarifies intent and short-circuits earlier.

-    ) public virtual {
+    ) public virtual onlyRole(FREEZER_ROLE) {
         _setConfidentialFrozen(account, FHE.fromExternal(encryptedAmount, inputProof));
     }

test/token/ERC7984/extensions/ERC7984Freezable.test.ts (1)

26-72: Minor test ergonomics: cache token address

You call await token.getAddress() multiple times; cache once to reduce RPC chatter and noise.

-    const encryptedRecipientMintInput = await fhevm
-      .createEncryptedInput(await token.getAddress(), holder.address)
+    const tokenAddr = await token.getAddress();
+    const encryptedRecipientMintInput = await fhevm
+      .createEncryptedInput(tokenAddr, holder.address)
       .add64(1000)
       .encrypt();
@@
-    const { handles, inputProof } = await fhevm
-      .createEncryptedInput(await token.getAddress(), freezer.address)
+    const { handles, inputProof } = await fhevm
+      .createEncryptedInput(tokenAddr, freezer.address)
       .add64(amount)
       .encrypt();
@@
-    await expect(
-      fhevm.userDecryptEuint(FhevmType.euint64, frozenHandle, await token.getAddress(), recipient),
+    await expect(
+      fhevm.userDecryptEuint(FhevmType.euint64, frozenHandle, tokenAddr, recipient),
     ).to.eventually.equal(100);
@@
-    await expect(
-      fhevm.userDecryptEuint(FhevmType.euint64, balanceHandle, await token.getAddress(), recipient),
+    await expect(
+      fhevm.userDecryptEuint(FhevmType.euint64, balanceHandle, tokenAddr, recipient),
     ).to.eventually.equal(1000);
@@
-    await expect(
-      fhevm.userDecryptEuint(FhevmType.euint64, availableHandle, await token.getAddress(), recipient),
+    await expect(
+      fhevm.userDecryptEuint(FhevmType.euint64, availableHandle, tokenAddr, recipient),
     ).to.eventually.equal(900);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5476ee4 and 0d52006.

📒 Files selected for processing (3)

• contracts/mocks/token/ERC7984FreezableMock.sol (1 hunks)
• contracts/token/ERC7984/extensions/ERC7984Freezable.sol (0 hunks)
• test/token/ERC7984/extensions/ERC7984Freezable.test.ts (4 hunks)

💤 Files with no reviewable changes (1)

• contracts/token/ERC7984/extensions/ERC7984Freezable.sol

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: boostsecurity - boostsecurityio/semgrep-pro
• GitHub Check: tests
• GitHub Check: slither
• GitHub Check: coverage

🔇 Additional comments (5)

contracts/mocks/token/ERC7984FreezableMock.sol (1)

35-42: Public wrapper correctly forwards external ciphertext and proof

Forwarding externalEuint64 + inputProof into FHE.fromExternal(...) and delegating to the internal _setConfidentialFrozen aligns with the removal of public setters in the core extension. Tests cover unauthorized access and event emission.

test/token/ERC7984/extensions/ERC7984Freezable.test.ts (4)

26-72: End-to-end coverage for freeze path looks solid

Good assertions: event, stored handle, ACL, decryptions, and available computation.

---

95-99: Updated callsite to new wrapper signature

Switch to $_setConfidentialFrozen(address,bytes32,bytes) matches the contract change and the revert check remains correct.

---

124-128: Good migration to the new freeze API in max-available flow

Call updated correctly; downstream assertions validate availability and transfer.

---

175-179: Good migration to the new freeze API in over-transfer flow

Call updated correctly; event and balance checks exercise the edge case.

[james-toussaint]

Thank you 👍