OpenZeppelin · arr00 · Aug 12, 2025 · Aug 12, 2025 · Aug 12, 2025 · Aug 12, 2025
@@ -0,0 +1,5 @@
+---
+'openzeppelin-confidential-contracts': minor
+---
+
+`ERC7984RwaModularCompliance`: Support compliance modules for confidential RWAs.
@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.27;
+
+import {FHE, ebool, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {ERC165, IERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
+import {IComplianceModuleConfidential} from "./../../interfaces/IComplianceModuleConfidential.sol";
+import {IERC7984Rwa} from "./../../interfaces/IERC7984Rwa.sol";
+import {HandleAccessManager} from "./../../utils/HandleAccessManager.sol";
+
+/**
+ * @dev A contract which allows to build a transfer compliance module for confidential Real World Assets (RWAs).
+ */
+abstract contract ComplianceModuleConfidential is IComplianceModuleConfidential, ERC165 {
+    error UnauthorizedUseOfEncryptedAmount(euint64 encryptedAmount, address sender);
+
+    /// @dev Thrown when the sender is not authorized to call the given function.
+    error NotAuthorized(address account);
+
+    /// @dev Thrown when the sender is not an admin of the token.
+    modifier onlyTokenAdmin(address token) {
+        require(IERC7984Rwa(token).isAdmin(msg.sender), NotAuthorized(msg.sender));
+        _;
+    }
+
+    /// @dev Thrown when the sender is not an agent of the token.
+    modifier onlyTokenAgent(address token) {
+        require(IERC7984Rwa(token).isAgent(msg.sender), NotAuthorized(msg.sender));
+        _;
+    }
+
+    /// @inheritdoc IComplianceModuleConfidential
+    function isCompliantTransfer(address from, address to, euint64 encryptedAmount) public virtual returns (ebool) {
+        ebool compliant = _isCompliantTransfer(msg.sender, from, to, encryptedAmount);
+        FHE.allowTransient(compliant, msg.sender);
+        return compliant;
+    }
+
+    /// @inheritdoc IComplianceModuleConfidential
+    function postTransfer(address from, address to, euint64 encryptedAmount) public virtual {
+        _postTransfer(msg.sender, from, to, encryptedAmount);
+    }
+
+    /// @inheritdoc IComplianceModuleConfidential
+    function onInstall(bytes calldata initData) public virtual {}
+
+    /// @inheritdoc IComplianceModuleConfidential
+    function onUninstall(bytes calldata deinitData) public virtual {}
+
+    /// @inheritdoc ERC165
+    function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) {
+        return interfaceId == type(IComplianceModuleConfidential).interfaceId || super.supportsInterface(interfaceId);
+    }
+
+    /**
+     * @dev Internal function which checks if a transfer is compliant. Transient access is already granted to the module
+     * for `encryptedAmount`. If additional handle access is needed from the token, call {_getTokenHandleAllowance}.
+     */
+    function _isCompliantTransfer(
+        address token,
+        address from,
+        address to,
+        euint64 encryptedAmount
+    ) internal virtual returns (ebool);
+
+    /**
+     * @dev Internal function which performs operations after transfers. Transient access is already granted to the module
+     * for `encryptedAmount`. If additional handle access is needed from the token, call {_getTokenHandleAllowance}.
+     */
+    function _postTransfer(
+        address /*token*/,
+        address /*from*/,
+        address /*to*/,
+        euint64 /*encryptedAmount*/
+    ) internal virtual {
+        // default to no-op
+    }
+
+    /// @dev Allow modules to get access to token handles during transaction.
+    function _getTokenHandleAllowance(address token, euint64 handle) internal virtual {
+        _getTokenHandleAllowance(token, handle, false);
+    }
+
+    /// @dev Allow modules to get access to token handles.
+    function _getTokenHandleAllowance(address token, euint64 handle, bool persistent) internal virtual {
+        if (FHE.isInitialized(handle)) {
+            HandleAccessManager(token).getHandleAllowance(euint64.unwrap(handle), address(this), persistent);
+        }
+    }
+}
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.24;
+
+import {euint64, ebool} from "@fhevm/solidity/lib/FHE.sol";
+import {IERC165} from "@openzeppelin/contracts/interfaces/IERC165.sol";
+
+/// @dev Interface for confidential RWA transfer compliance module.
+interface IComplianceModuleConfidential is IERC165 {
+    /**
+     * @dev Checks if a transfer is compliant. Should be non-mutating. Transient access is already granted 
+     * to the module for `encryptedAmount`.
+     */
+    function isCompliantTransfer(address from, address to, euint64 encryptedAmount) external returns (ebool);
+
+    /// @dev Performs operation after transfer.
+    function postTransfer(address from, address to, euint64 encryptedAmount) external;
+
+    /// @dev Performs operations after installation.
+    function onInstall(bytes calldata initData) external;
+
+    /// @dev Performs operations after uninstallation.
+    function onUninstall(bytes calldata deinitData) external;
+}
@@ -2,62 +2,95 @@
 // OpenZeppelin Confidential Contracts (last updated v0.3.0) (interfaces/IERC7984Rwa.sol)
 pragma solidity ^0.8.24;
 
-import {externalEuint64, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {ebool, externalEuint64, euint64} from "@fhevm/solidity/lib/FHE.sol";
 import {IERC7984} from "./IERC7984.sol";
 
 /// @dev Interface for confidential RWA contracts.
 interface IERC7984Rwa is IERC7984 {
     /// @dev Returns true if the contract is paused, false otherwise.
     function paused() external view returns (bool);
+
+    /// @dev Returns true if has admin role, false otherwise.
+    function isAdmin(address account) external view returns (bool);
+
+    /// @dev Returns true if agent, false otherwise.
+    function isAgent(address account) external view returns (bool);
+
     /// @dev Returns whether an account is allowed to interact with the token.
     function canTransact(address account) external view returns (bool);
+
     /// @dev Returns the confidential frozen balance of an account.
     function confidentialFrozen(address account) external view returns (euint64);
+
     /// @dev Returns the confidential available (unfrozen) balance of an account. Up to {IERC7984-confidentialBalanceOf}.
     function confidentialAvailable(address account) external returns (euint64);
+
     /// @dev Pauses contract.
     function pause() external;
+
     /// @dev Unpauses contract.
     function unpause() external;
+
     /// @dev Blocks a user account.
     function blockUser(address account) external;
+
     /// @dev Unblocks a user account.
     function unblockUser(address account) external;
+
     /// @dev Sets confidential amount of token for an account as frozen with proof.
     function setConfidentialFrozen(
         address account,
         externalEuint64 encryptedAmount,
         bytes calldata inputProof
     ) external;
+
     /// @dev Sets confidential amount of token for an account as frozen.
     function setConfidentialFrozen(address account, euint64 encryptedAmount) external;
+
     /// @dev Mints confidential amount of tokens to account with proof.
     function confidentialMint(
         address to,
         externalEuint64 encryptedAmount,
         bytes calldata inputProof
     ) external returns (euint64);
+
     /// @dev Mints confidential amount of tokens to account.
     function confidentialMint(address to, euint64 encryptedAmount) external returns (euint64);
+
     /// @dev Burns confidential amount of tokens from account with proof.
     function confidentialBurn(
         address account,
         externalEuint64 encryptedAmount,
         bytes calldata inputProof
     ) external returns (euint64);
+
     /// @dev Burns confidential amount of tokens from account.
     function confidentialBurn(address account, euint64 encryptedAmount) external returns (euint64);
+
     /// @dev Forces transfer of confidential amount of tokens from account to account with proof by skipping compliance checks.
     function forceConfidentialTransferFrom(
         address from,
         address to,
         externalEuint64 encryptedAmount,
         bytes calldata inputProof
     ) external returns (euint64);
+
     /// @dev Forces transfer of confidential amount of tokens from account to account by skipping compliance checks.
     function forceConfidentialTransferFrom(
         address from,
         address to,
         euint64 encryptedAmount
     ) external returns (euint64);
 }
+
+/// @dev Interface for confidential RWA with modular compliance.
+interface IERC7984RwaModularCompliance {
+    /// @dev Checks if a compliance module is installed.
+    function isModuleInstalled(address module) external view returns (bool);
+
+    /// @dev Installs a transfer compliance module.
+    function installModule(address module, bytes calldata initData) external;
+
+    /// @dev Uninstalls a transfer compliance module.
+    function uninstallModule(address module, bytes calldata deinitData) external;
+}
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.24;
+
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+import {FHE, ebool, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {ComplianceModuleConfidential} from "./../../finance/compliance/ComplianceModuleConfidential.sol";
+import {IERC7984} from "./../../interfaces/IERC7984.sol";
+
+contract ComplianceModuleConfidentialMock is ComplianceModuleConfidential, ZamaEthereumConfig {
+    bool public isCompliant = true;
+    bool public revertOnUninstall = false;
+
+    event PostTransfer();
+    event PreTransfer();
+
+    event OnInstall(bytes initData);
+    event OnUninstall(bytes deinitData);
+
+    function onInstall(bytes calldata initData) public override {
+        emit OnInstall(initData);
+        super.onInstall(initData);
+    }
+
+    function onUninstall(bytes calldata deinitData) public override {
+        if (revertOnUninstall) {
+            revert("Revert on uninstall");
+        }
+
+        emit OnUninstall(deinitData);
+        super.onUninstall(deinitData);
+    }
+
+    function setIsCompliant(bool isCompliant_) public {
+        isCompliant = isCompliant_;
+    }
+
+    function setRevertOnUninstall(bool revertOnUninstall_) public {
+        revertOnUninstall = revertOnUninstall_;
+    }
+
+    function _isCompliantTransfer(address token, address from, address, euint64) internal override returns (ebool) {
+        euint64 fromBalance = IERC7984(token).confidentialBalanceOf(from);
+
+        if (euint64.unwrap(fromBalance) != 0) {
+            _getTokenHandleAllowance(token, fromBalance);
+            assert(FHE.isAllowed(fromBalance, address(this)));
+        }
+
+        emit PreTransfer();
+        return FHE.asEbool(isCompliant);
+    }
+
+    function _postTransfer(address token, address from, address to, euint64 amount) internal override {
+        emit PostTransfer();
+        super._postTransfer(token, from, to, amount);
+    }
+}
@@ -37,6 +37,13 @@ contract ERC7984Mock is ERC7984, ZamaEthereumConfig {
         return encryptedAddr;
     }
 
+    function confidentialTransfer(address to, uint64 amount) public returns (euint64) {
+        euint64 ciphertext = FHE.asEuint64(amount);
+        FHE.allowTransient(ciphertext, msg.sender);
+
+        return confidentialTransfer(to, ciphertext);
+    }
+
     function _update(address from, address to, euint64 amount) internal virtual override returns (euint64 transferred) {
         transferred = super._update(from, to, amount);
         FHE.allow(confidentialTotalSupply(), _OWNER);

@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.24;
+
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+import {FHE, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {ERC7984} from "./../../token/ERC7984/ERC7984.sol";
+import {ERC7984Rwa} from "./../../token/ERC7984/extensions/ERC7984Rwa.sol";
+import {ERC7984RwaModularCompliance} from "./../../token/ERC7984/extensions/ERC7984RwaModularCompliance.sol";
+import {ERC7984Mock} from "./ERC7984Mock.sol";
+
+contract ERC7984RwaModularComplianceMock is ERC7984RwaModularCompliance, ERC7984Mock {
+    constructor(
+        string memory name,
+        string memory symbol,
+        string memory tokenUri,
+        address admin
+    ) ERC7984Rwa(admin) ERC7984Mock(name, symbol, tokenUri) {}
+
+    function supportsInterface(
+        bytes4 interfaceId
+    ) public view virtual override(ERC7984, ERC7984RwaModularCompliance) returns (bool) {
+        return super.supportsInterface(interfaceId);
+    }
+
+    function _update(
+        address from,
+        address to,
+        euint64 amount
+    ) internal virtual override(ERC7984Mock, ERC7984RwaModularCompliance) returns (euint64) {
+        return super._update(from, to, amount);
+    }
+}