Add Vesting Wallet (#91)

arr00 · james-toussaint · Amxx · web-flow · commit faf86c9f7c99 · 2025-07-10T13:53:56.000-06:00
* Add Vesting Wallet * fix and add tests * remove unused imports * fix test * add operator * fix test * add changeset * make vesting wallets cloneable * Apply suggestions from code review Co-authored-by: James Toussaint <33313130+james-toussaint@users.noreply.github.com> * add call event * add initializable version of vesting (#95) * add initializable version of vesting * update tests * remove factory mock * rename mock files * fix imports * remove upgradeable dependency * add docs * revert `package-lock.json` changes * fix import paths * fix lint * Update contracts/finance/VestingWalletConfidential.sol Co-authored-by: Hadrien Croubois <hadrien.croubois@gmail.com> * fix tests * add reentrancy protection * extract executor into extension * forge install: openzeppelin-contracts-upgradeable v5.3.0 * update package * fix overflow risk * Add vesting wallet namespace storage (#96) * Add vesting wallet namespace storage * update pragmas * reorder functions * fix lint and inline getting storage --------- Co-authored-by: Arr00 <13561405+arr00@users.noreply.github.com> * update docs * update cliff seconds param size * remove upgradeable file * add docs * Update .changeset/cold-nails-go.md Co-authored-by: James Toussaint <33313130+james-toussaint@users.noreply.github.com> * update comments --------- Co-authored-by: James Toussaint <33313130+james-toussaint@users.noreply.github.com> Co-authored-by: Hadrien Croubois <hadrien.croubois@gmail.com>
diff --git a/.changeset/cold-nails-go.md b/.changeset/cold-nails-go.md
@@ -0,0 +1,7 @@
+---
+'openzeppelin-confidential-contracts': minor
+---
+
+`VestingWalletConfidential`: A vesting wallet that releases confidential tokens owned by it according to a defined vesting schedule.
+`VestingWalletCliffConfidential`: A variant of `VestingWalletConfidential` which adds a cliff period to the vesting schedule.
+`VestingWalletExecutorConfidential`: A variant of `VestingWalletConfidential` which allows a trusted executor to execute arbitrary calls from the vesting wallet.
diff --git a/.gitmodules b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "lib/openzeppelin-contracts"]
 	path = lib/openzeppelin-contracts
 	url = https://github.com/OpenZeppelin/openzeppelin-contracts
+[submodule "lib/openzeppelin-contracts-upgradeable"]
+	path = lib/openzeppelin-contracts-upgradeable
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
diff --git a/contracts/finance/README.adoc b/contracts/finance/README.adoc
@@ -0,0 +1,16 @@
+
+= Finance
+
+[.readme-notice]
+NOTE: This document is better viewed at https://docs.openzeppelin.com/confidential-contracts/api#finance
+
+This directory includes primitives for on-chain confidential financial systems:
+
+- {VestingWalletConfidential}: Handles the vesting of confidential tokens for a given beneficiary. Custody of multiple tokens can be given to this contract, which will release the token to the beneficiary following a given, customizable, vesting schedule.
+- {VestingWalletCliffConfidential}: Variant of {VestingWalletConfidential} which adds a cliff period to the vesting schedule.
+- {VestingWalletExecutorConfidential}: Extension of {VestingWalletConfidential} that adds an executor role able to perform arbitrary calls on behalf of the vesting wallet (e.g. to vote, stake, or perform other management operations).
+
+== Contracts
+{{VestingWalletConfidential}}
+{{VestingWalletCliffConfidential}}
+{{VestingWalletExecutorConfidential}}
diff --git a/contracts/finance/VestingWalletCliffConfidential.sol b/contracts/finance/VestingWalletCliffConfidential.sol
@@ -0,0 +1,59 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import {euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {VestingWalletConfidential} from "./VestingWalletConfidential.sol";
+
+/**
+ * @dev An extension of {VestingWalletConfidential} that adds a cliff to the vesting schedule. The cliff is `cliffSeconds` long and
+ * starts at the vesting start timestamp (see {VestingWalletConfidential}).
+ */
+abstract contract VestingWalletCliffConfidential is VestingWalletConfidential {
+    /// @custom:storage-location erc7201:openzeppelin.storage.VestingWalletCliffConfidential
+    struct VestingWalletCliffStorage {
+        uint64 _cliff;
+    }
+
+    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.VestingWalletCliffConfidential")) - 1)) & ~bytes32(uint256(0xff))
+    // solhint-disable-next-line const-name-snakecase
+    bytes32 private constant VestingWalletCliffStorageLocation =
+        0x3c715f77db997bdb68403fafb54820cd57dedce553ed6315028656b0d601c700;
+
+    function _getVestingWalletCliffStorage() private pure returns (VestingWalletCliffStorage storage $) {
+        assembly {
+            $.slot := VestingWalletCliffStorageLocation
+        }
+    }
+
+    /// @dev The specified cliff duration is larger than the vesting duration.
+    error InvalidCliffDuration(uint64 cliffSeconds, uint64 durationSeconds);
+
+    /**
+     * @dev Set the duration of the cliff, in seconds. The cliff starts at the vesting
+     * start timestamp (see {VestingWalletConfidential-start}) and ends `cliffSeconds` later.
+     */
+    // solhint-disable-next-line func-name-mixedcase
+    function __VestingWalletCliffConfidential_init(uint48 cliffSeconds) internal onlyInitializing {
+        if (cliffSeconds > duration()) {
+            revert InvalidCliffDuration(cliffSeconds, duration());
+        }
+        _getVestingWalletCliffStorage()._cliff = start() + cliffSeconds;
+    }
+
+    /// @dev The timestamp at which the cliff ends.
+    function cliff() public view virtual returns (uint64) {
+        return _getVestingWalletCliffStorage()._cliff;
+    }
+
+    /**
+     * @dev This function returns the amount vested, as a function of time, for
+     * an asset given its total historical allocation. Returns 0 if the {cliff} timestamp is not met.
+     *
+     * IMPORTANT: The cliff not only makes the schedule return 0, but it also ignores every possible side
+     * effect from calling the inherited implementation (i.e. `super._vestingSchedule`). Carefully consider
+     * this caveat if the overridden implementation of this function has any (e.g. writing to memory or reverting).
+     */
+    function _vestingSchedule(euint64 totalAllocation, uint64 timestamp) internal virtual override returns (euint64) {
+        return timestamp < cliff() ? euint64.wrap(0) : super._vestingSchedule(totalAllocation, timestamp);
+    }
+}
diff --git a/contracts/finance/VestingWalletConfidential.sol b/contracts/finance/VestingWalletConfidential.sol
@@ -0,0 +1,134 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import {FHE, ebool, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+import {ReentrancyGuardTransient} from "@openzeppelin/contracts/utils/ReentrancyGuardTransient.sol";
+import {IConfidentialFungibleToken} from "./../interfaces/IConfidentialFungibleToken.sol";
+import {TFHESafeMath} from "./../utils/TFHESafeMath.sol";
+
+/**
+ * @dev A vesting wallet is an ownable contract that can receive ConfidentialFungibleTokens, and release these
+ * assets to the wallet owner, also referred to as "beneficiary", according to a vesting schedule.
+ *
+ * Any assets transferred to this contract will follow the vesting schedule as if they were locked from the beginning.
+ * Consequently, if the vesting has already started, any amount of tokens sent to this contract will (at least partly)
+ * be immediately releasable.
+ *
+ * By setting the duration to 0, one can configure this contract to behave like an asset timelock that holds tokens for
+ * a beneficiary until a specified time.
+ *
+ * NOTE: Since the wallet is `Ownable`, and ownership can be transferred, it is possible to sell unvested tokens.
+ *
+ * NOTE: When using this contract with any token whose balance is adjusted automatically (i.e. a rebase token), make
+ * sure to account the supply/balance adjustment in the vesting schedule to ensure the vested amount is as intended.
+ *
+ * WARNING: The aggregate value of a single token sent to the vesting wallet must not exceed `type(uint64).max`. Sending
+ * in excess of this value will result in unexpected behavior and may result in loss of funds.
+ */
+abstract contract VestingWalletConfidential is OwnableUpgradeable, ReentrancyGuardTransient {
+    /// @custom:storage-location erc7201:openzeppelin.storage.VestingWalletConfidential
+    struct VestingWalletStorage {
+        mapping(address token => euint64) _tokenReleased;
+        uint64 _start;
+        uint64 _duration;
+    }
+
+    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.VestingWalletConfidential")) - 1)) & ~bytes32(uint256(0xff))
+    // solhint-disable-next-line const-name-snakecase
+    bytes32 private constant VestingWalletStorageLocation =
+        0x78ce9ee9eb65fa0cf5bf10e861c3a95cb7c3c713c96ab1e5323a21e846796800;
+
+    function _getVestingWalletStorage() private pure returns (VestingWalletStorage storage $) {
+        assembly {
+            $.slot := VestingWalletStorageLocation
+        }
+    }
+
+    event VestingWalletConfidentialTokenReleased(address indexed token, euint64 amount);
+
+    error VestingWalletConfidentialInvalidDuration();
+
+    /**
+     * @dev Initializes the vesting wallet for a given `beneficiary` with a start time of `startTimestamp`
+     * and an end time of `startTimestamp + durationSeconds`.
+     */
+    // solhint-disable-next-line func-name-mixedcase
+    function __VestingWalletConfidential_init(
+        address beneficiary,
+        uint48 startTimestamp,
+        uint48 durationSeconds
+    ) internal onlyInitializing {
+        __Ownable_init(beneficiary);
+        VestingWalletStorage storage $ = _getVestingWalletStorage();
+        $._start = startTimestamp;
+        $._duration = durationSeconds;
+    }
+
+    /// @dev Timestamp at which the vesting starts.
+    function start() public view virtual returns (uint64) {
+        return _getVestingWalletStorage()._start;
+    }
+
+    /// @dev Duration of the vesting in seconds.
+    function duration() public view virtual returns (uint64) {
+        return _getVestingWalletStorage()._duration;
+    }
+
+    /// @dev Timestamp at which the vesting ends.
+    function end() public view virtual returns (uint64) {
+        return start() + duration();
+    }
+
+    /// @dev Amount of token already released
+    function released(address token) public view virtual returns (euint64) {
+        return _getVestingWalletStorage()._tokenReleased[token];
+    }
+
+    /**
+     * @dev Getter for the amount of releasable `token` tokens. `token` should be the address of an
+     * {IConfidentialFungibleToken} contract.
+     */
+    function releasable(address token) public virtual returns (euint64) {
+        return FHE.sub(vestedAmount(token, uint64(block.timestamp)), released(token));
+    }
+
+    /**
+     * @dev Release the tokens that have already vested.
+     *
+     * Emits a {VestingWalletConfidentialTokenReleased} event.
+     */
+    function release(address token) public virtual nonReentrant {
+        euint64 amount = releasable(token);
+        FHE.allowTransient(amount, token);
+        euint64 amountSent = IConfidentialFungibleToken(token).confidentialTransfer(owner(), amount);
+
+        euint64 newReleasedAmount = FHE.add(released(token), amountSent);
+        FHE.allow(newReleasedAmount, owner());
+        FHE.allowThis(newReleasedAmount);
+        _getVestingWalletStorage()._tokenReleased[token] = newReleasedAmount;
+        emit VestingWalletConfidentialTokenReleased(token, amountSent);
+    }
+
+    /// @dev Calculates the amount of tokens that has already vested. Default implementation is a linear vesting curve.
+    function vestedAmount(address token, uint64 timestamp) public virtual returns (euint64) {
+        return
+            _vestingSchedule(
+                // Will overflow if the aggregate value of a single token sent to the vesting wallet exceeds `type(uint64).max`.
+                FHE.add(IConfidentialFungibleToken(token).confidentialBalanceOf(address(this)), released(token)),
+                timestamp
+            );
+    }
+
+    /// @dev This returns the amount vested, as a function of time, for an asset given its total historical allocation.
+    function _vestingSchedule(euint64 totalAllocation, uint64 timestamp) internal virtual returns (euint64) {
+        if (timestamp < start()) {
+            return euint64.wrap(0);
+        } else if (timestamp >= end()) {
+            return totalAllocation;
+        } else {
+            return FHE.div(FHE.mul(totalAllocation, (timestamp - start())), duration());
+        }
+    }
+}
diff --git a/contracts/finance/VestingWalletExecutorConfidential.sol b/contracts/finance/VestingWalletExecutorConfidential.sol
@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import {Address} from "@openzeppelin/contracts/utils/Address.sol";
+import {VestingWalletConfidential} from "./VestingWalletConfidential.sol";
+
+/**
+ * @dev Extension of {VestingWalletConfidential} that adds an {executor} role able to perform arbitrary
+ * calls on behalf of the vesting wallet (e.g. to vote, stake, or perform other management operations).
+ */
+abstract contract VestingWalletExecutorConfidential is VestingWalletConfidential {
+    /// @custom:storage-location erc7201:openzeppelin.storage.VestingWalletExecutorConfidential
+    struct VestingWalletExecutorStorage {
+        address _executor;
+    }
+
+    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.VestingWalletExecutorConfidential")) - 1)) & ~bytes32(uint256(0xff))
+    // solhint-disable-next-line const-name-snakecase
+    bytes32 private constant VestingWalletExecutorStorageLocation =
+        0x165c39f99e134d4ac22afe0db4de9fbb73791548e71f117f46b120e313690700;
+
+    function _getVestingWalletExecutorStorage() private pure returns (VestingWalletExecutorStorage storage $) {
+        assembly {
+            $.slot := VestingWalletExecutorStorageLocation
+        }
+    }
+
+    event VestingWalletExecutorConfidentialCallExecuted(address indexed target, uint256 value, bytes data);
+
+    /// @dev Thrown when a non-executor attempts to call {call}.
+    error VestingWalletExecutorConfidentialOnlyExecutor();
+
+    // solhint-disable-next-line func-name-mixedcase
+    function __VestingWalletExecutorConfidential_init(address executor_) internal onlyInitializing {
+        _getVestingWalletExecutorStorage()._executor = executor_;
+    }
+
+    /// @dev Trusted address that is able to execute arbitrary calls from the vesting wallet via {call}.
+    function executor() public view virtual returns (address) {
+        return _getVestingWalletExecutorStorage()._executor;
+    }
+
+    /**
+     * @dev Execute an arbitrary call from the vesting wallet. Only callable by the {executor}.
+     *
+     * Emits a {VestingWalletExecutorConfidentialCallExecuted} event.
+     */
+    function call(address target, uint256 value, bytes memory data) public virtual {
+        require(msg.sender == executor(), VestingWalletExecutorConfidentialOnlyExecutor());
+        _call(target, value, data);
+    }
+
+    /// @dev Internal function for executing an arbitrary call from the vesting wallet.
+    function _call(address target, uint256 value, bytes memory data) internal virtual {
+        (bool success, bytes memory res) = target.call{value: value}(data);
+        Address.verifyCallResult(success, res);
+
+        emit VestingWalletExecutorConfidentialCallExecuted(target, value, data);
+    }
+}
diff --git a/contracts/mocks/finance/VestingWalletCliffConfidentialMock.sol b/contracts/mocks/finance/VestingWalletCliffConfidentialMock.sol
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import {SepoliaConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+import {VestingWalletCliffConfidential} from "../../finance/VestingWalletCliffConfidential.sol";
+
+abstract contract VestingWalletCliffConfidentialMock is VestingWalletCliffConfidential, SepoliaConfig {}
diff --git a/contracts/mocks/finance/VestingWalletConfidentialMock.sol b/contracts/mocks/finance/VestingWalletConfidentialMock.sol
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import {SepoliaConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+import {VestingWalletConfidential} from "../../finance/VestingWalletConfidential.sol";
+
+abstract contract VestingWalletConfidentialMock is VestingWalletConfidential, SepoliaConfig {}
diff --git a/contracts/mocks/finance/VestingWalletExecutorConfidentialMock.sol b/contracts/mocks/finance/VestingWalletExecutorConfidentialMock.sol
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import {SepoliaConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+import {VestingWalletExecutorConfidential} from "../../finance/VestingWalletExecutorConfidential.sol";
+
+abstract contract VestingWalletExecutorConfidentialMock is VestingWalletExecutorConfidential, SepoliaConfig {}
diff --git a/contracts/mocks/import.sol b/contracts/mocks/import.sol
@@ -0,0 +1,4 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import {Clones} from "@openzeppelin/contracts/proxy/Clones.sol";
diff --git a/contracts/mocks/token/ConfidentialFungibleTokenERC20WrapperMock.sol b/contracts/mocks/token/ConfidentialFungibleTokenERC20WrapperMock.sol
@@ -3,7 +3,7 @@ pragma solidity ^0.8.24;
 
 import {SepoliaConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 import {IERC20} from "@openzeppelin/contracts/interfaces/IERC20.sol";
-import {ConfidentialFungibleTokenERC20Wrapper, ConfidentialFungibleToken} from "./../token/extensions/ConfidentialFungibleTokenERC20Wrapper.sol";
+import {ConfidentialFungibleTokenERC20Wrapper, ConfidentialFungibleToken} from "../../token/extensions/ConfidentialFungibleTokenERC20Wrapper.sol";
 
 contract ConfidentialFungibleTokenERC20WrapperMock is ConfidentialFungibleTokenERC20Wrapper, SepoliaConfig {
     constructor(
diff --git a/contracts/mocks/token/ConfidentialFungibleTokenMock.sol b/contracts/mocks/token/ConfidentialFungibleTokenMock.sol
@@ -4,7 +4,7 @@ pragma solidity ^0.8.24;
 
 import {SepoliaConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 import {FHE, euint64, externalEuint64} from "@fhevm/solidity/lib/FHE.sol";
-import {ConfidentialFungibleToken} from "./../token/ConfidentialFungibleToken.sol";
+import {ConfidentialFungibleToken} from "../../token/ConfidentialFungibleToken.sol";
 // solhint-disable func-name-mixedcase
 contract ConfidentialFungibleTokenMock is ConfidentialFungibleToken, SepoliaConfig {
     address private immutable _OWNER;
diff --git a/contracts/mocks/token/ConfidentialFungibleTokenReceiverMock.sol b/contracts/mocks/token/ConfidentialFungibleTokenReceiverMock.sol
@@ -3,7 +3,7 @@ pragma solidity ^0.8.24;
 
 import {SepoliaConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 import {FHE, ebool, euint64} from "@fhevm/solidity/lib/FHE.sol";
-import {IConfidentialFungibleTokenReceiver} from "./../interfaces/IConfidentialFungibleTokenReceiver.sol";
+import {IConfidentialFungibleTokenReceiver} from "../../interfaces/IConfidentialFungibleTokenReceiver.sol";
 
 contract ConfidentialFungibleTokenReceiverMock is IConfidentialFungibleTokenReceiver, SepoliaConfig {
     event ConfidentialTransferCallback(bool success);
diff --git a/contracts/mocks/token/ConfidentialFungibleTokenVotesMock.sol b/contracts/mocks/token/ConfidentialFungibleTokenVotesMock.sol
@@ -3,7 +3,7 @@ pragma solidity ^0.8.24;
 
 import {FHE, externalEuint64, euint64} from "@fhevm/solidity/lib/FHE.sol";
 import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
-import {ConfidentialFungibleTokenVotes, ConfidentialFungibleToken, VotesConfidential} from "../token/extensions/ConfidentialFungibleTokenVotes.sol";
+import {ConfidentialFungibleTokenVotes, ConfidentialFungibleToken, VotesConfidential} from "../../token/extensions/ConfidentialFungibleTokenVotes.sol";
 import {ConfidentialFungibleTokenMock} from "./ConfidentialFungibleTokenMock.sol";
 
 abstract contract ConfidentialFungibleTokenVotesMock is ConfidentialFungibleTokenMock, ConfidentialFungibleTokenVotes {
diff --git a/contracts/mocks/token/ERC20Mock.sol b/contracts/mocks/token/ERC20Mock.sol
diff --git a/contracts/package.json b/contracts/package.json
@@ -33,6 +33,7 @@
   "homepage": "https://openzeppelin.com/contracts/",
   "peerDependencies": {
     "@fhevm/solidity": "0.7.0",
-    "@openzeppelin/contracts": "5.3.0"
+    "@openzeppelin/contracts": "^5.3.0",
+    "@openzeppelin/contracts-upgradeable": "^5.3.0"
   }
 }
diff --git a/hardhat.config.ts b/hardhat.config.ts
@@ -35,6 +35,10 @@ const config: HardhatUserConfig = {
     target: 'ethers-v6',
   },
   docgen: require('./docs/config'),
+  exposed: {
+    imports: true,
+    initializers: true,
+  },
 };
 
 export default config;
diff --git a/lib/openzeppelin-contracts-upgradeable b/lib/openzeppelin-contracts-upgradeable
@@ -0,0 +1 @@
+Subproject commit 60b305a8f3ff0c7688f02ac470417b6bbf1c4d27
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
diff --git a/test/finance/VestingWalletCliffConfidential.test.ts b/test/finance/VestingWalletCliffConfidential.test.ts
diff --git a/test/finance/VestingWalletConfidential.behavior.ts b/test/finance/VestingWalletConfidential.behavior.ts
diff --git a/test/finance/VestingWalletConfidential.test.ts b/test/finance/VestingWalletConfidential.test.ts
diff --git a/test/finance/VestingWalletExecutorConfidential.test.ts b/test/finance/VestingWalletExecutorConfidential.test.ts
diff --git a/test/token/extensions/ConfidentialFungibleWrapper.test.ts b/test/token/extensions/ConfidentialFungibleWrapper.test.ts
