Skip to content

Add mutating votes getters that give ACL allowance #130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
arr00 wants to merge 2 commits into from
Closed

Add mutating votes getters that give ACL allowance #130

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dff641e
Add mutating votes getters that give ACL allowance
arr00 Jul 31, 2025
8bb34b8
fix lint
arr00 Jul 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 47 additions & 2 deletions contracts/governance/utils/VotesConfidential.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,14 @@ abstract contract VotesConfidential is Nonces, EIP712, IERC6372 {
return _delegateCheckpoints[account].latest();
}

function getVotesWithAllowance(address account, bool persistent) public virtual returns (euint64) {
_validateVotesAccess(account);

euint64 votes = getVotes(account);
_setACLAllowance(votes, msg.sender, persistent);
return votes;
}

/**
* @dev Returns the amount of votes that `account` had at a specific moment in the past. If the {clock} is
* configured to use block numbers, this will return the value at the end of the corresponding block.
Expand All @@ -75,6 +83,18 @@ abstract contract VotesConfidential is Nonces, EIP712, IERC6372 {
return _delegateCheckpoints[account].upperLookupRecent(_validateTimepoint(timepoint));
}

function getPastVotesWithAllowance(
address account,
uint256 timepoint,
bool persistent
) public virtual returns (euint64) {
_validateVotesAccess(account);

euint64 pastVotes = getPastVotes(account, timepoint);
_setACLAllowance(pastVotes, msg.sender, persistent);
return pastVotes;
}

/**
* @dev Returns the total supply of votes available at a specific moment in the past. If the {clock} is
* configured to use block numbers, this will return the value at the end of the corresponding block.
Expand All @@ -91,6 +111,14 @@ abstract contract VotesConfidential is Nonces, EIP712, IERC6372 {
return _totalCheckpoints.upperLookupRecent(_validateTimepoint(timepoint));
}

function getPastTotalSupplyWithAllowance(uint256 timepoint, bool persistent) public virtual returns (euint64) {
_validateVotesAccess(address(0));
Copy link
Contributor

@james-toussaint james-toussaint Jul 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we allowing anyone to view total supply?

Copy link
Contributor Author

@arr00 arr00 Aug 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

openzeppelin-confidential-contracts/contracts/governance/utils/VotesConfidential.sol

Lines 235 to 240 in 8bb34b8

/**
* @dev Must revert if `msg.sender` is not allowed to get ACL access to the votes of the given account `account`.
*
* NOTE: A validation to access the votes of the 0 address indicates total supply.
*/
function _validateVotesAccess(address account) internal view virtual;

Copy link
Contributor

@james-toussaint james-toussaint Aug 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here is my suggestion #123 (comment).


euint64 pastTotalSupply = getPastTotalSupply(timepoint);
_setACLAllowance(pastTotalSupply, msg.sender, persistent);
return pastTotalSupply;
}

/**
* @dev Returns the current total supply of votes as an encrypted uint64 (euint64). Must be implemented
* by the derived contract.
Expand Down Expand Up @@ -167,15 +195,13 @@ abstract contract VotesConfidential is Nonces, EIP712, IERC6372 {
store = _delegateCheckpoints[from];
euint64 newValue = store.latest().sub(amount);
newValue.allowThis();
newValue.allow(from);
euint64 oldValue = _push(store, newValue);
emit DelegateVotesChanged(from, oldValue, newValue);
}
if (to != address(0)) {
store = _delegateCheckpoints[to];
euint64 newValue = store.latest().add(amount);
newValue.allowThis();
newValue.allow(to);
euint64 oldValue = _push(store, newValue);
emit DelegateVotesChanged(to, oldValue, newValue);
}
Expand All @@ -189,11 +215,30 @@ abstract contract VotesConfidential is Nonces, EIP712, IERC6372 {
return SafeCast.toUint48(timepoint);
}

/**
* @dev Set the ACL allowance for the given value, account, and persistent flag. If the flag is true,
* the allowance will be persistent, otherwise it will be transient.
*/
function _setACLAllowance(euint64 value, address account, bool persistent) internal virtual {
if (persistent) {
FHE.allow(value, account);
} else {
FHE.allowTransient(value, account);
}
}

/**
* @dev Must return the voting units held by an account.
*/
function _getVotingUnits(address) internal view virtual returns (euint64);

/**
* @dev Must revert if `msg.sender` is not allowed to get ACL access to the votes of the given account `account`.
*
* NOTE: A validation to access the votes of the 0 address indicates total supply.
*/
function _validateVotesAccess(address account) internal view virtual;

function _push(CheckpointsConfidential.TraceEuint64 storage store, euint64 value) private returns (euint64) {
(euint64 oldValue, ) = store.push(clock(), value);
return oldValue;
Expand Down
Loading