OpenZeppelin · james-toussaint · Sep 29, 2025 · Aug 12, 2025 · Aug 12, 2025 · Aug 12, 2025
@@ -0,0 +1,5 @@
+---
+'openzeppelin-confidential-contracts': minor
+---
+
+`ERC7984Rwa`: An extension of `ERC7984`, that supports confidential Real World Assets (RWAs).
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import {externalEuint64, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {IERC165} from "@openzeppelin/contracts/interfaces/IERC165.sol";
+import {IERC7984} from "./IERC7984.sol";
+
+/// @dev Interface for confidential RWA contracts.
+interface IERC7984Rwa is IERC7984, IERC165 {
+    /// @dev Returns true if the contract is paused, false otherwise.
+    function paused() external view returns (bool);
+    /// @dev Returns whether an account is allowed to interact with the token.
+    function isUserAllowed(address account) external view returns (bool);
+    /// @dev Returns the confidential frozen balance of an account.
+    function confidentialFrozen(address account) external view returns (euint64);
+    /// @dev Returns the confidential available (unfrozen) balance of an account. Up to {IERC7984-confidentialBalanceOf}.
+    function confidentialAvailable(address account) external returns (euint64);
+    /// @dev Pauses contract.
+    function pause() external;
+    /// @dev Unpauses contract.
+    function unpause() external;
+    /// @dev Blocks a user account.
+    function blockUser(address account) external;
+    /// @dev Unblocks a user account.
+    function unblockUser(address account) external;
+    /// @dev Sets confidential amount of token for an account as frozen with proof.
+    function setConfidentialFrozen(
+        address account,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) external;
+    /// @dev Sets confidential amount of token for an account as frozen.
+    function setConfidentialFrozen(address account, euint64 encryptedAmount) external;
+    /// @dev Mints confidential amount of tokens to account with proof.
+    function confidentialMint(
+        address to,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) external returns (euint64);
+    /// @dev Mints confidential amount of tokens to account.
+    function confidentialMint(address to, euint64 encryptedAmount) external returns (euint64);
+    /// @dev Burns confidential amount of tokens from account with proof.
+    function confidentialBurn(
+        address account,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) external returns (euint64);
+    /// @dev Burns confidential amount of tokens from account.
+    function confidentialBurn(address account, euint64 encryptedAmount) external returns (euint64);
+    /// @dev Forces transfer of confidential amount of tokens from account to account with proof by skipping compliance checks.
+    function forceConfidentialTransferFrom(
+        address from,
+        address to,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) external returns (euint64);
+    /// @dev Forces transfer of confidential amount of tokens from account to account by skipping compliance checks.
+    function forceConfidentialTransferFrom(
+        address from,
+        address to,
+        euint64 encryptedAmount
+    ) external returns (euint64);
+}
@@ -4,25 +4,15 @@ pragma solidity ^0.8.27;
 
 import {SepoliaConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 import {FHE, euint64, externalEuint64} from "@fhevm/solidity/lib/FHE.sol";
-import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
 import {ERC7984} from "../../token/ERC7984/ERC7984.sol";
 import {ERC7984Freezable} from "../../token/ERC7984/extensions/ERC7984Freezable.sol";
 import {HandleAccessManager} from "../../utils/HandleAccessManager.sol";
 import {ERC7984Mock} from "./ERC7984Mock.sol";
 
-contract ERC7984FreezableMock is ERC7984Mock, ERC7984Freezable, AccessControl, HandleAccessManager {
-    bytes32 public constant FREEZER_ROLE = keccak256("FREEZER_ROLE");
-
+contract ERC7984FreezableMock is ERC7984Mock, ERC7984Freezable, HandleAccessManager {
     error UnallowedHandleAccess(bytes32 handle, address account);
 
-    constructor(
-        string memory name,
-        string memory symbol,
-        string memory tokenUri,
-        address freezer
-    ) ERC7984Mock(name, symbol, tokenUri) {
-        _grantRole(FREEZER_ROLE, freezer);
-    }
+    constructor(string memory name, string memory symbol, string memory tokenUri) ERC7984Mock(name, symbol, tokenUri) {}
 
     function _update(
         address from,
@@ -48,6 +38,4 @@ contract ERC7984FreezableMock is ERC7984Mock, ERC7984Freezable, AccessControl, H
     }
 
     function _validateHandleAllowance(bytes32 handle) internal view override {}
-
-    function _checkFreezer() internal override onlyRole(FREEZER_ROLE) {}
 }
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.24;
+
+import {FHE, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {ERC7984Rwa} from "./../../token/ERC7984/extensions/ERC7984Rwa.sol";
+import {HandleAccessManager} from "./../../utils/HandleAccessManager.sol";
+import {ERC7984Mock} from "./ERC7984Mock.sol";
+
+// solhint-disable func-name-mixedcase
+contract ERC7984RwaMock is ERC7984Rwa, ERC7984Mock, HandleAccessManager {
+    constructor(
+        string memory name,
+        string memory symbol,
+        string memory tokenUri,
+        address admin
+    ) ERC7984Rwa(admin) ERC7984Mock(name, symbol, tokenUri) {}
+
+    function _update(
+        address from,
+        address to,
+        euint64 amount
+    ) internal virtual override(ERC7984Mock, ERC7984Rwa) returns (euint64) {
+        return super._update(from, to, amount);
+    }
+
+    function _validateHandleAllowance(bytes32 handle) internal view override onlyAgent {}
+
+    // solhint-disable-next-line func-name-mixedcase
+    function $_setConfidentialFrozen(address account, uint64 amount) public virtual {
+        _setConfidentialFrozen(account, FHE.asEuint64(amount));
+    }
+}
@@ -41,19 +41,19 @@ abstract contract ERC7984Freezable is ERC7984 {
 
     /// @dev Internal function to freeze a confidential amount of tokens for an account.
     function _setConfidentialFrozen(address account, euint64 encryptedAmount) internal virtual {
-        _checkFreezer();
         FHE.allowThis(encryptedAmount);
         FHE.allow(encryptedAmount, account);
         _frozenBalances[account] = encryptedAmount;
         emit TokensFrozen(account, encryptedAmount);
     }
 
-    /// @dev Unimplemented function that must revert if `msg.sender` is not authorized as a freezer.
-    function _checkFreezer() internal virtual;
-
     /**
-     * @dev See {ERC7984-_update}. The `from` account must have sufficient unfrozen balance,
+     * @dev See {ERC7984-_update}.
+     *
+     * The `from` account must have sufficient unfrozen balance,
      * otherwise 0 tokens are transferred.
+     * The default freezing behavior can be changed (for a pass-through for instance) by overriding
+     * {confidentialAvailable}.
      */
     function _update(address from, address to, euint64 encryptedAmount) internal virtual override returns (euint64) {
         if (from != address(0)) {

@@ -57,10 +57,13 @@ abstract contract ERC7984Restricted is ERC7984 {
      *
      * * `from` must be allowed to transfer tokens (see {isUserAllowed}).
      * * `to` must be allowed to receive tokens (see {isUserAllowed}).
+     *
+     * The default restriction behaviour can be changed (for a pass-through for instance) by overriding
+     * {_checkSenderRestriction} and/or {_checkRecipientRestriction}.
      */
     function _update(address from, address to, euint64 value) internal virtual override returns (euint64) {
-        if (from != address(0)) _checkRestriction(from); // Not minting
-        if (to != address(0)) _checkRestriction(to); // Not burning
+        _checkSenderRestriction(from);
+        _checkRecipientRestriction(to);
         return super._update(from, to, value);
     }
 
@@ -91,4 +94,24 @@ abstract contract ERC7984Restricted is ERC7984 {
     function _checkRestriction(address account) internal view virtual {
         require(isUserAllowed(account), UserRestricted(account));
     }
+
+    /**
+     * @dev Internal function which checks restriction of the `from` account before a transfer.
+     * Working with {_update} function.
+     */
+    function _checkSenderRestriction(address account) internal view virtual {
+        if (account != address(0)) {
+            _checkRestriction(account); // Not minting
+        }
+    }
+
+    /**
+     * @dev Internal function which checks restriction of the `to` account before a transfer.
+     * Working with {_update} function.
+     */
+    function _checkRecipientRestriction(address account) internal view virtual {
+        if (account != address(0)) {
+            _checkRestriction(account); // Not burning
+        }
+    }
 }