M-03: grant allowances to agent in ERC7984Rwa

[arr00]

Summary by CodeRabbit

• Refactor
  • Enhanced token operation workflows for mint, burn, and force transfer functions with additional authorization validation steps. Internal improvements maintain existing functionality with no changes to public interfaces.

[netlify]

✅ Deploy Preview for confidential-tokens ready!

Name	Link
🔨 Latest commit	0282c9c
🔍 Latest deploy log	https://app.netlify.com/projects/confidential-tokens/deploys/69149e92d3843c0008551fe7
😎 Deploy Preview	https://deploy-preview-242--confidential-tokens.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The ERC7984Rwa.sol contract now stores intermediate operation results in local variables before returning them, allowing FHE.allow() authorization calls to be invoked on mint, burn, and force transfer operations across all method variants without changing public signatures.

Changes

Cohort / File(s)	Summary
FHE Authorization Pattern contracts/token/ERC7984/extensions/ERC7984Rwa.sol	Modified mint, burn, and force transfer methods (including "with proof" variants) to capture operation results in local variables, invoke FHE.allow() on each result for authorization, then return the variable. Control flow unchanged; adds post-operation FHE authorization layer.

Sequence Diagram(s)

sequenceDiagram
    participant Caller
    participant ERC7984Rwa
    participant FHE

    Caller->>ERC7984Rwa: mint/burn/forceTransfer
    ERC7984Rwa->>ERC7984Rwa: _mint/_burn/_forceUpdate
    ERC7984Rwa->>ERC7984Rwa: Store result in local var
    Note over ERC7984Rwa: mintedAmount / burnedAmount / forceTransferAmount
    ERC7984Rwa->>FHE: allow(resultVar)
    FHE-->>ERC7984Rwa: Authorization recorded
    ERC7984Rwa-->>Caller: return resultVar

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Note: Highly repetitive pattern applied consistently across multiple method variants; single file modification with no signature changes; straightforward variable capture and FHE authorization logic makes this a straightforward review despite multiple affected methods.

Poem

🐰 A rabbit hops through FHE's gated garden,
Each mint, each burn, now seeks permission first,
Local vars dance, then authorization's granted—
No signatures changed, just trust deepened. 🔐

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'M-03: grant allowances to agent in ERC7984Rwa' directly and specifically describes the main change: granting allowances to an agent in the ERC7984Rwa contract by invoking FHE.allow() after mint, burn, and force transfer operations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

contracts/token/ERC7984/extensions/ERC7984Rwa.sol (1)

183-185: Allowance pattern correctly applied to force transfer variant.

The implementation properly grants allowances to the agent.

Note: The named return variable transferred (line 178) is declared but forceTransferAmount is used instead. While functionally correct, consider using the named return variable for consistency, or remove it from the signature.

Apply this diff for naming consistency:

-    ) public virtual onlyAgent returns (euint64 transferred) {
+    ) public virtual onlyAgent returns (euint64) {

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b2c6388 and b8b296c.

📒 Files selected for processing (1)

• contracts/token/ERC7984/extensions/ERC7984Rwa.sol (6 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: james-toussaint
Repo: OpenZeppelin/openzeppelin-confidential-contracts PR: 160
File: test/token/ERC7984/extensions/ERC7984Rwa.test.ts:474-479
Timestamp: 2025-09-22T09:21:34.470Z
Learning: In ERC7984Freezable force transfers, the frozen balance is reset to the new balance only when the transferred amount exceeds the available balance (balance - frozen). If the transferred amount is within the available balance, the frozen amount remains unchanged. This is implemented via FHE.select(FHE.gt(encryptedAmount, confidentialAvailable(account)), confidentialBalanceOf(account), frozen).

Learnt from: james-toussaint
Repo: OpenZeppelin/openzeppelin-confidential-contracts PR: 160
File: test/token/ERC7984/extensions/ERC7984Rwa.test.ts:474-479
Timestamp: 2025-09-22T09:21:34.470Z
Learning: For force transfers in ERC7984Freezable, the frozen balance should be reset to the new balance if the transfer amount exceeded the available balance. If the transfer amount was within the available balance, the frozen amount behavior needs clarification from the user.

📚 Learning: 2025-09-22T09:21:34.470Z

Learnt from: james-toussaint
Repo: OpenZeppelin/openzeppelin-confidential-contracts PR: 160
File: test/token/ERC7984/extensions/ERC7984Rwa.test.ts:474-479
Timestamp: 2025-09-22T09:21:34.470Z
Learning: In ERC7984Freezable force transfers, the frozen balance is reset to the new balance only when the transferred amount exceeds the available balance (balance - frozen). If the transferred amount is within the available balance, the frozen amount remains unchanged. This is implemented via FHE.select(FHE.gt(encryptedAmount, confidentialAvailable(account)), confidentialBalanceOf(account), frozen).

Applied to files:

• contracts/token/ERC7984/extensions/ERC7984Rwa.sol

📚 Learning: 2025-09-22T09:21:34.470Z

Learnt from: james-toussaint
Repo: OpenZeppelin/openzeppelin-confidential-contracts PR: 160
File: test/token/ERC7984/extensions/ERC7984Rwa.test.ts:474-479
Timestamp: 2025-09-22T09:21:34.470Z
Learning: For force transfers in ERC7984Freezable, the frozen balance should be reset to the new balance if the transfer amount exceeded the available balance. If the transfer amount was within the available balance, the frozen amount behavior needs clarification from the user.

Applied to files:

• contracts/token/ERC7984/extensions/ERC7984Rwa.sol

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: boostsecurity - boostsecurityio/semgrep-pro
• GitHub Check: slither
• GitHub Check: tests
• GitHub Check: coverage

🔇 Additional comments (5)

contracts/token/ERC7984/extensions/ERC7984Rwa.sol (5)

123-125: LGTM: Allowance correctly granted to agent for mint result.

The change properly stores the minted amount and grants the agent permission to access the encrypted result before returning. This allows the agent to monitor or verify the operation outcome.

---

134-136: Consistent implementation across mint variants.

The allowance pattern is correctly applied to the overloaded variant, maintaining consistency with the "with proof" version.

---

145-147: Burn operation properly grants allowances.

The implementation correctly follows the established pattern for burn operations with proof.

---

156-158: Consistent allowance handling in burn variant.

The pattern is correctly applied to the overloaded burn function.

---

168-170: Force transfer correctly grants allowances.

The allowance pattern is properly applied to force transfer operations, enabling agents to monitor enforcement actions.