feat: updated conf token implementation and updated the deployment scripts

Author: SamAg19

contracts/ConfidentialUSDC.sol

@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity 0.8.28;
+
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+import {ERC7984} from "./vendor/token/ERC7984/ERC7984.sol";
+import {ERC7984ERC20Wrapper} from "./vendor/token/ERC7984/extensions/ERC7984ERC20Wrapper.sol";
+
+/// @title ConfidentialUSDC
+/// @notice A confidential wrapper for USDC using the ERC7984 standard backed by
+///         the OpenZeppelin ERC7984ERC20Wrapper implementation.
+///
+///         Wrapping:  wrap(address to, uint256 amount) — pull USDC, mint cUSDC to `to`
+///         Unwrapping (two-step, trustless via Zama FHE coprocessor):
+///           1. unwrap(from, to, encAmount, inputProof) — burn cUSDC, mark handle for decryption
+///           2. finalizeUnwrap(handle, clearAmount, decryptionProof) — verify KMS proof, release USDC
+///
+/// @dev On Sepolia: after unwrap() is mined, query https://relayer.testnet.zama.org to obtain
+///      clearAmount + decryptionProof, then call finalizeUnwrap(). Anyone may call finalizeUnwrap.
+///      On Hardhat: use hre.fhevm.publicDecrypt([handle]) to simulate the relayer in tests.
+///
+///      Since USDC has 6 decimals and _maxDecimals() returns 6, the rate is 1:1 with no scaling.
+contract ConfidentialUSDC is ZamaEthereumConfig, ERC7984ERC20Wrapper {
+    constructor(address usdc)
+        ERC7984("Confidential USDC", "cUSDC", "")
+        ERC7984ERC20Wrapper(IERC20(usdc))
+    {}
+}

contracts/test/MockConfidentialERC20.sol

@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.3.1)
+
+pragma solidity ^0.8.24;
+
+import {externalEuint64, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {IERC7984} from "./IERC7984.sol";
+
+/// @dev Interface for ERC7984ERC20Wrapper contract.
+interface IERC7984ERC20Wrapper is IERC7984 {
+    /**
+     * @dev Wraps `amount` of the underlying token into a confidential token and sends it to `to`.
+     *
+     * Returns amount of wrapped token sent.
+     */
+    function wrap(address to, uint256 amount) external returns (euint64);
+
+    /**
+     * @dev Unwraps tokens from `from` and sends the underlying tokens to `to`. The caller must be `from`
+     * or be an approved operator for `from`.
+     *
+     * Returns amount unwrapped.
+     *
+     * NOTE: The caller *must* already be approved by ACL for the given `amount`.
+     */
+    function unwrap(
+        address from,
+        address to,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) external returns (euint64);
+
+    /// @dev Returns the address of the underlying ERC-20 token that is being wrapped.
+    function underlying() external view returns (address);
+}

contracts/vendor/interfaces/IERC7984ERC20Wrapper.sol

@@ -0,0 +1,236 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.3.1) (token/ERC7984/extensions/ERC7984ERC20Wrapper.sol)
+
+pragma solidity ^0.8.27;
+
+import {FHE, externalEuint64, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {IERC1363Receiver} from "@openzeppelin/contracts/interfaces/IERC1363Receiver.sol";
+import {IERC20} from "@openzeppelin/contracts/interfaces/IERC20.sol";
+import {IERC20Metadata} from "@openzeppelin/contracts/interfaces/IERC20Metadata.sol";
+import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
+import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";
+import {IERC7984} from "./../../../interfaces/IERC7984.sol";
+import {IERC7984ERC20Wrapper} from "./../../../interfaces/IERC7984ERC20Wrapper.sol";
+import {ERC7984} from "./../ERC7984.sol";
+
+/**
+ * @dev A wrapper contract built on top of {ERC7984} that allows wrapping an `ERC20` token
+ * into an `ERC7984` token. The wrapper contract implements the `IERC1363Receiver` interface
+ * which allows users to transfer `ERC1363` tokens directly to the wrapper with a callback to wrap the tokens.
+ *
+ * WARNING: Minting assumes the full amount of the underlying token transfer has been received, hence some non-standard
+ * tokens such as fee-on-transfer or other deflationary-type tokens are not supported by this wrapper.
+ */
+abstract contract ERC7984ERC20Wrapper is ERC7984, IERC7984ERC20Wrapper, IERC1363Receiver {
+    IERC20 private immutable _underlying;
+    uint8 private immutable _decimals;
+    uint256 private immutable _rate;
+
+    mapping(euint64 unwrapAmount => address recipient) private _unwrapRequests;
+
+    event UnwrapRequested(address indexed receiver, euint64 amount);
+    event UnwrapFinalized(address indexed receiver, euint64 encryptedAmount, uint64 cleartextAmount);
+
+    error InvalidUnwrapRequest(euint64 amount);
+    error ERC7984TotalSupplyOverflow();
+
+    constructor(IERC20 underlying_) {
+        _underlying = underlying_;
+
+        uint8 tokenDecimals = _tryGetAssetDecimals(underlying_);
+        uint8 maxDecimals = _maxDecimals();
+        if (tokenDecimals > maxDecimals) {
+            _decimals = maxDecimals;
+            _rate = 10 ** (tokenDecimals - maxDecimals);
+        } else {
+            _decimals = tokenDecimals;
+            _rate = 1;
+        }
+    }
+
+    /**
+     * @dev `ERC1363` callback function which wraps tokens to the address specified in `data` or
+     * the address `from` (if no address is specified in `data`). This function refunds any excess tokens
+     * sent beyond the nearest multiple of {rate} to `from`. See {wrap} for more details on wrapping tokens.
+     */
+    function onTransferReceived(
+        address /*operator*/,
+        address from,
+        uint256 amount,
+        bytes calldata data
+    ) public virtual returns (bytes4) {
+        // check caller is the token contract
+        require(underlying() == msg.sender, ERC7984UnauthorizedCaller(msg.sender));
+
+        // mint confidential token
+        address to = data.length < 20 ? from : address(bytes20(data));
+        _mint(to, FHE.asEuint64(SafeCast.toUint64(amount / rate())));
+
+        // transfer excess back to the sender
+        uint256 excess = amount % rate();
+        if (excess > 0) SafeERC20.safeTransfer(IERC20(underlying()), from, excess);
+
+        // return magic value
+        return IERC1363Receiver.onTransferReceived.selector;
+    }
+
+    /**
+     * @dev See {IERC7984ERC20Wrapper-wrap}. Tokens are exchanged at a fixed rate specified by {rate} such that
+     * `amount / rate()` confidential tokens are sent. The amount transferred in is rounded down to the nearest
+     * multiple of {rate}.
+     *
+     * Returns the amount of wrapped token sent.
+     */
+    function wrap(address to, uint256 amount) public virtual override returns (euint64) {
+        // take ownership of the tokens
+        SafeERC20.safeTransferFrom(IERC20(underlying()), msg.sender, address(this), amount - (amount % rate()));
+
+        // mint confidential token
+        euint64 wrappedAmountSent = _mint(to, FHE.asEuint64(SafeCast.toUint64(amount / rate())));
+        FHE.allowTransient(wrappedAmountSent, msg.sender);
+
+        return wrappedAmountSent;
+    }
+
+    /// @dev Unwrap without passing an input proof. See {unwrap-address-address-bytes32-bytes} for more details.
+    function unwrap(address from, address to, euint64 amount) public virtual returns (euint64) {
+        require(FHE.isAllowed(amount, msg.sender), ERC7984UnauthorizedUseOfEncryptedAmount(amount, msg.sender));
+        return _unwrap(from, to, amount);
+    }
+
+    /**
+     * @dev See {IERC7984ERC20Wrapper-unwrap}. `amount * rate()` underlying tokens are sent to `to`.
+     *
+     * NOTE: The unwrap request created by this function must be finalized by calling {finalizeUnwrap}.
+     */
+    function unwrap(
+        address from,
+        address to,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) public virtual returns (euint64) {
+        return _unwrap(from, to, FHE.fromExternal(encryptedAmount, inputProof));
+    }
+
+    /// @dev Fills an unwrap request for a given cipher-text `unwrapAmount` with the `cleartextAmount` and `decryptionProof`.
+    function finalizeUnwrap(
+        euint64 unwrapAmount,
+        uint64 unwrapAmountCleartext,
+        bytes calldata decryptionProof
+    ) public virtual {
+        address to = unwrapRequester(unwrapAmount);
+        require(to != address(0), InvalidUnwrapRequest(unwrapAmount));
+        delete _unwrapRequests[unwrapAmount];
+
+        bytes32[] memory handles = new bytes32[](1);
+        handles[0] = euint64.unwrap(unwrapAmount);
+
+        bytes memory cleartexts = abi.encode(unwrapAmountCleartext);
+
+        FHE.checkSignatures(handles, cleartexts, decryptionProof);
+
+        SafeERC20.safeTransfer(IERC20(underlying()), to, unwrapAmountCleartext * rate());
+
+        emit UnwrapFinalized(to, unwrapAmount, unwrapAmountCleartext);
+    }
+
+    /// @inheritdoc ERC7984
+    function decimals() public view virtual override(IERC7984, ERC7984) returns (uint8) {
+        return _decimals;
+    }
+
+    /**
+     * @dev Returns the rate at which the underlying token is converted to the wrapped token.
+     * For example, if the `rate` is 1000, then 1000 units of the underlying token equal 1 unit of the wrapped token.
+     */
+    function rate() public view virtual returns (uint256) {
+        return _rate;
+    }
+
+    /// @inheritdoc IERC7984ERC20Wrapper
+    function underlying() public view virtual override returns (address) {
+        return address(_underlying);
+    }
+
+    /// @inheritdoc IERC165
+    function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC7984) returns (bool) {
+        return
+            interfaceId == type(IERC7984ERC20Wrapper).interfaceId ||
+            interfaceId == type(IERC1363Receiver).interfaceId ||
+            super.supportsInterface(interfaceId);
+    }
+
+    /**
+     * @dev Returns the underlying balance divided by the {rate}, a value greater or equal to the actual
+     * {confidentialTotalSupply}.
+     */
+    function inferredTotalSupply() public view virtual returns (uint256) {
+        return IERC20(underlying()).balanceOf(address(this)) / rate();
+    }
+
+    /// @dev Returns the maximum total supply of wrapped tokens supported by the encrypted datatype.
+    function maxTotalSupply() public view virtual returns (uint256) {
+        return type(uint64).max;
+    }
+
+    /**
+     * @dev Get the address that has a pending unwrap request for the given `unwrapAmount`.
+     * Returns `address(0)` if no pending unwrap request exists for that handle.
+     */
+    function unwrapRequester(euint64 unwrapAmount) public view virtual returns (address) {
+        return _unwrapRequests[unwrapAmount];
+    }
+
+    function _checkConfidentialTotalSupply() internal virtual {
+        if (inferredTotalSupply() > maxTotalSupply()) {
+            revert ERC7984TotalSupplyOverflow();
+        }
+    }
+
+    /// @inheritdoc ERC7984
+    function _update(address from, address to, euint64 amount) internal virtual override returns (euint64) {
+        if (from == address(0)) {
+            _checkConfidentialTotalSupply();
+        }
+        return super._update(from, to, amount);
+    }
+
+    /// @dev Internal logic for handling the creation of unwrap requests.
+    function _unwrap(address from, address to, euint64 amount) internal virtual returns (euint64) {
+        require(to != address(0), ERC7984InvalidReceiver(to));
+        require(from == msg.sender || isOperator(from, msg.sender), ERC7984UnauthorizedSpender(from, msg.sender));
+
+        // try to burn, see how much we actually got
+        euint64 unwrapAmount = _burn(from, amount);
+        FHE.makePubliclyDecryptable(unwrapAmount);
+
+        assert(unwrapRequester(unwrapAmount) == address(0));
+
+        // WARNING: Storing unwrap requests in a mapping from cipher-text to address assumes that
+        // cipher-texts are unique--this holds here but is not always true. Be cautious when assuming
+        // cipher-text uniqueness.
+        _unwrapRequests[unwrapAmount] = to;
+
+        emit UnwrapRequested(to, unwrapAmount);
+        return unwrapAmount;
+    }
+
+    function _fallbackUnderlyingDecimals() internal pure virtual returns (uint8) {
+        return 18;
+    }
+
+    function _maxDecimals() internal pure virtual returns (uint8) {
+        return 6;
+    }
+
+    function _tryGetAssetDecimals(IERC20 asset_) private view returns (uint8 assetDecimals) {
+        (bool success, bytes memory encodedDecimals) = address(asset_).staticcall(
+            abi.encodeCall(IERC20Metadata.decimals, ())
+        );
+        if (success && encodedDecimals.length == 32) {
+            return abi.decode(encodedDecimals, (uint8));
+        }
+        return _fallbackUnderlyingDecimals();
+    }
+}

contracts/vendor/token/ERC7984/extensions/ERC7984ERC20Wrapper.sol

@@ -4,21 +4,52 @@ async function main() {
   const [deployer] = await ethers.getSigners();
   console.log("Deploying with account:", deployer.address);
 
-  // Deploy VaultFactory
+  // ── Deploy MockUSDC ────────────────────────────────────────────────
+  const usdc = await (await ethers.getContractFactory("MockERC20")).deploy("USD Coin", "USDC", 6);
+  await usdc.waitForDeployment();
+  const usdcAddr = await usdc.getAddress();
+  console.log("MockUSDC deployed to:", usdcAddr);
+
+  // ── Deploy ConfidentialUSDC ────────────────────────────────────────
+  // No gateway address needed — fulfillUnwrap is trustless via FHE.checkSignatures.
+  // Anyone can call fulfillUnwrap with a valid KMS decryption proof.
+  // On Sepolia: obtain proofs from https://relayer.testnet.zama.org
+  const confidentialUsdc = await (await ethers.getContractFactory("ConfidentialUSDC")).deploy(usdcAddr);
+  await confidentialUsdc.waitForDeployment();
+  const confidentialUsdcAddr = await confidentialUsdc.getAddress();
+  console.log("ConfidentialUSDC deployed to:", confidentialUsdcAddr);
+
+  // ── Deploy VaultFactory ────────────────────────────────────────────
   const factory = await (await ethers.getContractFactory("VaultFactory")).deploy();
   await factory.waitForDeployment();
   const factoryAddr = await factory.getAddress();
   console.log("VaultFactory deployed to:", factoryAddr);
 
-  // Register ERC20Vault type
-  const VAULT_TYPE = ethers.keccak256(ethers.toUtf8Bytes("ERC20Vault"));
-  const vaultCreationCode = (await ethers.getContractFactory("ERC20Vault")).bytecode;
-  const tx = await factory.registerVaultType(VAULT_TYPE, vaultCreationCode);
-  await tx.wait();
-  console.log("ERC20Vault type registered:", VAULT_TYPE);
+  // ── Register ERC20Vault type ───────────────────────────────────────
+  const ERC20_VAULT_TYPE = ethers.keccak256(ethers.toUtf8Bytes("ERC20Vault"));
+  const erc20VaultCode = (await ethers.getContractFactory("ERC20Vault")).bytecode;
+  const tx1 = await factory.registerVaultType(ERC20_VAULT_TYPE, erc20VaultCode);
+  await tx1.wait();
+  console.log("ERC20Vault type registered:", ERC20_VAULT_TYPE);
+
+  // ── Register ConfidentialVault type ───────────────────────────────
+  const CONF_VAULT_TYPE = ethers.keccak256(ethers.toUtf8Bytes("ConfidentialVault"));
+  const confVaultCode = (await ethers.getContractFactory("ConfidentialVault")).bytecode;
+  const tx2 = await factory.registerVaultType(CONF_VAULT_TYPE, confVaultCode);
+  await tx2.wait();
+  console.log("ConfidentialVault type registered:", CONF_VAULT_TYPE);
+
+  // ── Summary ────────────────────────────────────────────────────────
+  console.log("\nDeployment complete:");
+  console.log("  MockUSDC:          ", usdcAddr);
+  console.log("  ConfidentialUSDC:  ", confidentialUsdcAddr);
+  console.log("  VaultFactory:      ", factoryAddr);
+  console.log("  ERC20Vault type:   ", ERC20_VAULT_TYPE);
+  console.log("  ConfVault type:    ", CONF_VAULT_TYPE);
 }
 
 main().catch((error) => {
   console.error(error);
   process.exitCode = 1;
 });
+