HomeForumWebsite
GitHub Icon
API Reference

Token

Smart contract token utilities and implementations

AnthropicOpen in Claude

This set of interfaces, contracts, and utilities are all related to ERC7984, an evolving confidential token standard. The standard utilizes the Zama fhEVM co-processor for manipulating FHE values. All amounts are stored on-chain as ciphertext handles (or pointers) to values stored on the co-processor.

Core

ERC7984

Extensions

ERC7984ERC20Wrapper ERC7984Freezable ERC7984ObserverAccess ERC7984Restricted

Utilities

ERC7984Utils

ERC7984

import "@openzeppelin/contracts/token/ERC7984/ERC7984.sol";

Reference implementation for IERC7984.

This contract implements a fungible token where balances and transfers are encrypted using the Zama fhEVM, providing confidentiality to users. Token amounts are stored as encrypted, unsigned integers (euint64) that can only be decrypted by authorized parties.

Key features:

  • All balances are encrypted
  • Transfers happen without revealing amounts
  • Support for operators (delegated transfer capabilities with time bounds)
  • Transfer and call pattern
  • Safe overflow/underflow handling for FHE operations

Functions

IERC7984

Events

IERC7984

Errors

IERC7984

constructor(string name_, string symbol_, string tokenURI_)

internal

#

name() → string

public

#

Returns the name of the token.

symbol() → string

public

#

Returns the symbol of the token.

decimals() → uint8

public

#

Returns the number of decimals of the token. Recommended to be 6.

tokenURI() → string

public

#

Returns the token URI.

confidentialTotalSupply() → euint64

public

#

Returns the confidential total supply of the token.

confidentialBalanceOf(address account) → euint64

public

#

Returns the confidential balance of the account account.

isOperator(address holder, address spender) → bool

public

#

Returns true if spender is currently an operator for holder.

setOperator(address operator, uint48 until)

public

#

Sets operator as an operator for holder until the timestamp until.

NOTE: An operator may transfer any amount of tokens on behalf of a holder while approved.

confidentialTransfer(address to, externalEuint64 encryptedAmount, bytes inputProof) → euint64

public

#

Transfers the encrypted amount encryptedAmount to to with the given input proof inputProof.

Returns the encrypted amount that was actually transferred.

confidentialTransfer(address to, euint64 amount) → euint64

public

#

Similar to interfaces#IERC7984-confidentialTransfer-address-externalEuint64-bytes- but without an input proof. The caller must already be allowed by ACL for the given amount.

confidentialTransferFrom(address from, address to, externalEuint64 encryptedAmount, bytes inputProof) → euint64 transferred

public

#

Transfers the encrypted amount encryptedAmount from from to to with the given input proof inputProof. msg.sender must be either from or an operator for from.

Returns the encrypted amount that was actually transferred.

confidentialTransferFrom(address from, address to, euint64 amount) → euint64 transferred

public

#

Similar to interfaces#IERC7984-confidentialTransferFrom-address-address-externalEuint64-bytes- but without an input proof. The caller must be already allowed by ACL for the given amount.

confidentialTransferAndCall(address to, externalEuint64 encryptedAmount, bytes inputProof, bytes data) → euint64 transferred

public

#

Similar to interfaces#IERC7984-confidentialTransfer-address-externalEuint64-bytes- but with a callback to to after the transfer.

The callback is made to the IERC7984Receiver.onConfidentialTransferReceived function on the to address with the actual transferred amount (may differ from the given encryptedAmount) and the given data data.

confidentialTransferAndCall(address to, euint64 amount, bytes data) → euint64 transferred

public

#

Similar to interfaces#IERC7984-confidentialTransfer-address-euint64- but with a callback to to after the transfer.

confidentialTransferFromAndCall(address from, address to, externalEuint64 encryptedAmount, bytes inputProof, bytes data) → euint64 transferred

public

#

Similar to interfaces#IERC7984-confidentialTransferFrom-address-address-externalEuint64-bytes- but with a callback to to after the transfer.

confidentialTransferFromAndCall(address from, address to, euint64 amount, bytes data) → euint64 transferred

public

#

Similar to interfaces#IERC7984-confidentialTransferFrom-address-address-euint64- but with a callback to to after the transfer.

discloseEncryptedAmount(euint64 encryptedAmount)

public

#

Discloses an encrypted amount encryptedAmount publicly via an IERC7984.AmountDisclosed event. The caller and this contract must be authorized to use the encrypted amount on the ACL.

NOTE: This is an asynchronous operation where the actual decryption happens off-chain and ERC7984.finalizeDiscloseEncryptedAmount is called with the result.

finalizeDiscloseEncryptedAmount(uint256 requestId, uint64 amount, bytes[] signatures)

public

#

Finalizes a disclose encrypted amount request. For gas saving purposes, the requestId might not be related to a ERC7984.discloseEncryptedAmount request. As a result, the current ERC7984.finalizeDiscloseEncryptedAmount function might emit a disclosed amount related to another decryption request context. In this case it would only display public information since the handle would have already been allowed for public decryption through a previous FHE.requestDecryption call. The downside of this behavior is that a ERC7984.finalizeDiscloseEncryptedAmount watcher might observe unexpected AmountDisclosed events.

_setOperator(address holder, address operator, uint48 until)

internal

#

_mint(address to, euint64 amount) → euint64 transferred

internal

#

_burn(address from, euint64 amount) → euint64 transferred

internal

#

_transfer(address from, address to, euint64 amount) → euint64 transferred

internal

#

_transferAndCall(address from, address to, euint64 amount, bytes data) → euint64 transferred

internal

#

_update(address from, address to, euint64 amount) → euint64 transferred

internal

#

ERC7984InvalidReceiver(address receiver)

error

#

The given receiver receiver is invalid for transfers.

ERC7984InvalidSender(address sender)

error

#

The given sender sender is invalid for transfers.

ERC7984UnauthorizedSpender(address holder, address spender)

error

#

The given holder holder is not authorized to spend on behalf of spender.

ERC7984ZeroBalance(address holder)

error

#

The holder holder is trying to send tokens but has a balance of 0.

ERC7984UnauthorizedUseOfEncryptedAmount(euint64 amount, address user)

error

#

The caller user does not have access to the encrypted amount amount.

NOTE: Try using the equivalent transfer function with an input proof.

ERC7984UnauthorizedCaller(address caller)

error

#

The given caller caller is not authorized for the current operation.

ERC7984InvalidGatewayRequest(uint256 requestId)

error

#

The given gateway request ID requestId is invalid.

ERC7984ERC20Wrapper

import "@openzeppelin/contracts/token/ERC7984/extensions/ERC7984ERC20Wrapper.sol";

A wrapper contract built on top of ERC7984 that allows wrapping an ERC20 token into an ERC7984 token. The wrapper contract implements the IERC1363Receiver interface which allows users to transfer ERC1363 tokens directly to the wrapper with a callback to wrap the tokens.

Minting assumes the full amount of the underlying token transfer has been received, hence some non-standard

tokens such as fee-on-transfer or other deflationary-type tokens are not supported by this wrapper.

Functions

IERC1363Receiver

ERC7984

IERC7984

Events

IERC1363Receiver

ERC7984

IERC7984

Errors

IERC1363Receiver

ERC7984

IERC7984

constructor(contract IERC20 underlying_)

internal

#

decimals() → uint8

public

#

Returns the number of decimals of the token. Recommended to be 6.

rate() → uint256

public

#

Returns the rate at which the underlying token is converted to the wrapped token. For example, if the rate is 1000, then 1000 units of the underlying token equal 1 unit of the wrapped token.

underlying() → contract IERC20

public

#

Returns the address of the underlying ERC-20 token that is being wrapped.

onTransferReceived(address, address from, uint256 amount, bytes data) → bytes4

public

#

ERC1363 callback function which wraps tokens to the address specified in data or the address from (if no address is specified in data). This function refunds any excess tokens sent beyond the nearest multiple of ERC7984ERC20Wrapper.rate. See ERC7984ERC20Wrapper.wrap from more details on wrapping tokens.

wrap(address to, uint256 amount)

public

#

Wraps amount amount of the underlying token into a confidential token and sends it to to. Tokens are exchanged at a fixed rate specified by ERC7984ERC20Wrapper.rate such that amount / rate() confidential tokens are sent. Amount transferred in is rounded down to the nearest multiple of ERC7984ERC20Wrapper.rate.

unwrap(address from, address to, euint64 amount)

public

#

Unwraps tokens from from and sends the underlying tokens to to. The caller must be from or be an approved operator for from. amount * rate() underlying tokens are sent to to.

NOTE: This is an asynchronous function and waits for decryption to be completed off-chain before disbursing tokens. NOTE: The caller must already be approved by ACL for the given amount.

unwrap(address from, address to, externalEuint64 encryptedAmount, bytes inputProof)

public

#

Variant of ERC7984ERC20Wrapper.unwrap that passes an inputProof which approves the caller for the encryptedAmount in the ACL.

finalizeUnwrap(uint256 requestID, uint64 amount, bytes[] signatures)

public

#

Fills an unwrap request for a given request id related to a decrypted unwrap amount.

_unwrap(address from, address to, euint64 amount)

internal

#

_fallbackUnderlyingDecimals() → uint8

internal

#

Returns the default number of decimals of the underlying ERC-20 token that is being wrapped. Used as a default fallback when ERC7984ERC20Wrapper._tryGetAssetDecimals fails to fetch decimals of the underlying ERC-20 token.

_maxDecimals() → uint8

internal

#

Returns the maximum number that will be used for IERC7984.decimals by the wrapper.

ERC7984Freezable

import "@openzeppelin/contracts/token/ERC7984/extensions/ERC7984Freezable.sol";

Extension of ERC7984 that implements a confidential freezing mechanism that can be managed by an authorized account with ERC7984Freezable._setConfidentialFrozen functions.

The freezing mechanism provides the guarantee to the contract owner (e.g. a DAO or a well-configured multisig) that a specific confidential amount of tokens held by an account won't be transferable until those tokens are unfrozen.

Inspired by https://github.com/OpenZeppelin/openzeppelin-community-contracts/blob/master/contracts/token/ERC20/extensions/ERC20Freezable.sol

Functions

ERC7984

IERC7984

Events

ERC7984

IERC7984

Errors

ERC7984

IERC7984

confidentialFrozen(address account) → euint64

public

#

Returns the confidential frozen balance of an account.

confidentialAvailable(address account) → euint64

public

#

Returns the confidential available (unfrozen) balance of an account. Up to IERC7984.confidentialBalanceOf.

_setConfidentialFrozen(address account, euint64 encryptedAmount)

internal

#

Internal function to freeze a confidential amount of tokens for an account.

_checkFreezer()

internal

#

Unimplemented function that must revert if msg.sender is not authorized as a freezer.

_update(address from, address to, euint64 encryptedAmount) → euint64

internal

#

See ERC7984._update. The from account must have sufficient unfrozen balance, otherwise 0 tokens are transferred.

TokensFrozen(address indexed account, euint64 encryptedAmount)

event

#

Emitted when a confidential amount of token is frozen for an account

ERC7984ObserverAccess

import "@openzeppelin/contracts/token/ERC7984/extensions/ERC7984ObserverAccess.sol";

Extension of ERC7984 that allows each account to add a observer who is given permanent ACL access to its transfer and balance amounts. A observer can be added or removed at any point in time.

Functions

ERC7984

IERC7984

Events

ERC7984

IERC7984

Errors

ERC7984

IERC7984

setObserver(address account, address newObserver)

public

#

Sets the observer for the given account account to newObserver. Can be called by the account or the existing observer to abdicate the observer role (may only set to address(0)).

observer(address account) → address

public

#

Returns the observer for the given account account.

_update(address from, address to, euint64 amount) → euint64 transferred

internal

#

ERC7984ObserverAccessObserverSet(address account, address oldObserver, address newObserver)

event

#

Emitted when the observer is changed for the given account account.

Unauthorized()

error

#

Thrown when an account tries to set a newObserver for a given account without proper authority.

ERC7984Restricted

import "@openzeppelin/contracts/token/ERC7984/extensions/ERC7984Restricted.sol";

Extension of ERC7984 that implements user account transfer restrictions through the ERC7984Restricted.isUserAllowed function. Inspired by https://github.com/OpenZeppelin/openzeppelin-community-contracts/blob/master/contracts/token/ERC20/extensions/ERC20Restricted.sol.

By default, each account has no explicit restriction. The ERC7984Restricted.isUserAllowed function acts as a blocklist. Developers can override ERC7984Restricted.isUserAllowed to check that restriction == ALLOWED to implement an allowlist.

Functions

ERC7984

IERC7984

Events

ERC7984

IERC7984

Errors

ERC7984

IERC7984

getRestriction(address account) → enum ERC7984Restricted.Restriction

public

#

Returns the restriction of a user account.

isUserAllowed(address account) → bool

public

#

Returns whether a user account is allowed to interact with the token.

Default implementation only disallows explicitly BLOCKED accounts (i.e. a blocklist).

To convert into an allowlist, override as:

function isUserAllowed(address account) public view virtual override returns (bool) {
    return getRestriction(account) == Restriction.ALLOWED;
}

_update(address from, address to, euint64 value) → euint64

internal

#

See ERC7984._update. Enforces transfer restrictions (excluding minting and burning).

Requirements:

_setRestriction(address account, enum ERC7984Restricted.Restriction restriction)

internal

#

Updates the restriction of a user account.

_blockUser(address account)

internal

#

Convenience function to block a user account (set to BLOCKED).

_allowUser(address account)

internal

#

Convenience function to allow a user account (set to ALLOWED).

_resetUser(address account)

internal

#

Convenience function to reset a user account to default restriction.

_checkRestriction(address account)

internal

#

Checks if a user account is restricted. Reverts with ERC20Restricted if so.

UserRestrictionUpdated(address indexed account, enum ERC7984Restricted.Restriction restriction)

event

#

Emitted when a user account's restriction is updated.

UserRestricted(address account)

error

#

The operation failed because the user account is restricted.

ERC7984Votes

import "@openzeppelin/contracts/token/ERC7984/extensions/ERC7984Votes.sol";

Extension of ERC7984 supporting confidential votes tracking and delegation.

The amount of confidential voting units an account has is equal to the balance of that account. Voing power is taken into account when an account delegates votes to itself or to another account.

Functions

VotesConfidential

HandleAccessManager

IERC6372

EIP712

IERC5267

Nonces

ERC7984

IERC7984

Events

VotesConfidential

HandleAccessManager

IERC6372

EIP712

IERC5267

Nonces

ERC7984

IERC7984

Errors

VotesConfidential

HandleAccessManager

IERC6372

EIP712

IERC5267

Nonces

ERC7984

IERC7984

confidentialTotalSupply() → euint64

public

#

Returns the confidential total supply of the token.

_update(address from, address to, euint64 amount) → euint64 transferred

internal

#

_getVotingUnits(address account) → euint64

internal

#

ERC7984Utils

import "@openzeppelin/contracts/token/ERC7984/utils/ERC7984Utils.sol";

Library that provides common ERC7984 utility functions.

Functions

checkOnTransferReceived(address operator, address from, address to, euint64 amount, bytes data) → ebool

internal

#

Performs a transfer callback to the recipient of the transfer to. Should be invoked after all transfers "withCallback" on a ERC7984.

The transfer callback is not invoked on the recipient if the recipient has no code (i.e. is an EOA). If the recipient has non-zero code, it must implement IERC7984Receiver.onConfidentialTransferReceived and return an ebool indicating whether the transfer was accepted or not. If the ebool is false, the transfer will be reversed.

On this page

CoreExtensionsUtilitiesERC7984IERC7984IERC7984IERC7984ERC7984ERC20WrapperIERC1363ReceiverERC7984IERC7984IERC1363ReceiverERC7984IERC7984IERC1363ReceiverERC7984IERC7984ERC7984FreezableERC7984IERC7984ERC7984IERC7984ERC7984IERC7984ERC7984ObserverAccessERC7984IERC7984ERC7984IERC7984ERC7984IERC7984ERC7984RestrictedERC7984IERC7984ERC7984IERC7984ERC7984IERC7984ERC7984VotesVotesConfidentialHandleAccessManagerIERC6372EIP712IERC5267NoncesERC7984IERC7984VotesConfidentialHandleAccessManagerIERC6372EIP712IERC5267NoncesERC7984IERC7984VotesConfidentialHandleAccessManagerIERC6372EIP712IERC5267NoncesERC7984IERC7984ERC7984Utils