@openzeppelin/confidential-contracts 0.2.0-rc.1

package/finance/VestingWalletCliffExecutorConfidentialFactory.sol

@@ -0,0 +1,203 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.2.0-rc.1) (finance/VestingWalletCliffExecutorConfidentialFactory.sol)
+pragma solidity ^0.8.27;
+
+import {FHE, euint64, externalEuint64, euint128} from "@fhevm/solidity/lib/FHE.sol";
+import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+import {Clones} from "@openzeppelin/contracts/proxy/Clones.sol";
+import {IConfidentialFungibleToken} from "./../interfaces/IConfidentialFungibleToken.sol";
+import {ERC7821WithExecutor} from "./ERC7821WithExecutor.sol";
+import {VestingWalletCliffConfidential} from "./VestingWalletCliffConfidential.sol";
+import {VestingWalletConfidential} from "./VestingWalletConfidential.sol";
+
+/**
+ * @dev This factory enables creating {VestingWalletCliffExecutorConfidential} in batch.
+ *
+ * Confidential vesting wallets created inherit both {VestingWalletCliffConfidential} for vesting cliffs
+ * and {ERC7821WithExecutor} to allow for arbitrary calls to be executed from the vesting wallet.
+ */
+contract VestingWalletCliffExecutorConfidentialFactory {
+    struct VestingPlan {
+        address beneficiary;
+        externalEuint64 encryptedAmount;
+        uint48 startTimestamp;
+        uint48 durationSeconds;
+        uint48 cliffSeconds;
+    }
+
+    address private immutable _vestingImplementation = address(new VestingWalletCliffExecutorConfidential());
+
+    event VestingWalletConfidentialFunded(
+        address indexed vestingWalletConfidential,
+        address indexed beneficiary,
+        address indexed confidentialFungibleToken,
+        euint64 encryptedAmount,
+        uint48 startTimestamp,
+        uint48 durationSeconds,
+        uint48 cliffSeconds,
+        address executor
+    );
+    event VestingWalletConfidentialCreated(
+        address indexed vestingWalletConfidential,
+        address indexed beneficiary,
+        uint48 startTimestamp,
+        uint48 durationSeconds,
+        uint48 cliffSeconds,
+        address indexed executor
+    );
+
+    /**
+     * @dev Batches the funding of multiple confidential vesting wallets.
+     *
+     * Funds are sent to deterministic wallet addresses. Wallets can be created either
+     * before or after this operation.
+     *
+     * Emits a {VestingWalletConfidentialFunded} event for each funded vesting plan.
+     */
+    function batchFundVestingWalletConfidential(
+        address confidentialFungibleToken,
+        VestingPlan[] calldata vestingPlans,
+        address executor,
+        bytes calldata inputProof
+    ) public virtual {
+        uint256 vestingPlansLength = vestingPlans.length;
+        for (uint256 i = 0; i < vestingPlansLength; i++) {
+            VestingPlan memory vestingPlan = vestingPlans[i];
+            require(
+                vestingPlan.cliffSeconds <= vestingPlan.durationSeconds,
+                VestingWalletCliffConfidential.VestingWalletCliffConfidentialInvalidCliffDuration(
+                    vestingPlan.cliffSeconds,
+                    vestingPlan.durationSeconds
+                )
+            );
+
+            require(vestingPlan.beneficiary != address(0), OwnableUpgradeable.OwnableInvalidOwner(address(0)));
+            address vestingWalletAddress = predictVestingWalletConfidential(
+                vestingPlan.beneficiary,
+                vestingPlan.startTimestamp,
+                vestingPlan.durationSeconds,
+                vestingPlan.cliffSeconds,
+                executor
+            );
+
+            euint64 transferredAmount;
+            {
+                // avoiding stack too deep with scope
+                euint64 encryptedAmount = FHE.fromExternal(vestingPlan.encryptedAmount, inputProof);
+                FHE.allowTransient(encryptedAmount, confidentialFungibleToken);
+                transferredAmount = IConfidentialFungibleToken(confidentialFungibleToken).confidentialTransferFrom(
+                    msg.sender,
+                    vestingWalletAddress,
+                    encryptedAmount
+                );
+            }
+
+            emit VestingWalletConfidentialFunded(
+                vestingWalletAddress,
+                vestingPlan.beneficiary,
+                confidentialFungibleToken,
+                transferredAmount,
+                vestingPlan.startTimestamp,
+                vestingPlan.durationSeconds,
+                vestingPlan.cliffSeconds,
+                executor
+            );
+        }
+    }
+
+    /**
+     * @dev Creates a confidential vesting wallet.
+     *
+     * Emits a {VestingWalletConfidentialCreated}.
+     */
+    function createVestingWalletConfidential(
+        address beneficiary,
+        uint48 startTimestamp,
+        uint48 durationSeconds,
+        uint48 cliffSeconds,
+        address executor
+    ) public virtual returns (address) {
+        // Will revert if clone already created
+        address vestingWalletConfidentialAddress = Clones.cloneDeterministic(
+            _vestingImplementation,
+            _getCreate2VestingWalletConfidentialSalt(
+                beneficiary,
+                startTimestamp,
+                durationSeconds,
+                cliffSeconds,
+                executor
+            )
+        );
+        VestingWalletCliffExecutorConfidential(vestingWalletConfidentialAddress).initialize(
+            beneficiary,
+            startTimestamp,
+            durationSeconds,
+            cliffSeconds,
+            executor
+        );
+        emit VestingWalletConfidentialCreated(
+            beneficiary,
+            vestingWalletConfidentialAddress,
+            startTimestamp,
+            durationSeconds,
+            cliffSeconds,
+            executor
+        );
+        return vestingWalletConfidentialAddress;
+    }
+
+    /**
+     * @dev Predicts deterministic address for a confidential vesting wallet.
+     */
+    function predictVestingWalletConfidential(
+        address beneficiary,
+        uint48 startTimestamp,
+        uint48 durationSeconds,
+        uint48 cliffSeconds,
+        address executor
+    ) public view virtual returns (address) {
+        return
+            Clones.predictDeterministicAddress(
+                _vestingImplementation,
+                _getCreate2VestingWalletConfidentialSalt(
+                    beneficiary,
+                    startTimestamp,
+                    durationSeconds,
+                    cliffSeconds,
+                    executor
+                )
+            );
+    }
+
+    /**
+     * @dev Gets create2 salt for a confidential vesting wallet.
+     */
+    function _getCreate2VestingWalletConfidentialSalt(
+        address beneficiary,
+        uint48 startTimestamp,
+        uint48 durationSeconds,
+        uint48 cliffSeconds,
+        address executor
+    ) internal pure virtual returns (bytes32) {
+        return keccak256(abi.encodePacked(beneficiary, startTimestamp, durationSeconds, cliffSeconds, executor));
+    }
+}
+
+// slither-disable-next-line locked-ether
+contract VestingWalletCliffExecutorConfidential is VestingWalletCliffConfidential, ERC7821WithExecutor {
+    constructor() {
+        _disableInitializers();
+    }
+
+    function initialize(
+        address beneficiary,
+        uint48 startTimestamp,
+        uint48 durationSeconds,
+        uint48 cliffSeconds,
+        address executor
+    ) public initializer {
+        __VestingWalletConfidential_init(beneficiary, startTimestamp, durationSeconds);
+        __VestingWalletCliffConfidential_init(cliffSeconds);
+        __ERC7821WithExecutor_init(executor);
+    }
+}

package/finance/VestingWalletConfidential.sol

@@ -0,0 +1,130 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.2.0-rc.1) (finance/VestingWalletConfidential.sol)
+pragma solidity ^0.8.24;
+
+import {FHE, ebool, euint64, euint128} from "@fhevm/solidity/lib/FHE.sol";
+import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+import {ReentrancyGuardTransient} from "@openzeppelin/contracts/utils/ReentrancyGuardTransient.sol";
+import {IConfidentialFungibleToken} from "./../interfaces/IConfidentialFungibleToken.sol";
+
+/**
+ * @dev A vesting wallet is an ownable contract that can receive ConfidentialFungibleTokens, and release these
+ * assets to the wallet owner, also referred to as "beneficiary", according to a vesting schedule.
+ *
+ * Any assets transferred to this contract will follow the vesting schedule as if they were locked from the beginning.
+ * Consequently, if the vesting has already started, any amount of tokens sent to this contract will (at least partly)
+ * be immediately releasable.
+ *
+ * By setting the duration to 0, one can configure this contract to behave like an asset timelock that holds tokens for
+ * a beneficiary until a specified time.
+ *
+ * NOTE: Since the wallet is `Ownable`, and ownership can be transferred, it is possible to sell unvested tokens.
+ *
+ * NOTE: When using this contract with any token whose balance is adjusted automatically (i.e. a rebase token), make
+ * sure to account the supply/balance adjustment in the vesting schedule to ensure the vested amount is as intended.
+ */
+abstract contract VestingWalletConfidential is OwnableUpgradeable, ReentrancyGuardTransient {
+    /// @custom:storage-location erc7201:openzeppelin.storage.VestingWalletConfidential
+    struct VestingWalletStorage {
+        mapping(address token => euint64) _tokenReleased;
+        uint64 _start;
+        uint64 _duration;
+    }
+
+    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.VestingWalletConfidential")) - 1)) & ~bytes32(uint256(0xff))
+    // solhint-disable-next-line const-name-snakecase
+    bytes32 private constant VestingWalletStorageLocation =
+        0x78ce9ee9eb65fa0cf5bf10e861c3a95cb7c3c713c96ab1e5323a21e846796800;
+
+    event VestingWalletConfidentialTokenReleased(address indexed token, euint64 amount);
+
+    /// @dev Timestamp at which the vesting starts.
+    function start() public view virtual returns (uint64) {
+        return _getVestingWalletStorage()._start;
+    }
+
+    /// @dev Duration of the vesting in seconds.
+    function duration() public view virtual returns (uint64) {
+        return _getVestingWalletStorage()._duration;
+    }
+
+    /// @dev Timestamp at which the vesting ends.
+    function end() public view virtual returns (uint64) {
+        return start() + duration();
+    }
+
+    /// @dev Amount of token already released
+    function released(address token) public view virtual returns (euint64) {
+        return _getVestingWalletStorage()._tokenReleased[token];
+    }
+
+    /**
+     * @dev Getter for the amount of releasable `token` tokens. `token` should be the address of an
+     * {IConfidentialFungibleToken} contract.
+     */
+    function releasable(address token) public virtual returns (euint64) {
+        return FHE.asEuint64(FHE.sub(vestedAmount(token, uint64(block.timestamp)), released(token)));
+    }
+
+    /**
+     * @dev Release the tokens that have already vested.
+     *
+     * Emits a {VestingWalletConfidentialTokenReleased} event.
+     */
+    function release(address token) public virtual nonReentrant {
+        euint64 amount = releasable(token);
+        FHE.allowTransient(amount, token);
+        euint64 amountSent = IConfidentialFungibleToken(token).confidentialTransfer(owner(), amount);
+
+        euint64 newReleasedAmount = FHE.add(released(token), amountSent);
+        FHE.allow(newReleasedAmount, owner());
+        FHE.allowThis(newReleasedAmount);
+        _getVestingWalletStorage()._tokenReleased[token] = newReleasedAmount;
+        emit VestingWalletConfidentialTokenReleased(token, amountSent);
+    }
+
+    /// @dev Calculates the amount of tokens that has already vested. Default implementation is a linear vesting curve.
+    function vestedAmount(address token, uint64 timestamp) public virtual returns (euint128) {
+        return
+            _vestingSchedule(
+                FHE.add(
+                    FHE.asEuint128(IConfidentialFungibleToken(token).confidentialBalanceOf(address(this))),
+                    released(token)
+                ),
+                timestamp
+            );
+    }
+
+    /**
+     * @dev Initializes the vesting wallet for a given `beneficiary` with a start time of `startTimestamp`
+     * and an end time of `startTimestamp + durationSeconds`.
+     */
+    // solhint-disable-next-line func-name-mixedcase
+    function __VestingWalletConfidential_init(
+        address beneficiary,
+        uint48 startTimestamp,
+        uint48 durationSeconds
+    ) internal onlyInitializing {
+        __Ownable_init(beneficiary);
+        VestingWalletStorage storage $ = _getVestingWalletStorage();
+        $._start = startTimestamp;
+        $._duration = durationSeconds;
+    }
+
+    /// @dev This returns the amount vested, as a function of time, for an asset given its total historical allocation.
+    function _vestingSchedule(euint128 totalAllocation, uint64 timestamp) internal virtual returns (euint128) {
+        if (timestamp < start()) {
+            return euint128.wrap(0);
+        } else if (timestamp >= end()) {
+            return totalAllocation;
+        } else {
+            return FHE.div(FHE.mul(totalAllocation, (timestamp - start())), duration());
+        }
+    }
+
+    function _getVestingWalletStorage() private pure returns (VestingWalletStorage storage $) {
+        assembly {
+            $.slot := VestingWalletStorageLocation
+        }
+    }
+}

package/governance/utils/VotesConfidential.sol

@@ -0,0 +1,202 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.2.0-rc.1) (governance/utils/VotesConfidential.sol)
+pragma solidity ^0.8.24;
+
+import {FHE, ebool, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {IERC6372} from "@openzeppelin/contracts/interfaces/IERC6372.sol";
+import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";
+import {Nonces} from "@openzeppelin/contracts/utils/Nonces.sol";
+import {Time} from "@openzeppelin/contracts/utils/types/Time.sol";
+import {CheckpointsConfidential} from "./../../utils/structs/CheckpointsConfidential.sol";
+
+abstract contract VotesConfidential is Nonces, EIP712, IERC6372 {
+    using FHE for *;
+    using CheckpointsConfidential for CheckpointsConfidential.TraceEuint64;
+
+    bytes32 private constant DELEGATION_TYPEHASH =
+        keccak256("Delegation(address delegatee,uint256 nonce,uint256 expiry)");
+
+    mapping(address account => address) private _delegatee;
+
+    mapping(address delegatee => CheckpointsConfidential.TraceEuint64) private _delegateCheckpoints;
+
+    CheckpointsConfidential.TraceEuint64 private _totalCheckpoints;
+
+    /// @dev The signature used has expired.
+    error VotesExpiredSignature(uint256 expiry);
+
+    /// @dev Emitted when a token transfer or delegate change results in changes to a delegate's number of voting units.
+    event DelegateVotesChanged(address indexed delegate, euint64 previousVotes, euint64 newVotes);
+
+    /// @dev Emitted when an account changes their delegate.
+    event DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate);
+
+    /// @dev The clock was incorrectly modified.
+    error ERC6372InconsistentClock();
+
+    /// @dev Lookup to future votes is not available.
+    error ERC5805FutureLookup(uint256 timepoint, uint48 clock);
+
+    /**
+     * @dev Clock used for flagging checkpoints. Can be overridden to implement timestamp based
+     * checkpoints (and voting), in which case {CLOCK_MODE} should be overridden as well to match.
+     */
+    function clock() public view virtual returns (uint48) {
+        return Time.blockNumber();
+    }
+
+    /**
+     * @dev Machine-readable description of the clock as specified in ERC-6372.
+     */
+    // solhint-disable-next-line func-name-mixedcase
+    function CLOCK_MODE() public view virtual returns (string memory) {
+        // Check that the clock was not modified
+        if (clock() != Time.blockNumber()) {
+            revert ERC6372InconsistentClock();
+        }
+        return "mode=blocknumber&from=default";
+    }
+
+    /// @dev Returns the current amount of votes that `account` has.
+    function getVotes(address account) public view virtual returns (euint64) {
+        return _delegateCheckpoints[account].latest();
+    }
+
+    /**
+     * @dev Returns the amount of votes that `account` had at a specific moment in the past. If the {clock} is
+     * configured to use block numbers, this will return the value at the end of the corresponding block.
+     *
+     * Requirements:
+     *
+     * - `timepoint` must be in the past. If operating using block numbers, the block must be already mined.
+     */
+    function getPastVotes(address account, uint256 timepoint) public view virtual returns (euint64) {
+        return _delegateCheckpoints[account].upperLookupRecent(_validateTimepoint(timepoint));
+    }
+
+    /**
+     * @dev Returns the total supply of votes available at a specific moment in the past. If the {clock} is
+     * configured to use block numbers, this will return the value at the end of the corresponding block.
+     *
+     * NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes.
+     * Votes that have not been delegated are still part of total supply, even though they would not participate in a
+     * vote.
+     *
+     * Requirements:
+     *
+     * - `timepoint` must be in the past. If operating using block numbers, the block must be already mined.
+     */
+    function getPastTotalSupply(uint256 timepoint) public view virtual returns (euint64) {
+        return _totalCheckpoints.upperLookupRecent(_validateTimepoint(timepoint));
+    }
+
+    /**
+     * @dev Returns the current total supply of votes as an encrypted uint64 (euint64). Must be implemented
+     * by the derived contract.
+     */
+    function confidentialTotalSupply() public view virtual returns (euint64);
+
+    /// @dev Returns the delegate that `account` has chosen.
+    function delegates(address account) public view virtual returns (address) {
+        return _delegatee[account];
+    }
+
+    /// @dev Delegates votes from the sender to `delegatee`.
+    function delegate(address delegatee) public virtual {
+        _delegate(msg.sender, delegatee);
+    }
+
+    /// @dev Delegates votes from an EOA to `delegatee` via an ECDSA signature.
+    function delegateBySig(
+        address delegatee,
+        uint256 nonce,
+        uint256 expiry,
+        uint8 v,
+        bytes32 r,
+        bytes32 s
+    ) public virtual {
+        if (block.timestamp > expiry) {
+            revert VotesExpiredSignature(expiry);
+        }
+
+        address signer = ECDSA.recover(
+            _hashTypedDataV4(keccak256(abi.encode(DELEGATION_TYPEHASH, delegatee, nonce, expiry))),
+            v,
+            r,
+            s
+        );
+
+        _useCheckedNonce(signer, nonce);
+        _delegate(signer, delegatee);
+    }
+
+    /**
+     * @dev Delegate all of `account`'s voting units to `delegatee`.
+     *
+     * Emits events {IVotes-DelegateChanged} and {IVotes-DelegateVotesChanged}.
+     */
+    function _delegate(address account, address delegatee) internal virtual {
+        address oldDelegate = delegates(account);
+        _delegatee[account] = delegatee;
+
+        emit DelegateChanged(account, oldDelegate, delegatee);
+        _moveDelegateVotes(oldDelegate, delegatee, _getVotingUnits(account));
+    }
+
+    /**
+     * @dev Transfers, mints, or burns voting units. To register a mint, `from` should be zero. To register a burn, `to`
+     * should be zero. Total supply of voting units will be adjusted with mints and burns.
+     *
+     * WARNING: Must be called after {confidentialTotalSupply} is updated.
+     */
+    function _transferVotingUnits(address from, address to, euint64 amount) internal virtual {
+        if (from == address(0) || to == address(0)) {
+            _push(_totalCheckpoints, confidentialTotalSupply());
+        }
+        _moveDelegateVotes(delegates(from), delegates(to), amount);
+    }
+
+    /**
+     * @dev Moves delegated votes from one delegate to another.
+     */
+    function _moveDelegateVotes(address from, address to, euint64 amount) internal virtual {
+        CheckpointsConfidential.TraceEuint64 storage store;
+        if (from != to && FHE.isInitialized(amount)) {
+            if (from != address(0)) {
+                store = _delegateCheckpoints[from];
+                euint64 newValue = store.latest().sub(amount);
+                newValue.allowThis();
+                newValue.allow(from);
+                euint64 oldValue = _push(store, newValue);
+                emit DelegateVotesChanged(from, oldValue, newValue);
+            }
+            if (to != address(0)) {
+                store = _delegateCheckpoints[to];
+                euint64 newValue = store.latest().add(amount);
+                newValue.allowThis();
+                newValue.allow(to);
+                euint64 oldValue = _push(store, newValue);
+                emit DelegateVotesChanged(to, oldValue, newValue);
+            }
+        }
+    }
+
+    /// @dev Validate that a timepoint is in the past, and return it as a uint48.
+    function _validateTimepoint(uint256 timepoint) internal view returns (uint48) {
+        uint48 currentTimepoint = clock();
+        if (timepoint >= currentTimepoint) revert ERC5805FutureLookup(timepoint, currentTimepoint);
+        return SafeCast.toUint48(timepoint);
+    }
+
+    /**
+     * @dev Must return the voting units held by an account.
+     */
+    function _getVotingUnits(address) internal view virtual returns (euint64);
+
+    function _push(CheckpointsConfidential.TraceEuint64 storage store, euint64 value) private returns (euint64) {
+        (euint64 oldValue, ) = store.push(clock(), value);
+        return oldValue;
+    }
+}

package/interfaces/IConfidentialFungibleToken.sol

@@ -0,0 +1,135 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.2.0-rc.1) (interfaces/IConfidentialFungibleToken.sol)
+pragma solidity ^0.8.24;
+
+import {euint64, externalEuint64} from "@fhevm/solidity/lib/FHE.sol";
+
+/// @dev Draft interface for a confidential fungible token standard utilizing the Zama TFHE library.
+interface IConfidentialFungibleToken {
+    /**
+     * @dev Emitted when the expiration timestamp for an operator `operator` is updated for a given `holder`.
+     * The operator may move any amount of tokens on behalf of the holder until the timestamp `until`.
+     */
+    event OperatorSet(address indexed holder, address indexed operator, uint48 until);
+
+    /// @dev Emitted when a confidential transfer is made from `from` to `to` of encrypted amount `amount`.
+    event ConfidentialTransfer(address indexed from, address indexed to, euint64 indexed amount);
+
+    /**
+     * @dev Emitted when an encrypted amount is disclosed.
+     *
+     * Accounts with access to the encrypted amount `encryptedAmount` that is also accessible to this contract
+     * should be able to disclose the amount. This functionality is implementation specific.
+     */
+    event AmountDisclosed(euint64 indexed encryptedAmount, uint64 amount);
+
+    /// @dev Returns the name of the token.
+    function name() external view returns (string memory);
+
+    /// @dev Returns the symbol of the token.
+    function symbol() external view returns (string memory);
+
+    /// @dev Returns the number of decimals of the token. Recommended to be 6.
+    function decimals() external view returns (uint8);
+
+    /// @dev Returns the token URI.
+    function tokenURI() external view returns (string memory);
+
+    /// @dev Returns the confidential total supply of the token.
+    function confidentialTotalSupply() external view returns (euint64);
+
+    /// @dev Returns the confidential balance of the account `account`.
+    function confidentialBalanceOf(address account) external view returns (euint64);
+
+    /// @dev Returns true if `spender` is currently an operator for `holder`.
+    function isOperator(address holder, address spender) external view returns (bool);
+
+    /**
+     * @dev Sets `operator` as an operator for `holder` until the timestamp `until`.
+     *
+     * NOTE: An operator may transfer any amount of tokens on behalf of a holder while approved.
+     */
+    function setOperator(address operator, uint48 until) external;
+
+    /**
+     * @dev Transfers the encrypted amount `encryptedAmount` to `to` with the given input proof `inputProof`.
+     *
+     * Returns the encrypted amount that was actually transferred.
+     */
+    function confidentialTransfer(
+        address to,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) external returns (euint64);
+
+    /**
+     * @dev Similar to {confidentialTransfer-address-externalEuint64-bytes} but without an input proof. The caller
+     * *must* already be allowed by ACL for the given `amount`.
+     */
+    function confidentialTransfer(address to, euint64 amount) external returns (euint64 transferred);
+
+    /**
+     * @dev Transfers the encrypted amount `encryptedAmount` from `from` to `to` with the given input proof
+     * `inputProof`. `msg.sender` must be either `from` or an operator for `from`.
+     *
+     * Returns the encrypted amount that was actually transferred.
+     */
+    function confidentialTransferFrom(
+        address from,
+        address to,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) external returns (euint64);
+
+    /**
+     * @dev Similar to {confidentialTransferFrom-address-address-externalEuint64-bytes} but without an input proof.
+     * The caller *must* be already allowed by ACL for the given `amount`.
+     */
+    function confidentialTransferFrom(address from, address to, euint64 amount) external returns (euint64 transferred);
+
+    /**
+     * @dev Similar to {confidentialTransfer-address-externalEuint64-bytes} but with a callback to `to` after
+     * the transfer.
+     *
+     * The callback is made to the {IConfidentialFungibleTokenReceiver-onConfidentialTransferReceived} function on the
+     * to address with the actual transferred amount (may differ from the given `encryptedAmount`) and the given
+     * data `data`.
+     */
+    function confidentialTransferAndCall(
+        address to,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof,
+        bytes calldata data
+    ) external returns (euint64 transferred);
+
+    /// @dev Similar to {confidentialTransfer-address-euint64} but with a callback to `to` after the transfer.
+    function confidentialTransferAndCall(
+        address to,
+        euint64 amount,
+        bytes calldata data
+    ) external returns (euint64 transferred);
+
+    /**
+     * @dev Similar to {confidentialTransferFrom-address-address-externalEuint64-bytes} but with a callback to `to`
+     * after the transfer.
+     */
+    function confidentialTransferFromAndCall(
+        address from,
+        address to,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof,
+        bytes calldata data
+    ) external returns (euint64 transferred);
+
+    /**
+     * @dev Similar to {confidentialTransferFrom-address-address-euint64} but with a callback to `to`
+     * after the transfer.
+     *
+     */
+    function confidentialTransferFromAndCall(
+        address from,
+        address to,
+        euint64 amount,
+        bytes calldata data
+    ) external returns (euint64 transferred);
+}

package/interfaces/IConfidentialFungibleTokenReceiver.sol

@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.2.0-rc.1) (interfaces/IConfidentialFungibleTokenReceiver.sol)
+pragma solidity ^0.8.24;
+
+import {ebool, euint64} from "@fhevm/solidity/lib/FHE.sol";
+
+/// @dev Interface for contracts that can receive confidential token transfers with a callback.
+interface IConfidentialFungibleTokenReceiver {
+    /**
+     * @dev Called upon receiving a confidential token transfer. Returns an encrypted boolean indicating success
+     * of the callback. If false is returned, the transfer must be reversed.
+     */
+    function onConfidentialTransferReceived(
+        address operator,
+        address from,
+        euint64 amount,
+        bytes calldata data
+    ) external returns (ebool);
+}