@openzeppelin/confidential-contracts 0.2.0 → 0.3.0

package/token/ERC7984/extensions/ERC7984Omnibus.sol

@@ -0,0 +1,209 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.3.0) (token/ERC7984/extensions/ERC7984Omnibus.sol)
+
+pragma solidity ^0.8.27;
+
+import {FHE, euint64, externalEuint64, externalEaddress, eaddress} from "@fhevm/solidity/lib/FHE.sol";
+import {ERC7984} from "../ERC7984.sol";
+
+/**
+ * @dev Extension of {ERC7984} that emits additional events for omnibus transfers.
+ * These events contain encrypted addresses for the sub-account sender and recipient.
+ *
+ * NOTE: There is no onchain accounting for sub-accounts--integrators must track sub-account
+ * balances externally.
+ */
+abstract contract ERC7984Omnibus is ERC7984 {
+    /**
+     * @dev Emitted when a confidential transfer is made representing the onchain settlement of
+     * an omnibus transfer from `sender` to `recipient` of amount `amount`. Settlement occurs between
+     * `omnibusFrom` and `omnibusTo` and is represented in a matching {IERC7984-ConfidentialTransfer} event.
+     *
+     * NOTE: `omnibusFrom` and `omnibusTo` get permanent ACL allowances for `sender` and `recipient`.
+     */
+    event OmnibusConfidentialTransfer(
+        address indexed omnibusFrom,
+        address indexed omnibusTo,
+        eaddress sender,
+        eaddress indexed recipient,
+        euint64 amount
+    );
+
+    /**
+     * @dev The caller `user` does not have access to the encrypted address `addr`.
+     *
+     * NOTE: Try using the equivalent transfer function with an input proof.
+     */
+    error ERC7984UnauthorizedUseOfEncryptedAddress(eaddress addr, address user);
+
+    /// @dev Wraps the {confidentialTransfer-address-externalEuint64-bytes} function and emits the {OmnibusConfidentialTransfer} event.
+    function confidentialTransferOmnibus(
+        address omnibusTo,
+        externalEaddress externalSender,
+        externalEaddress externalRecipient,
+        externalEuint64 externalAmount,
+        bytes calldata inputProof
+    ) public virtual returns (euint64) {
+        return
+            confidentialTransferFromOmnibus(
+                msg.sender,
+                omnibusTo,
+                externalSender,
+                externalRecipient,
+                externalAmount,
+                inputProof
+            );
+    }
+
+    /// @dev Wraps the {confidentialTransfer-address-euint64} function and emits the {OmnibusConfidentialTransfer} event.
+    function confidentialTransferOmnibus(
+        address omnibusTo,
+        eaddress sender,
+        eaddress recipient,
+        euint64 amount
+    ) public virtual returns (euint64) {
+        return confidentialTransferFromOmnibus(msg.sender, omnibusTo, sender, recipient, amount);
+    }
+
+    /// @dev Wraps the {confidentialTransferFrom-address-address-externalEuint64-bytes} function and emits the {OmnibusConfidentialTransfer} event.
+    function confidentialTransferFromOmnibus(
+        address omnibusFrom,
+        address omnibusTo,
+        externalEaddress externalSender,
+        externalEaddress externalRecipient,
+        externalEuint64 externalAmount,
+        bytes calldata inputProof
+    ) public virtual returns (euint64) {
+        eaddress sender = FHE.fromExternal(externalSender, inputProof);
+        eaddress recipient = FHE.fromExternal(externalRecipient, inputProof);
+        euint64 amount = FHE.fromExternal(externalAmount, inputProof);
+
+        return _confidentialTransferFromOmnibus(omnibusFrom, omnibusTo, sender, recipient, amount);
+    }
+
+    /// @dev Wraps the {confidentialTransferFrom-address-address-euint64} function and emits the {OmnibusConfidentialTransfer} event.
+    function confidentialTransferFromOmnibus(
+        address omnibusFrom,
+        address omnibusTo,
+        eaddress sender,
+        eaddress recipient,
+        euint64 amount
+    ) public virtual returns (euint64) {
+        require(FHE.isAllowed(sender, msg.sender), ERC7984UnauthorizedUseOfEncryptedAddress(sender, msg.sender));
+        require(FHE.isAllowed(recipient, msg.sender), ERC7984UnauthorizedUseOfEncryptedAddress(recipient, msg.sender));
+
+        return _confidentialTransferFromOmnibus(omnibusFrom, omnibusTo, sender, recipient, amount);
+    }
+
+    /// @dev Wraps the {confidentialTransferAndCall-address-externalEuint64-bytes-bytes} function and emits the {OmnibusConfidentialTransfer} event.
+    function confidentialTransferAndCallOmnibus(
+        address omnibusTo,
+        externalEaddress externalSender,
+        externalEaddress externalRecipient,
+        externalEuint64 externalAmount,
+        bytes calldata inputProof,
+        bytes calldata data
+    ) public virtual returns (euint64) {
+        return
+            confidentialTransferFromAndCallOmnibus(
+                msg.sender,
+                omnibusTo,
+                externalSender,
+                externalRecipient,
+                externalAmount,
+                inputProof,
+                data
+            );
+    }
+
+    /// @dev Wraps the {confidentialTransferAndCall-address-euint64-bytes} function and emits the {OmnibusConfidentialTransfer} event.
+    function confidentialTransferAndCallOmnibus(
+        address omnibusTo,
+        eaddress sender,
+        eaddress recipient,
+        euint64 amount,
+        bytes calldata data
+    ) public virtual returns (euint64) {
+        return confidentialTransferFromAndCallOmnibus(msg.sender, omnibusTo, sender, recipient, amount, data);
+    }
+
+    /// @dev Wraps the {confidentialTransferFromAndCall-address-address-externalEuint64-bytes-bytes} function and emits the {OmnibusConfidentialTransfer} event.
+    function confidentialTransferFromAndCallOmnibus(
+        address omnibusFrom,
+        address omnibusTo,
+        externalEaddress externalSender,
+        externalEaddress externalRecipient,
+        externalEuint64 externalAmount,
+        bytes calldata inputProof,
+        bytes calldata data
+    ) public virtual returns (euint64) {
+        eaddress sender = FHE.fromExternal(externalSender, inputProof);
+        eaddress recipient = FHE.fromExternal(externalRecipient, inputProof);
+        euint64 amount = FHE.fromExternal(externalAmount, inputProof);
+
+        return _confidentialTransferFromAndCallOmnibus(omnibusFrom, omnibusTo, sender, recipient, amount, data);
+    }
+
+    /// @dev Wraps the {confidentialTransferFromAndCall-address-address-euint64-bytes} function and emits the {OmnibusConfidentialTransfer} event.
+    function confidentialTransferFromAndCallOmnibus(
+        address omnibusFrom,
+        address omnibusTo,
+        eaddress sender,
+        eaddress recipient,
+        euint64 amount,
+        bytes calldata data
+    ) public virtual returns (euint64) {
+        require(FHE.isAllowed(sender, msg.sender), ERC7984UnauthorizedUseOfEncryptedAddress(sender, msg.sender));
+        require(FHE.isAllowed(recipient, msg.sender), ERC7984UnauthorizedUseOfEncryptedAddress(recipient, msg.sender));
+
+        return _confidentialTransferFromAndCallOmnibus(omnibusFrom, omnibusTo, sender, recipient, amount, data);
+    }
+
+    /// @dev Handles the ACL allowances, does the transfer without a callback, and emits {OmnibusConfidentialTransfer}.
+    function _confidentialTransferFromOmnibus(
+        address omnibusFrom,
+        address omnibusTo,
+        eaddress sender,
+        eaddress recipient,
+        euint64 amount
+    ) internal virtual returns (euint64) {
+        FHE.allowThis(sender);
+        FHE.allow(sender, omnibusFrom);
+        FHE.allow(sender, omnibusTo);
+
+        FHE.allowThis(recipient);
+        FHE.allow(recipient, omnibusFrom);
+        FHE.allow(recipient, omnibusTo);
+
+        euint64 transferred = confidentialTransferFrom(omnibusFrom, omnibusTo, amount);
+        emit OmnibusConfidentialTransfer(omnibusFrom, omnibusTo, sender, recipient, transferred);
+        return transferred;
+    }
+
+    /// @dev Handles the ACL allowances, does the transfer with a callback, and emits {OmnibusConfidentialTransfer}.
+    function _confidentialTransferFromAndCallOmnibus(
+        address omnibusFrom,
+        address omnibusTo,
+        eaddress sender,
+        eaddress recipient,
+        euint64 amount,
+        bytes calldata data
+    ) internal virtual returns (euint64) {
+        FHE.allowThis(sender);
+        FHE.allow(sender, omnibusFrom);
+        FHE.allow(sender, omnibusTo);
+
+        FHE.allowThis(recipient);
+        FHE.allow(recipient, omnibusFrom);
+        FHE.allow(recipient, omnibusTo);
+
+        euint64 transferred = confidentialTransferFromAndCall(omnibusFrom, omnibusTo, amount, data);
+
+        FHE.allowThis(transferred);
+        FHE.allow(transferred, omnibusFrom);
+        FHE.allow(transferred, omnibusTo);
+
+        emit OmnibusConfidentialTransfer(omnibusFrom, omnibusTo, sender, recipient, transferred);
+        return transferred;
+    }
+}

package/token/ERC7984/extensions/ERC7984Restricted.sol

@@ -0,0 +1,110 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.3.0) (token/ERC7984/extensions/ERC7984Restricted.sol)
+
+pragma solidity ^0.8.27;
+
+import {ERC7984, euint64} from "../ERC7984.sol";
+
+/**
+ * @dev Extension of {ERC7984} that implements user account transfer restrictions through the
+ * {isUserAllowed} function. Inspired by
+ * https://github.com/OpenZeppelin/openzeppelin-community-contracts/blob/master/contracts/token/ERC20/extensions/ERC20Restricted.sol.
+ *
+ * By default, each account has no explicit restriction. The {isUserAllowed} function acts as
+ * a blocklist. Developers can override {isUserAllowed} to check that `restriction == ALLOWED`
+ * to implement an allowlist.
+ */
+abstract contract ERC7984Restricted is ERC7984 {
+    enum Restriction {
+        DEFAULT, // User has no explicit restriction
+        BLOCKED, // User is explicitly blocked
+        ALLOWED // User is explicitly allowed
+    }
+
+    mapping(address account => Restriction) private _restrictions;
+
+    /// @dev Emitted when a user account's restriction is updated.
+    event UserRestrictionUpdated(address indexed account, Restriction restriction);
+
+    /// @dev The operation failed because the user account is restricted.
+    error UserRestricted(address account);
+
+    /// @dev Returns the restriction of a user account.
+    function getRestriction(address account) public view virtual returns (Restriction) {
+        return _restrictions[account];
+    }
+
+    /**
+     * @dev Returns whether a user account is allowed to interact with the token.
+     *
+     * Default implementation only disallows explicitly BLOCKED accounts (i.e. a blocklist).
+     */
+    function isUserAllowed(address account) public view virtual returns (bool) {
+        return getRestriction(account) != Restriction.BLOCKED; // i.e. DEFAULT && ALLOWED
+    }
+
+    /**
+     * @dev See {ERC7984-_update}. Enforces transfer restrictions (excluding minting and burning).
+     *
+     * Requirements:
+     *
+     * * `from` must be allowed to transfer tokens (see {isUserAllowed}).
+     * * `to` must be allowed to receive tokens (see {isUserAllowed}).
+     *
+     * The default restriction behavior can be changed (for a pass-through for instance) by overriding
+     * {_checkSenderRestriction} and/or {_checkRecipientRestriction}.
+     */
+    function _update(address from, address to, euint64 value) internal virtual override returns (euint64) {
+        _checkSenderRestriction(from);
+        _checkRecipientRestriction(to);
+        return super._update(from, to, value);
+    }
+
+    /// @dev Updates the restriction of a user account.
+    function _setRestriction(address account, Restriction restriction) internal virtual {
+        if (getRestriction(account) != restriction) {
+            _restrictions[account] = restriction;
+            emit UserRestrictionUpdated(account, restriction);
+        } // no-op if restriction is unchanged
+    }
+
+    /// @dev Convenience function to block a user account (set to BLOCKED).
+    function _blockUser(address account) internal virtual {
+        _setRestriction(account, Restriction.BLOCKED);
+    }
+
+    /// @dev Convenience function to allow a user account (set to ALLOWED).
+    function _allowUser(address account) internal virtual {
+        _setRestriction(account, Restriction.ALLOWED);
+    }
+
+    /// @dev Convenience function to reset a user account to default restriction.
+    function _resetUser(address account) internal virtual {
+        _setRestriction(account, Restriction.DEFAULT);
+    }
+
+    /// @dev Checks if a user account is restricted. Reverts with {UserRestricted} if so.
+    function _checkRestriction(address account) internal view virtual {
+        require(isUserAllowed(account), UserRestricted(account));
+    }
+
+    /**
+     * @dev Internal function which checks restriction of the `from` account before a transfer.
+     * Working with {_update} function.
+     */
+    function _checkSenderRestriction(address account) internal view virtual {
+        if (account != address(0)) {
+            _checkRestriction(account); // Not minting
+        }
+    }
+
+    /**
+     * @dev Internal function which checks restriction of the `to` account before a transfer.
+     * Working with {_update} function.
+     */
+    function _checkRecipientRestriction(address account) internal view virtual {
+        if (account != address(0)) {
+            _checkRestriction(account); // Not burning
+        }
+    }
+}

package/token/ERC7984/extensions/ERC7984Rwa.sol

@@ -0,0 +1,248 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.3.0) (token/ERC7984/extensions/ERC7984Rwa.sol)
+
+pragma solidity ^0.8.27;
+
+import {FHE, externalEuint64, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
+import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
+import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
+import {Multicall} from "@openzeppelin/contracts/utils/Multicall.sol";
+import {Pausable} from "@openzeppelin/contracts/utils/Pausable.sol";
+import {IERC7984} from "./../../../interfaces/IERC7984.sol";
+import {IERC7984Rwa} from "./../../../interfaces/IERC7984Rwa.sol";
+import {ERC7984} from "./../ERC7984.sol";
+import {ERC7984Freezable} from "./ERC7984Freezable.sol";
+import {ERC7984Restricted} from "./ERC7984Restricted.sol";
+
+/**
+ * @dev Extension of {ERC7984} that supports confidential Real World Assets (RWAs).
+ * This interface provides compliance checks, transfer controls and enforcement actions.
+ */
+abstract contract ERC7984Rwa is IERC7984Rwa, ERC7984Freezable, ERC7984Restricted, Pausable, Multicall, AccessControl {
+    /**
+     * @dev Accounts granted the agent role have the following permissioned abilities:
+     *
+     * - Mint/Burn to/from a given address (does not require permission)
+     * - Force transfer from a given address (does not require permission)
+     *   - Bypasses pause and restriction checks (not frozen)
+     * - Pause/Unpause the contract
+     * - Block/Unblock a given account
+     * - Set frozen amount of tokens for a given account.
+     */
+    bytes32 public constant AGENT_ROLE = keccak256("AGENT_ROLE");
+
+    /// @dev Checks if the sender is an admin.
+    modifier onlyAdmin() {
+        _checkRole(DEFAULT_ADMIN_ROLE);
+        _;
+    }
+
+    /// @dev Checks if the sender is an agent.
+    modifier onlyAgent() {
+        _checkRole(AGENT_ROLE);
+        _;
+    }
+
+    constructor(address admin) {
+        _grantRole(DEFAULT_ADMIN_ROLE, admin);
+    }
+
+    /// @inheritdoc ERC165
+    function supportsInterface(
+        bytes4 interfaceId
+    ) public view virtual override(IERC165, ERC7984, AccessControl) returns (bool) {
+        return interfaceId == type(IERC7984Rwa).interfaceId || super.supportsInterface(interfaceId);
+    }
+
+    /// @dev Returns true if has admin role, false otherwise.
+    function isAdmin(address account) public view virtual returns (bool) {
+        return hasRole(DEFAULT_ADMIN_ROLE, account);
+    }
+
+    /// @dev Returns true if agent, false otherwise.
+    function isAgent(address account) public view virtual returns (bool) {
+        return hasRole(AGENT_ROLE, account);
+    }
+
+    /// @dev Adds agent.
+    function addAgent(address account) public virtual onlyAdmin {
+        _grantRole(AGENT_ROLE, account);
+    }
+
+    /// @dev Removes agent.
+    function removeAgent(address account) public virtual onlyAdmin {
+        _revokeRole(AGENT_ROLE, account);
+    }
+
+    /// @dev Pauses contract.
+    function pause() public virtual onlyAgent {
+        _pause();
+    }
+
+    /// @dev Unpauses contract.
+    function unpause() public virtual onlyAgent {
+        _unpause();
+    }
+
+    /// @dev Blocks a user account.
+    function blockUser(address account) public virtual onlyAgent {
+        _blockUser(account);
+    }
+
+    /// @dev Unblocks a user account.
+    function unblockUser(address account) public virtual onlyAgent {
+        _resetUser(account);
+    }
+
+    /// @dev Sets confidential frozen for an account with proof.
+    function setConfidentialFrozen(
+        address account,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) public virtual onlyAgent {
+        _setConfidentialFrozen(account, FHE.fromExternal(encryptedAmount, inputProof));
+    }
+
+    /// @dev Sets confidential frozen for an account.
+    function setConfidentialFrozen(address account, euint64 encryptedAmount) public virtual onlyAgent {
+        require(
+            FHE.isAllowed(encryptedAmount, msg.sender),
+            ERC7984UnauthorizedUseOfEncryptedAmount(encryptedAmount, msg.sender)
+        );
+        _setConfidentialFrozen(account, encryptedAmount);
+    }
+
+    /// @dev Mints confidential amount of tokens to account with proof.
+    function confidentialMint(
+        address to,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) public virtual onlyAgent returns (euint64) {
+        euint64 mintedAmount = _mint(to, FHE.fromExternal(encryptedAmount, inputProof));
+        FHE.allow(mintedAmount, msg.sender);
+        return mintedAmount;
+    }
+
+    /// @dev Mints confidential amount of tokens to account.
+    function confidentialMint(address to, euint64 encryptedAmount) public virtual onlyAgent returns (euint64) {
+        require(
+            FHE.isAllowed(encryptedAmount, msg.sender),
+            ERC7984UnauthorizedUseOfEncryptedAmount(encryptedAmount, msg.sender)
+        );
+        euint64 mintedAmount = _mint(to, encryptedAmount);
+        FHE.allow(mintedAmount, msg.sender);
+        return mintedAmount;
+    }
+
+    /// @dev Burns confidential amount of tokens from account with proof.
+    function confidentialBurn(
+        address account,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) public virtual onlyAgent returns (euint64) {
+        euint64 burntAmount = _burn(account, FHE.fromExternal(encryptedAmount, inputProof));
+        FHE.allow(burntAmount, msg.sender);
+        return burntAmount;
+    }
+
+    /// @dev Burns confidential amount of tokens from account.
+    function confidentialBurn(address account, euint64 encryptedAmount) public virtual onlyAgent returns (euint64) {
+        require(
+            FHE.isAllowed(encryptedAmount, msg.sender),
+            ERC7984UnauthorizedUseOfEncryptedAmount(encryptedAmount, msg.sender)
+        );
+        euint64 burntAmount = _burn(account, encryptedAmount);
+        FHE.allow(burntAmount, msg.sender);
+        return burntAmount;
+    }
+
+    /// @dev Variant of {forceConfidentialTransferFrom-address-address-euint64} with an input proof.
+    function forceConfidentialTransferFrom(
+        address from,
+        address to,
+        externalEuint64 encryptedAmount,
+        bytes calldata inputProof
+    ) public virtual onlyAgent returns (euint64) {
+        return _forceUpdate(from, to, FHE.fromExternal(encryptedAmount, inputProof));
+    }
+
+    /**
+     * @dev Force transfer callable by the role {AGENT_ROLE} which transfers tokens from `from` to `to` and
+     * bypasses the {ERC7984Restricted} (only on from) and https://docs.openzeppelin.com/contracts/api/utils#pausable[`++Pausable++`]
+     * checks. Frozen tokens are not transferred and must be unfrozen first.
+     */
+    function forceConfidentialTransferFrom(
+        address from,
+        address to,
+        euint64 encryptedAmount
+    ) public virtual onlyAgent returns (euint64 transferred) {
+        require(
+            FHE.isAllowed(encryptedAmount, msg.sender),
+            ERC7984UnauthorizedUseOfEncryptedAmount(encryptedAmount, msg.sender)
+        );
+        return _forceUpdate(from, to, encryptedAmount);
+    }
+
+    /// @inheritdoc ERC7984Freezable
+    function confidentialAvailable(
+        address account
+    ) public virtual override(IERC7984Rwa, ERC7984Freezable) returns (euint64) {
+        return super.confidentialAvailable(account);
+    }
+
+    /// @inheritdoc ERC7984Freezable
+    function confidentialFrozen(
+        address account
+    ) public view virtual override(IERC7984Rwa, ERC7984Freezable) returns (euint64) {
+        return super.confidentialFrozen(account);
+    }
+
+    /// @inheritdoc Pausable
+    function paused() public view virtual override(IERC7984Rwa, Pausable) returns (bool) {
+        return super.paused();
+    }
+
+    /// @inheritdoc ERC7984Restricted
+    function isUserAllowed(
+        address account
+    ) public view virtual override(IERC7984Rwa, ERC7984Restricted) returns (bool) {
+        return super.isUserAllowed(account);
+    }
+
+    /// @dev Internal function which updates confidential balances while performing frozen and restriction compliance checks.
+    function _update(
+        address from,
+        address to,
+        euint64 encryptedAmount
+    ) internal virtual override(ERC7984Freezable, ERC7984Restricted) whenNotPaused returns (euint64) {
+        // frozen and restriction checks performed through inheritance
+        return super._update(from, to, encryptedAmount);
+    }
+
+    /// @dev Internal function which forces transfer of confidential amount of tokens from account to account by skipping compliance checks.
+    function _forceUpdate(address from, address to, euint64 encryptedAmount) internal virtual returns (euint64) {
+        // bypassing `from` restriction check with {_checkSenderRestriction}. Still performing `to` restriction check.
+        // bypassing paused state by directly calling `super._update`
+        euint64 transferred = super._update(from, to, encryptedAmount);
+        FHE.allow(transferred, msg.sender);
+        return transferred;
+    }
+
+    /**
+     * @dev Bypasses the `from` restriction check when performing a {forceConfidentialTransferFrom}.
+     */
+    function _checkSenderRestriction(address account) internal view override {
+        if (_isForceTransfer()) {
+            return;
+        }
+        super._checkSenderRestriction(account);
+    }
+
+    /// @dev Private function which checks if the called function is a {forceConfidentialTransferFrom}.
+    function _isForceTransfer() private pure returns (bool) {
+        return
+            msg.sig == 0x6c9c3c85 || // bytes4(keccak256("forceConfidentialTransferFrom(address,address,bytes32)"))
+            msg.sig == 0x44fd6e40; // bytes4(keccak256("forceConfidentialTransferFrom(address,address,bytes32,bytes)"))
+    }
+}

package/token/{extensions/ConfidentialFungibleTokenVotes.sol → ERC7984/extensions/ERC7984Votes.sol}

@@ -1,27 +1,21 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Confidential Contracts (last updated v0.2.0) (token/extensions/ConfidentialFungibleTokenVotes.sol)
+// OpenZeppelin Confidential Contracts (last updated v0.3.0) (token/ERC7984/extensions/ERC7984Votes.sol)
 pragma solidity ^0.8.27;
 
 import {euint64} from "@fhevm/solidity/lib/FHE.sol";
-import {VotesConfidential} from "./../../governance/utils/VotesConfidential.sol";
-import {ConfidentialFungibleToken} from "./../ConfidentialFungibleToken.sol";
+import {VotesConfidential} from "../../../governance/utils/VotesConfidential.sol";
+import {ERC7984} from "./../ERC7984.sol";
 
 /**
- * @dev Extension of {ConfidentialFungibleToken} supporting confidential votes tracking and delegation.
+ * @dev Extension of {ERC7984} supporting confidential votes tracking and delegation.
  *
- * The amount of confidential voting units an account has is equal to the confidential token balance of
+ * The amount of confidential voting units an account has is equal to the balance of
  * that account. Voing power is taken into account when an account delegates votes to itself or to another
  * account.
  */
-abstract contract ConfidentialFungibleTokenVotes is ConfidentialFungibleToken, VotesConfidential {
-    /// @inheritdoc ConfidentialFungibleToken
-    function confidentialTotalSupply()
-        public
-        view
-        virtual
-        override(VotesConfidential, ConfidentialFungibleToken)
-        returns (euint64)
-    {
+abstract contract ERC7984Votes is ERC7984, VotesConfidential {
+    /// @inheritdoc ERC7984
+    function confidentialTotalSupply() public view virtual override(VotesConfidential, ERC7984) returns (euint64) {
         return super.confidentialTotalSupply();
     }
 

package/token/{utils/ConfidentialFungibleTokenUtils.sol → ERC7984/utils/ERC7984Utils.sol}

@@ -1,22 +1,23 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Confidential Contracts (last updated v0.2.0) (token/utils/ConfidentialFungibleTokenUtils.sol)
-pragma solidity ^0.8.24;
+// OpenZeppelin Confidential Contracts (last updated v0.3.0) (token/ERC7984/utils/ERC7984Utils.sol)
+pragma solidity ^0.8.27;
 
 import {FHE, ebool, euint64} from "@fhevm/solidity/lib/FHE.sol";
 
-import {IConfidentialFungibleTokenReceiver} from "../../interfaces/IConfidentialFungibleTokenReceiver.sol";
-import {ConfidentialFungibleToken} from "../ConfidentialFungibleToken.sol";
+import {IERC7984Receiver} from "../../../interfaces/IERC7984Receiver.sol";
+import {ERC7984} from "../ERC7984.sol";
 
-/// @dev Library that provides common {ConfidentialFungibleToken} utility functions.
-library ConfidentialFungibleTokenUtils {
+/// @dev Library that provides common {ERC7984} utility functions.
+library ERC7984Utils {
     /**
      * @dev Performs a transfer callback to the recipient of the transfer `to`. Should be invoked
-     * after all transfers "withCallback" on a {ConfidentialFungibleToken}.
+     * after all transfers "withCallback" on a {ERC7984}.
      *
      * The transfer callback is not invoked on the recipient if the recipient has no code (i.e. is an EOA). If the
      * recipient has non-zero code, it must implement
-     * {IConfidentialFungibleTokenReceiver-onConfidentialTransferReceived} and return an `ebool` indicating
-     * whether the transfer was accepted or not. If the `ebool` is `false`, the transfer will be reversed.
+     * {IERC7984Receiver-onConfidentialTransferReceived} and return an `ebool` indicating
+     * whether the transfer was accepted or not. If the `ebool` is `false`, the transfer function
+     * should try to refund the `from` address.
      */
     function checkOnTransferReceived(
         address operator,
@@ -26,13 +27,13 @@ library ConfidentialFungibleTokenUtils {
         bytes calldata data
     ) internal returns (ebool) {
         if (to.code.length > 0) {
-            try
-                IConfidentialFungibleTokenReceiver(to).onConfidentialTransferReceived(operator, from, amount, data)
-            returns (ebool retval) {
+            try IERC7984Receiver(to).onConfidentialTransferReceived(operator, from, amount, data) returns (
+                ebool retval
+            ) {
                 return retval;
             } catch (bytes memory reason) {
                 if (reason.length == 0) {
-                    revert ConfidentialFungibleToken.ConfidentialFungibleTokenInvalidReceiver(to);
+                    revert ERC7984.ERC7984InvalidReceiver(to);
                 } else {
                     assembly ("memory-safe") {
                         revert(add(32, reason), mload(reason))