@openzeppelin/confidential-contracts 0.4.1 → 0.5.0

package/build/contracts/IERC7984Rwa.json

@@ -72,6 +72,31 @@
       "name": "OperatorSet",
       "type": "event"
     },
+    {
+      "anonymous": false,
+      "inputs": [
+        {
+          "indexed": true,
+          "internalType": "address",
+          "name": "lostAccount",
+          "type": "address"
+        },
+        {
+          "indexed": true,
+          "internalType": "address",
+          "name": "newAccount",
+          "type": "address"
+        },
+        {
+          "indexed": false,
+          "internalType": "euint64",
+          "name": "amount",
+          "type": "bytes32"
+        }
+      ],
+      "name": "TokensRecovered",
+      "type": "event"
+    },
     {
       "inputs": [
         {
@@ -621,6 +646,44 @@
       "stateMutability": "nonpayable",
       "type": "function"
     },
+    {
+      "inputs": [
+        {
+          "internalType": "address",
+          "name": "account",
+          "type": "address"
+        }
+      ],
+      "name": "isAdmin",
+      "outputs": [
+        {
+          "internalType": "bool",
+          "name": "",
+          "type": "bool"
+        }
+      ],
+      "stateMutability": "view",
+      "type": "function"
+    },
+    {
+      "inputs": [
+        {
+          "internalType": "address",
+          "name": "account",
+          "type": "address"
+        }
+      ],
+      "name": "isAgent",
+      "outputs": [
+        {
+          "internalType": "bool",
+          "name": "",
+          "type": "bool"
+        }
+      ],
+      "stateMutability": "view",
+      "type": "function"
+    },
     {
       "inputs": [
         {
@@ -678,6 +741,30 @@
       "stateMutability": "view",
       "type": "function"
     },
+    {
+      "inputs": [
+        {
+          "internalType": "address",
+          "name": "lostAccount",
+          "type": "address"
+        },
+        {
+          "internalType": "address",
+          "name": "newAccount",
+          "type": "address"
+        }
+      ],
+      "name": "recoverAddress",
+      "outputs": [
+        {
+          "internalType": "euint64",
+          "name": "",
+          "type": "bytes32"
+        }
+      ],
+      "stateMutability": "nonpayable",
+      "type": "function"
+    },
     {
       "inputs": [
         {

package/finance/BatcherConfidential.sol

@@ -1,9 +1,9 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Confidential Contracts (last updated v0.4.1) (finance/BatcherConfidential.sol)
+// OpenZeppelin Confidential Contracts (last updated v0.5.0) (finance/BatcherConfidential.sol)
 
 pragma solidity ^0.8.27;
 
-import {FHE, externalEuint64, euint64, ebool, euint128} from "@fhevm/solidity/lib/FHE.sol";
+import {FHE, externalEuint64, euint64, ebool} from "@fhevm/solidity/lib/FHE.sol";
 import {IERC20} from "@openzeppelin/contracts/interfaces/IERC20.sol";
 import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 import {ERC165Checker} from "@openzeppelin/contracts/utils/introspection/ERC165Checker.sol";
@@ -16,8 +16,8 @@ import {FHESafeMath} from "./../utils/FHESafeMath.sol";
 
 /**
  * @dev `BatcherConfidential` is a batching primitive that enables routing between two {ERC7984ERC20Wrapper} contracts
- * via a non-confidential route. Users deposit {fromToken} into the batcher and receive {toToken} in exchange. Deposits are
- * made by using `ERC7984` transfer and call functions such as {ERC7984-confidentialTransferAndCall}.
+ * (with distinct underlying tokens) via a non-confidential route. Users deposit {fromToken} into the batcher and receive
+ * {toToken} in exchange. Deposits are made by using `ERC7984` transfer and call functions such as {ERC7984-confidentialTransferAndCall}.
  *
  * Developers must implement the virtual function {_executeRoute} to perform the batch's route. This function is called
  * once the batch deposits are unwrapped into the underlying tokens. The function should swap the underlying {fromToken} for
@@ -110,6 +110,12 @@ abstract contract BatcherConfidential is ReentrancyGuardTransient, IERC7984Recei
     /// @dev The given `token` does not support `IERC7984ERC20Wrapper` via `ERC165`.
     error InvalidWrapperToken(address token);
 
+    /// @dev The underlying wrapper tokens are the same.
+    error DuplicateUnderlyingTokens();
+
+    /// @dev Intermediate steps must not result in underlying {toToken} being transferred to or from the batcher.
+    error IntermediateStepToTokenBalanceChanged(uint256 batchId);
+
     constructor(IERC7984ERC20Wrapper fromToken_, IERC7984ERC20Wrapper toToken_) {
         require(
             ERC165Checker.supportsInterface(address(fromToken_), type(IERC7984ERC20Wrapper).interfaceId),
@@ -119,6 +125,7 @@ abstract contract BatcherConfidential is ReentrancyGuardTransient, IERC7984Recei
             ERC165Checker.supportsInterface(address(toToken_), type(IERC7984ERC20Wrapper).interfaceId),
             InvalidWrapperToken(address(toToken_))
         );
+        require(fromToken_.underlying() != toToken_.underlying(), DuplicateUnderlyingTokens());
 
         _fromToken = fromToken_;
         _toToken = toToken_;
@@ -216,10 +223,13 @@ abstract contract BatcherConfidential is ReentrancyGuardTransient, IERC7984Recei
             FHE.checkSignatures(handles, abi.encode(unwrapAmountCleartext), decryptionProof);
         }
 
+        uint256 beforeUnderlyingToTokenBalance;
+
         ExecuteOutcome outcome;
         if (unwrapAmountCleartext == 0) {
             outcome = ExecuteOutcome.Cancel;
         } else {
+            beforeUnderlyingToTokenBalance = IERC20(toToken().underlying()).balanceOf(address(this));
             outcome = _executeRoute(batchId, unwrapAmountCleartext);
         }
 
@@ -251,6 +261,11 @@ abstract contract BatcherConfidential is ReentrancyGuardTransient, IERC7984Recei
             _batches[batchId].canceled = true;
 
             emit BatchCanceled(batchId);
+        } else if (outcome == ExecuteOutcome.Partial) {
+            require(
+                IERC20(toToken().underlying()).balanceOf(address(this)) == beforeUnderlyingToTokenBalance,
+                IntermediateStepToTokenBalanceChanged(batchId)
+            );
         }
     }
 
@@ -401,7 +416,7 @@ abstract contract BatcherConfidential is ReentrancyGuardTransient, IERC7984Recei
      *
      * NOTE: {dispatchBatchCallback} (and in turn {_executeRoute}) can be repeatedly called until the route execution is complete.
      * If a multi-step route is necessary, intermediate steps should return `ExecuteOutcome.Partial`. Intermediate steps *must* not
-     * result in underlying {toToken} being transferred into the batcher.
+     * result in underlying {toToken} being transferred to or from the batcher.
      *
      * [WARNING]
      * ====

package/governance/utils/VotesConfidential.sol

@@ -1,9 +1,9 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Confidential Contracts (last updated v0.4.0) (governance/utils/VotesConfidential.sol)
+// OpenZeppelin Confidential Contracts (last updated v0.5.0) (governance/utils/VotesConfidential.sol)
 
 pragma solidity ^0.8.26;
 
-import {FHE, ebool, euint64} from "@fhevm/solidity/lib/FHE.sol";
+import {FHE, euint64} from "@fhevm/solidity/lib/FHE.sol";
 import {IERC6372} from "@openzeppelin/contracts/interfaces/IERC6372.sol";
 import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
 import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";

package/interfaces/IERC7984HookModule.sol

@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Confidential Contracts (last updated v0.5.0) (interfaces/IERC7984HookModule.sol)
+
+pragma solidity ^0.8.24;
+
+import {euint64, ebool} from "@fhevm/solidity/lib/FHE.sol";
+import {IERC165} from "@openzeppelin/contracts/interfaces/IERC165.sol";
+
+/// @dev Interface for an ERC-7984 hook module.
+interface IERC7984HookModule is IERC165 {
+    /// @dev Optionally emitted by a module to indicate the result of its validation (pre-transfer) hook.
+    event ERC7984HookModuleResult(
+        address indexed token,
+        address indexed from,
+        address indexed to,
+        euint64 encryptedAmount,
+        ebool result,
+        bytes32 context
+    );
+
+    /**
+     * @dev Hook that runs before a transfer. Should not mutate token state. Module is already
+     * granted transient access to `encryptedAmount`.
+     */
+    function preTransfer(address from, address to, euint64 encryptedAmount) external returns (ebool);
+
+    /// @dev Performs operation after transfer.
+    function postTransfer(address from, address to, euint64 encryptedAmount) external;
+
+    /// @dev Performs operations after installation.
+    function onInstall(bytes calldata initData) external;
+}

package/interfaces/IERC7984Receiver.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Confidential Contracts (last updated v0.4.0) (interfaces/IERC7984Receiver.sol)
+// OpenZeppelin Confidential Contracts (last updated v0.5.0) (interfaces/IERC7984Receiver.sol)
 pragma solidity ^0.8.24;
 
 import {ebool, euint64} from "@fhevm/solidity/lib/FHE.sol";
@@ -10,6 +10,8 @@ interface IERC7984Receiver {
      * @dev Called upon receiving a confidential token transfer. Returns an encrypted boolean indicating success
      * of the callback. If false is returned, the token contract will attempt to refund the transfer.
      *
+     * NOTE: The calling contract (token) must be granted ACL allowance to read the confidential return value.
+     *
      * WARNING: Do not manually refund the transfer AND return false, as this can lead to double refunds.
      */
     function onConfidentialTransferReceived(

package/interfaces/IERC7984Rwa.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Confidential Contracts (last updated v0.4.0) (interfaces/IERC7984Rwa.sol)
+// OpenZeppelin Confidential Contracts (last updated v0.5.0) (interfaces/IERC7984Rwa.sol)
 pragma solidity ^0.8.24;
 
 import {externalEuint64, euint64} from "@fhevm/solidity/lib/FHE.sol";
@@ -7,46 +7,69 @@ import {IERC7984} from "./IERC7984.sol";
 
 /// @dev Interface for confidential RWA contracts.
 interface IERC7984Rwa is IERC7984 {
+    /// @dev Emitted when the balance `amount` of `lostAccount` is recovered to `newAccount`.
+    event TokensRecovered(address indexed lostAccount, address indexed newAccount, euint64 amount);
+
     /// @dev Returns true if the contract is paused, false otherwise.
     function paused() external view returns (bool);
+
+    /// @dev Returns true if has admin role, false otherwise.
+    function isAdmin(address account) external view returns (bool);
+
+    /// @dev Returns true if agent, false otherwise.
+    function isAgent(address account) external view returns (bool);
+
     /// @dev Returns whether an account is allowed to interact with the token.
     function canTransact(address account) external view returns (bool);
+
     /// @dev Returns the confidential frozen balance of an account.
     function confidentialFrozen(address account) external view returns (euint64);
+
     /// @dev Returns the confidential available (unfrozen) balance of an account. Up to {IERC7984-confidentialBalanceOf}.
     function confidentialAvailable(address account) external returns (euint64);
+
     /// @dev Pauses contract.
     function pause() external;
+
     /// @dev Unpauses contract.
     function unpause() external;
+
     /// @dev Blocks a user account.
     function blockUser(address account) external;
+
     /// @dev Unblocks a user account.
     function unblockUser(address account) external;
+
     /// @dev Sets confidential amount of token for an account as frozen with proof.
     function setConfidentialFrozen(
         address account,
         externalEuint64 encryptedAmount,
         bytes calldata inputProof
     ) external;
+
     /// @dev Sets confidential amount of token for an account as frozen.
     function setConfidentialFrozen(address account, euint64 encryptedAmount) external;
+
     /// @dev Mints confidential amount of tokens to account with proof.
     function confidentialMint(
         address to,
         externalEuint64 encryptedAmount,
         bytes calldata inputProof
     ) external returns (euint64);
+
     /// @dev Mints confidential amount of tokens to account.
     function confidentialMint(address to, euint64 encryptedAmount) external returns (euint64);
+
     /// @dev Burns confidential amount of tokens from account with proof.
     function confidentialBurn(
         address account,
         externalEuint64 encryptedAmount,
         bytes calldata inputProof
     ) external returns (euint64);
+
     /// @dev Burns confidential amount of tokens from account.
     function confidentialBurn(address account, euint64 encryptedAmount) external returns (euint64);
+
     /// @dev Forces transfer of confidential amount of tokens from account to account with proof by skipping compliance checks.
     function forceConfidentialTransferFrom(
         address from,
@@ -54,10 +77,14 @@ interface IERC7984Rwa is IERC7984 {
         externalEuint64 encryptedAmount,
         bytes calldata inputProof
     ) external returns (euint64);
+
     /// @dev Forces transfer of confidential amount of tokens from account to account by skipping compliance checks.
     function forceConfidentialTransferFrom(
         address from,
         address to,
         euint64 encryptedAmount
     ) external returns (euint64);
+
+    /// @dev Recovers the address of a lost account to a new account.
+    function recoverAddress(address lostAccount, address newAccount) external returns (euint64);
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@openzeppelin/confidential-contracts",
   "description": "Smart Contract library for use with confidential coprocessors",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "files": [
     "**/*.sol",
     "/build/contracts/*.json",

package/token/ERC7984/ERC7984.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Confidential Contracts (last updated v0.3.0) (token/ERC7984/ERC7984.sol)
+// OpenZeppelin Confidential Contracts (last updated v0.5.0) (token/ERC7984/ERC7984.sol)
 pragma solidity ^0.8.27;
 
 import {FHE, externalEuint64, ebool, euint64} from "@fhevm/solidity/lib/FHE.sol";
@@ -44,9 +44,6 @@ abstract contract ERC7984 is IERC7984, ERC165 {
     /// @dev The given holder `holder` is not authorized to spend on behalf of `spender`.
     error ERC7984UnauthorizedSpender(address holder, address spender);
 
-    /// @dev The holder `holder` is trying to send tokens but has a balance of 0.
-    error ERC7984ZeroBalance(address holder);
-
     /**
      * @dev The caller `user` does not have access to the encrypted amount `amount`.
      *
@@ -57,9 +54,6 @@ abstract contract ERC7984 is IERC7984, ERC165 {
     /// @dev The given caller `caller` is not authorized for the current operation.
     error ERC7984UnauthorizedCaller(address caller);
 
-    /// @dev The given gateway request ID `requestId` is invalid.
-    error ERC7984InvalidGatewayRequest(uint256 requestId);
-
     constructor(string memory name_, string memory symbol_, string memory contractURI_) {
         _name = name_;
         _symbol = symbol_;
@@ -106,7 +100,10 @@ abstract contract ERC7984 is IERC7984, ERC165 {
         return holder == spender || block.timestamp <= _operators[holder][spender];
     }
 
-    /// @inheritdoc IERC7984
+    /**
+     * @dev See {IERC7984-setOperator}. Operators are given ACL allowance (ability to decrypt) for the transferred amount
+     * of transfers they initiate.
+     */
     function setOperator(address operator, uint48 until) public virtual {
         _setOperator(msg.sender, operator, until);
     }
@@ -132,22 +129,20 @@ abstract contract ERC7984 is IERC7984, ERC165 {
         address to,
         externalEuint64 encryptedAmount,
         bytes calldata inputProof
-    ) public virtual returns (euint64 transferred) {
+    ) public virtual returns (euint64) {
         require(isOperator(from, msg.sender), ERC7984UnauthorizedSpender(from, msg.sender));
-        transferred = _transfer(from, to, FHE.fromExternal(encryptedAmount, inputProof));
+        euint64 transferred = _transfer(from, to, FHE.fromExternal(encryptedAmount, inputProof));
         FHE.allowTransient(transferred, msg.sender);
+        return transferred;
     }
 
     /// @inheritdoc IERC7984
-    function confidentialTransferFrom(
-        address from,
-        address to,
-        euint64 amount
-    ) public virtual returns (euint64 transferred) {
+    function confidentialTransferFrom(address from, address to, euint64 amount) public virtual returns (euint64) {
         require(FHE.isAllowed(amount, msg.sender), ERC7984UnauthorizedUseOfEncryptedAmount(amount, msg.sender));
         require(isOperator(from, msg.sender), ERC7984UnauthorizedSpender(from, msg.sender));
-        transferred = _transfer(from, to, amount);
+        euint64 transferred = _transfer(from, to, amount);
         FHE.allowTransient(transferred, msg.sender);
+        return transferred;
     }
 
     /// @inheritdoc IERC7984
@@ -156,9 +151,8 @@ abstract contract ERC7984 is IERC7984, ERC165 {
         externalEuint64 encryptedAmount,
         bytes calldata inputProof,
         bytes calldata data
-    ) public virtual returns (euint64 transferred) {
-        transferred = _transferAndCall(msg.sender, to, FHE.fromExternal(encryptedAmount, inputProof), data);
-        FHE.allowTransient(transferred, msg.sender);
+    ) public virtual returns (euint64) {
+        return _transferAndCall(msg.sender, to, FHE.fromExternal(encryptedAmount, inputProof), data);
     }
 
     /// @inheritdoc IERC7984
@@ -166,10 +160,9 @@ abstract contract ERC7984 is IERC7984, ERC165 {
         address to,
         euint64 amount,
         bytes calldata data
-    ) public virtual returns (euint64 transferred) {
+    ) public virtual returns (euint64) {
         require(FHE.isAllowed(amount, msg.sender), ERC7984UnauthorizedUseOfEncryptedAmount(amount, msg.sender));
-        transferred = _transferAndCall(msg.sender, to, amount, data);
-        FHE.allowTransient(transferred, msg.sender);
+        return _transferAndCall(msg.sender, to, amount, data);
     }
 
     /// @inheritdoc IERC7984
@@ -179,10 +172,9 @@ abstract contract ERC7984 is IERC7984, ERC165 {
         externalEuint64 encryptedAmount,
         bytes calldata inputProof,
         bytes calldata data
-    ) public virtual returns (euint64 transferred) {
+    ) public virtual returns (euint64) {
         require(isOperator(from, msg.sender), ERC7984UnauthorizedSpender(from, msg.sender));
-        transferred = _transferAndCall(from, to, FHE.fromExternal(encryptedAmount, inputProof), data);
-        FHE.allowTransient(transferred, msg.sender);
+        return _transferAndCall(from, to, FHE.fromExternal(encryptedAmount, inputProof), data);
     }
 
     /// @inheritdoc IERC7984
@@ -191,11 +183,10 @@ abstract contract ERC7984 is IERC7984, ERC165 {
         address to,
         euint64 amount,
         bytes calldata data
-    ) public virtual returns (euint64 transferred) {
+    ) public virtual returns (euint64) {
         require(FHE.isAllowed(amount, msg.sender), ERC7984UnauthorizedUseOfEncryptedAmount(amount, msg.sender));
         require(isOperator(from, msg.sender), ERC7984UnauthorizedSpender(from, msg.sender));
-        transferred = _transferAndCall(from, to, amount, data);
-        FHE.allowTransient(transferred, msg.sender);
+        return _transferAndCall(from, to, amount, data);
     }
 
     /**
@@ -255,6 +246,25 @@ abstract contract ERC7984 is IERC7984, ERC165 {
         return _update(from, to, amount);
     }
 
+    /**
+     * @dev Transfers the given amount of tokens from `from` to `to` and calls the `onConfidentialTransferReceived`
+     * function on the recipient.
+     *
+     * The token contract initiates a second transfer refunding the tokens from the recipient to the sender--the
+     * amount is 0 if the callback succeeds, otherwise the amount is the amount that was transferred.
+     *
+     * The returned `transferred` amount is a fresh ciphertext computed as `sent - refund`
+     * and `msg.sender` only receives a transient FHE allowance for it. This value is generally
+     * intended to be processed only in the same transaction. Event observers see `sent` and `refund` individually.
+     *
+     * WARNING: The refund triggered when {IERC7984Receiver-onConfidentialTransferReceived} returns an encrypted
+     * false is best-effort only. A receiver that transfers, burns, or otherwise reduces its balance during
+     * the hook can still return false, in which case the refund transfers zero tokens. The sender's tokens
+     * end up with the recipient rather than being refunded.
+     *
+     * WARNING: Refunds are subject to the same validation flow as a normal transfer--they may fail for a variety of
+     * reasons (such as failed hook validation in {ERC7984Hooked}). In these cases, the tokens do not return to the sender.
+     */
     function _transferAndCall(
         address from,
         address to,
@@ -270,8 +280,13 @@ abstract contract ERC7984 is IERC7984, ERC165 {
         // Try to refund if callback fails
         euint64 refund = _update(to, from, FHE.select(success, FHE.asEuint64(0), sent));
         transferred = FHE.sub(sent, refund);
+        FHE.allowTransient(transferred, msg.sender);
     }
 
+    /**
+     * @dev Safely moves up to `amount` from `from` to `to`, or mints/burns if `from`/`to` is the zero address.
+     * Emits a {ConfidentialTransfer} event with the successfully transferred amount.
+     */
     function _update(address from, address to, euint64 amount) internal virtual returns (euint64 transferred) {
         ebool success;
         euint64 ptr;
@@ -282,7 +297,6 @@ abstract contract ERC7984 is IERC7984, ERC165 {
             _totalSupply = ptr;
         } else {
             euint64 fromBalance = _balances[from];
-            require(FHE.isInitialized(fromBalance), ERC7984ZeroBalance(from));
             (success, ptr) = FHESafeMath.tryDecrease(fromBalance, amount);
             FHE.allowThis(ptr);
             FHE.allow(ptr, from);

package/token/ERC7984/extensions/ERC7984ERC20Wrapper.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Confidential Contracts (last updated v0.4.0) (token/ERC7984/extensions/ERC7984ERC20Wrapper.sol)
+// OpenZeppelin Confidential Contracts (last updated v0.5.0) (token/ERC7984/extensions/ERC7984ERC20Wrapper.sol)
 
 pragma solidity ^0.8.27;
 
@@ -180,8 +180,8 @@ abstract contract ERC7984ERC20Wrapper is ERC7984, IERC7984ERC20Wrapper, IERC1363
     }
 
     /**
-     * @dev Get the address that has a pending unwrap request for the given `unwrapAmount`. Returns `address(0)` if no pending
-     * unwrap request for the amount `unwrapAmount` exists.
+     * @dev Gets the address that will receive the ERC-20 tokens associated with a pending unwrap request identified by
+     * `unwrapRequestId`. Returns `address(0)` if there is no pending unwrap request with id `unwrapRequestId`.
      */
     function unwrapRequester(bytes32 unwrapRequestId) public view virtual returns (address) {
         return _unwrapRequests[unwrapRequestId];

package/token/ERC7984/extensions/ERC7984Freezable.sol

@@ -1,9 +1,9 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Confidential Contracts (last updated v0.4.0) (token/ERC7984/extensions/ERC7984Freezable.sol)
+// OpenZeppelin Confidential Contracts (last updated v0.5.0) (token/ERC7984/extensions/ERC7984Freezable.sol)
 
 pragma solidity ^0.8.27;
 
-import {FHE, ebool, euint64, externalEuint64} from "@fhevm/solidity/lib/FHE.sol";
+import {FHE, euint64} from "@fhevm/solidity/lib/FHE.sol";
 import {FHESafeMath} from "../../../utils/FHESafeMath.sol";
 import {ERC7984} from "../ERC7984.sol";
 
@@ -40,11 +40,7 @@ abstract contract ERC7984Freezable is ERC7984 {
 
     /// @dev Internal function to calculate the available balance of an account. Does not give any allowances.
     function _confidentialAvailable(address account) internal virtual returns (euint64) {
-        (ebool success, euint64 unfrozen) = FHESafeMath.tryDecrease(
-            confidentialBalanceOf(account),
-            confidentialFrozen(account)
-        );
-        return FHE.select(success, unfrozen, FHE.asEuint64(0));
+        return FHESafeMath.saturatingSub(confidentialBalanceOf(account), confidentialFrozen(account));
     }
 
     /// @dev Internal function to freeze a confidential amount of tokens for an account.