create-fhevm-example 1.3.2 → 1.4.0

package/test/concepts/FHEAccessControl.ts

@@ -0,0 +1,154 @@
+import {
+  FhevmType,
+  HardhatFhevmRuntimeEnvironment,
+} from "@fhevm/hardhat-plugin";
+import { HardhatEthersSigner } from "@nomicfoundation/hardhat-ethers/signers";
+import { expect } from "chai";
+import { ethers } from "hardhat";
+import * as hre from "hardhat";
+
+import { FHEAccessControl, FHEAccessControl__factory } from "../types";
+import type { Signers } from "./types";
+
+async function deployFixture() {
+  const factory = (await ethers.getContractFactory(
+    "FHEAccessControl"
+  )) as FHEAccessControl__factory;
+  const contract = (await factory.deploy()) as FHEAccessControl;
+  const contractAddress = await contract.getAddress();
+  return { contract, contractAddress };
+}
+
+/**
+ * @notice Tests FHE access control patterns
+ * Demonstrates correct and incorrect permission handling
+ */
+describe("FHEAccessControl", function () {
+  let contract: FHEAccessControl;
+  let contractAddress: string;
+  let signers: Signers;
+  let bob: HardhatEthersSigner;
+
+  before(async function () {
+    if (!hre.fhevm.isMock) {
+      throw new Error(`This hardhat test suite cannot run on Sepolia Testnet`);
+    }
+    const ethSigners: HardhatEthersSigner[] = await ethers.getSigners();
+    signers = { owner: ethSigners[0], alice: ethSigners[1] };
+    bob = ethSigners[2];
+  });
+
+  beforeEach(async function () {
+    const deployment = await deployFixture();
+    contractAddress = deployment.contractAddress;
+    contract = deployment.contract;
+  });
+
+  describe("Correct Access Control Pattern", function () {
+    const secretValue = 42;
+
+    it("should allow user decryption with full access", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+
+      // Store value with proper permissions
+      const input = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(secretValue)
+        .encrypt();
+      await contract
+        .connect(signers.alice)
+        .storeWithFullAccess(input.handles[0], input.inputProof);
+
+      // Verify access was granted
+      expect(await contract.hasAccess(signers.alice.address)).to.equal(true);
+
+      // User should be able to decrypt
+      const encrypted = await contract.getSecretValue();
+      const decrypted = await fhevm.userDecryptEuint(
+        FhevmType.euint32,
+        encrypted,
+        contractAddress,
+        signers.alice
+      );
+      expect(decrypted).to.equal(secretValue);
+    });
+
+    it("should allow granting access to additional users", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+
+      // Alice stores the value
+      const input = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(secretValue)
+        .encrypt();
+      await contract
+        .connect(signers.alice)
+        .storeWithFullAccess(input.handles[0], input.inputProof);
+
+      // Alice grants access to Bob
+      await contract.connect(signers.alice).grantAccess(bob.address);
+
+      // Bob can now decrypt
+      const encrypted = await contract.getSecretValue();
+      const decrypted = await fhevm.userDecryptEuint(
+        FhevmType.euint32,
+        encrypted,
+        contractAddress,
+        bob
+      );
+      expect(decrypted).to.equal(secretValue);
+    });
+  });
+
+  describe("Wrong Access Control Patterns", function () {
+    const secretValue = 42;
+
+    it("should FAIL user decryption without allowThis", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+
+      // Store value WITHOUT allowThis (wrong pattern)
+      const input = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(secretValue)
+        .encrypt();
+      await contract
+        .connect(signers.alice)
+        .storeWithoutAllowThis(input.handles[0], input.inputProof);
+
+      // Attempting to decrypt should fail
+      const encrypted = await contract.getSecretValue();
+      await expect(
+        fhevm.userDecryptEuint(
+          FhevmType.euint32,
+          encrypted,
+          contractAddress,
+          signers.alice
+        )
+      ).to.be.rejected;
+    });
+
+    it("should FAIL user decryption without user allow", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+
+      // Store value WITHOUT user allow (wrong pattern)
+      const input = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(secretValue)
+        .encrypt();
+      await contract
+        .connect(signers.alice)
+        .storeWithoutUserAllow(input.handles[0], input.inputProof);
+
+      // User (alice) cannot decrypt because no permission was granted
+      const encrypted = await contract.getSecretValue();
+      await expect(
+        fhevm.userDecryptEuint(
+          FhevmType.euint32,
+          encrypted,
+          contractAddress,
+          signers.alice
+        )
+      ).to.be.rejected;
+    });
+  });
+});

package/test/concepts/FHEAntiPatterns.ts

@@ -0,0 +1,111 @@
+import { HardhatEthersSigner } from "@nomicfoundation/hardhat-ethers/signers";
+import { expect } from "chai";
+import { ethers } from "hardhat";
+import * as hre from "hardhat";
+
+import { FHEAntiPatterns, FHEAntiPatterns__factory } from "../types";
+import type { Signers } from "./types";
+
+async function deployFixture() {
+  const factory = (await ethers.getContractFactory(
+    "FHEAntiPatterns"
+  )) as FHEAntiPatterns__factory;
+  const contract = (await factory.deploy()) as FHEAntiPatterns;
+  const contractAddress = await contract.getAddress();
+  return { contract, contractAddress };
+}
+
+/**
+ * @notice Tests for FHE anti-patterns
+ * Demonstrates correct patterns for common FHE mistakes
+ */
+describe("FHEAntiPatterns", function () {
+  let contract: FHEAntiPatterns;
+  let contractAddress: string;
+  let signers: Signers;
+
+  before(async function () {
+    if (!hre.fhevm.isMock) {
+      throw new Error(`This hardhat test suite cannot run on Sepolia Testnet`);
+    }
+    const ethSigners: HardhatEthersSigner[] = await ethers.getSigners();
+    signers = { owner: ethSigners[0], alice: ethSigners[1] };
+  });
+
+  beforeEach(async function () {
+    const deployment = await deployFixture();
+    contractAddress = deployment.contractAddress;
+    contract = deployment.contract;
+  });
+
+  describe("Initialization", function () {
+    it("should initialize with encrypted balance and threshold", async function () {
+      const fhevm = hre.fhevm;
+      const balance = 100;
+      const threshold = 50;
+
+      const input = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(balance)
+        .add32(threshold)
+        .encrypt();
+
+      await contract
+        .connect(signers.alice)
+        .initialize(input.handles[0], input.handles[1], input.inputProof);
+
+      // Contract should now have encrypted values
+      // We can't directly verify values without decryption, but tx should succeed
+    });
+  });
+
+  describe("Correct Conditional Pattern", function () {
+    it("should handle conditional logic with FHE.select", async function () {
+      const fhevm = hre.fhevm;
+
+      // Initialize with balance=100, threshold=50
+      const input = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(100) // balance
+        .add32(50) // threshold
+        .encrypt();
+
+      await contract
+        .connect(signers.alice)
+        .initialize(input.handles[0], input.handles[1], input.inputProof);
+
+      // Execute correct conditional - should not revert
+      await expect(contract.connect(signers.alice).correctConditional()).to.not
+        .be.reverted;
+    });
+  });
+
+  describe("Correct Computation Pattern", function () {
+    it("should compute with proper permission grants", async function () {
+      const fhevm = hre.fhevm;
+
+      const input = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(50) // balance
+        .add32(25) // threshold
+        .encrypt();
+
+      await contract
+        .connect(signers.alice)
+        .initialize(input.handles[0], input.handles[1], input.inputProof);
+
+      // correctCompute grants proper permissions
+      await expect(contract.connect(signers.alice).correctCompute()).to.not.be
+        .reverted;
+    });
+  });
+
+  describe("Rules Reference", function () {
+    it("should return the key rules summary", async function () {
+      const rules = await contract.getRules();
+      expect(rules).to.include("FHE.select");
+      expect(rules).to.include("FHE.allowThis");
+      expect(rules).to.include("require/revert");
+    });
+  });
+});

package/test/concepts/FHEHandles.ts

@@ -0,0 +1,156 @@
+import {
+  FhevmType,
+  HardhatFhevmRuntimeEnvironment,
+} from "@fhevm/hardhat-plugin";
+import { HardhatEthersSigner } from "@nomicfoundation/hardhat-ethers/signers";
+import { expect } from "chai";
+import { ethers } from "hardhat";
+import * as hre from "hardhat";
+
+import { FHEHandles, FHEHandles__factory } from "../types";
+import type { Signers } from "./types";
+
+async function deployFixture() {
+  const factory = (await ethers.getContractFactory(
+    "FHEHandles"
+  )) as FHEHandles__factory;
+  const contract = (await factory.deploy()) as FHEHandles;
+  const contractAddress = await contract.getAddress();
+  return { contract, contractAddress };
+}
+
+/**
+ * @notice Tests FHE handle lifecycle and operations
+ * Demonstrates handle creation, computation, and immutability
+ */
+describe("FHEHandles", function () {
+  let contract: FHEHandles;
+  let contractAddress: string;
+  let signers: Signers;
+
+  before(async function () {
+    if (!hre.fhevm.isMock) {
+      throw new Error(`This hardhat test suite cannot run on Sepolia Testnet`);
+    }
+    const ethSigners: HardhatEthersSigner[] = await ethers.getSigners();
+    signers = { owner: ethSigners[0], alice: ethSigners[1] };
+  });
+
+  beforeEach(async function () {
+    const deployment = await deployFixture();
+    contractAddress = deployment.contractAddress;
+    contract = deployment.contract;
+  });
+
+  describe("Handle Creation", function () {
+    it("should create handle from external encrypted input", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+      const value = 42;
+
+      const input = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(value)
+        .encrypt();
+
+      await contract
+        .connect(signers.alice)
+        .createFromExternal(input.handles[0], input.inputProof);
+
+      const encrypted = await contract.getStoredValue();
+      const decrypted = await fhevm.userDecryptEuint(
+        FhevmType.euint32,
+        encrypted,
+        contractAddress,
+        signers.alice
+      );
+      expect(decrypted).to.equal(value);
+    });
+
+    it("should create handle from plaintext constant", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+      const plaintextValue = 100;
+
+      await contract.connect(signers.alice).createFromPlaintext(plaintextValue);
+
+      const encrypted = await contract.getStoredValue();
+      const decrypted = await fhevm.userDecryptEuint(
+        FhevmType.euint32,
+        encrypted,
+        contractAddress,
+        signers.alice
+      );
+      expect(decrypted).to.equal(plaintextValue);
+    });
+  });
+
+  describe("Handle Computation", function () {
+    const initialValue = 50;
+
+    beforeEach(async function () {
+      await contract.connect(signers.alice).createFromPlaintext(initialValue);
+    });
+
+    it("should create new handle when computing", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+
+      // computeNewHandle adds 10 to stored value
+      await contract.connect(signers.alice).computeNewHandle();
+
+      const encrypted = await contract.getComputedValue();
+      const decrypted = await fhevm.userDecryptEuint(
+        FhevmType.euint32,
+        encrypted,
+        contractAddress,
+        signers.alice
+      );
+      expect(decrypted).to.equal(initialValue + 10);
+    });
+
+    it("should handle chained operations correctly", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+
+      // chainedOperations: (value + 5) * 2 - 1
+      // (50 + 5) * 2 - 1 = 55 * 2 - 1 = 110 - 1 = 109
+      await contract.connect(signers.alice).chainedOperations();
+
+      const encrypted = await contract.getComputedValue();
+      const decrypted = await fhevm.userDecryptEuint(
+        FhevmType.euint32,
+        encrypted,
+        contractAddress,
+        signers.alice
+      );
+      expect(decrypted).to.equal(109);
+    });
+  });
+
+  describe("Handle Immutability", function () {
+    it("should demonstrate handle immutability", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+      const initialValue = 100;
+
+      await contract.connect(signers.alice).createFromPlaintext(initialValue);
+
+      // Get original value before update
+      const originalEncrypted = await contract.getStoredValue();
+
+      // This updates _storedValue to (old + 100)
+      await contract.connect(signers.alice).demonstrateImmutability();
+
+      // Get new value
+      const newEncrypted = await contract.getStoredValue();
+      const newDecrypted = await fhevm.userDecryptEuint(
+        FhevmType.euint32,
+        newEncrypted,
+        contractAddress,
+        signers.alice
+      );
+
+      // New value should be initialValue + 100
+      expect(newDecrypted).to.equal(initialValue + 100);
+
+      // The handles should be different (different encrypted values)
+      // Note: In mock mode, we can't directly compare handle values
+    });
+  });
+});

package/test/concepts/FHEInputProof.ts

@@ -0,0 +1,151 @@
+import {
+  FhevmType,
+  HardhatFhevmRuntimeEnvironment,
+} from "@fhevm/hardhat-plugin";
+import { HardhatEthersSigner } from "@nomicfoundation/hardhat-ethers/signers";
+import { expect } from "chai";
+import { ethers } from "hardhat";
+import * as hre from "hardhat";
+
+import { FHEInputProof, FHEInputProof__factory } from "../types";
+import type { Signers } from "./types";
+
+async function deployFixture() {
+  const factory = (await ethers.getContractFactory(
+    "FHEInputProof"
+  )) as FHEInputProof__factory;
+  const contract = (await factory.deploy()) as FHEInputProof;
+  const contractAddress = await contract.getAddress();
+  return { contract, contractAddress };
+}
+
+/**
+ * @notice Tests input proof validation patterns
+ * Demonstrates single and multiple encrypted inputs with proofs
+ */
+describe("FHEInputProof", function () {
+  let contract: FHEInputProof;
+  let contractAddress: string;
+  let signers: Signers;
+
+  before(async function () {
+    if (!hre.fhevm.isMock) {
+      throw new Error(`This hardhat test suite cannot run on Sepolia Testnet`);
+    }
+    const ethSigners: HardhatEthersSigner[] = await ethers.getSigners();
+    signers = { owner: ethSigners[0], alice: ethSigners[1] };
+  });
+
+  beforeEach(async function () {
+    const deployment = await deployFixture();
+    contractAddress = deployment.contractAddress;
+    contract = deployment.contract;
+  });
+
+  describe("Single Input with Proof", function () {
+    it("should accept and store a single encrypted value with valid proof", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+      const secretValue = 123;
+
+      // Create encrypted input with proof
+      const encryptedInput = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(secretValue)
+        .encrypt();
+
+      // Submit to contract - proof is validated in fromExternal
+      await contract
+        .connect(signers.alice)
+        .setSingleValue(encryptedInput.handles[0], encryptedInput.inputProof);
+
+      // Verify the value was stored correctly
+      const encrypted = await contract.getSingleValue();
+      const decrypted = await fhevm.userDecryptEuint(
+        FhevmType.euint32,
+        encrypted,
+        contractAddress,
+        signers.alice
+      );
+      expect(decrypted).to.equal(secretValue);
+    });
+  });
+
+  describe("Multiple Inputs with Batched Proof", function () {
+    it("should accept multiple encrypted values with a single proof", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+      const valueA = 100;
+      const valueB = 200n; // uint64
+
+      // Create batched encrypted input
+      const encryptedInput = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(valueA) // index 0 -> handles[0]
+        .add64(valueB) // index 1 -> handles[1]
+        .encrypt();
+
+      // Submit both values with single proof
+      await contract
+        .connect(signers.alice)
+        .setMultipleValues(
+          encryptedInput.handles[0],
+          encryptedInput.handles[1],
+          encryptedInput.inputProof
+        );
+
+      // Verify both values
+      const encryptedA = await contract.getValueA();
+      const decryptedA = await fhevm.userDecryptEuint(
+        FhevmType.euint32,
+        encryptedA,
+        contractAddress,
+        signers.alice
+      );
+      expect(decryptedA).to.equal(valueA);
+
+      const encryptedB = await contract.getValueB();
+      const decryptedB = await fhevm.userDecryptEuint(
+        FhevmType.euint64,
+        encryptedB,
+        contractAddress,
+        signers.alice
+      );
+      expect(decryptedB).to.equal(valueB);
+    });
+  });
+
+  describe("Computation with New Input Proof", function () {
+    it("should add an encrypted value to stored value", async function () {
+      const fhevm: HardhatFhevmRuntimeEnvironment = hre.fhevm;
+      const initialValue = 100;
+      const addendValue = 50;
+
+      // Set initial value
+      const input1 = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(initialValue)
+        .encrypt();
+      await contract
+        .connect(signers.alice)
+        .setSingleValue(input1.handles[0], input1.inputProof);
+
+      // Add another encrypted value
+      const input2 = await fhevm
+        .createEncryptedInput(contractAddress, signers.alice.address)
+        .add32(addendValue)
+        .encrypt();
+      await contract
+        .connect(signers.alice)
+        .addToValue(input2.handles[0], input2.inputProof);
+
+      // Verify result
+      const encrypted = await contract.getSingleValue();
+      const decrypted = await fhevm.userDecryptEuint(
+        FhevmType.euint32,
+        encrypted,
+        contractAddress,
+        signers.alice
+      );
+      expect(decrypted).to.equal(initialValue + addendValue);
+    });
+  });
+});