create-fhevm-example 1.4.4 → 1.4.6

package/README.md

@@ -56,8 +56,8 @@ npx create-fhevm-example --category basic
 npx create-fhevm-example --add
 npx create-fhevm-example --add --target ./my-existing-project
 
-# With auto-install and testing
-npx create-fhevm-example --example fhe-counter --output ./my-project --install --test
+# With auto-install
+npx create-fhevm-example --example fhe-counter --output ./my-project --install
 ```
 
 ---
@@ -72,7 +72,6 @@ npx create-fhevm-example --example fhe-counter --output ./my-project --install -
 | `--target <dir>` | Target directory for `--add` mode (default: current dir) |
 | `--output <dir>` | Output directory for new projects |
 | `--install` | Auto-install dependencies after scaffolding |
-| `--test` | Auto-run tests (requires `--install`) |
 | `--help`, `-h` | Show help information |
 
 ---
@@ -85,7 +84,7 @@ npx create-fhevm-example --example fhe-counter --output ./my-project --install -
 
 **FHE Operations** (4): `fhe-add`, `fhe-if-then-else`, `fhe-arithmetic`, `fhe-comparison`
 
-**Concepts** (4): `fhe-access-control`, `fhe-input-proof`, `fhe-handles`, `fhe-anti-patterns`
+**Concepts** (6): `fhe-access-control`, `fhe-input-proof`, `fhe-handles`, `control-flow`, `permissions`, `operations-gas-noise`
 
 **Gaming** (3): `rock-paper-scissors`, `encrypted-lottery`, `encrypted-poker`
 

package/contracts/advanced/BlindAuction.sol

@@ -10,7 +10,11 @@ import {
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Blind Auction with encrypted bids - only the winning price is revealed after bidding ends
+ * @notice Blind auction where bids remain encrypted until the end.
+ *         Bidders submit encrypted amounts. The contract finds the highest bid
+ *         using FHE.gt and FHE.select without ever decrypting losing bids.
+ *         Only the winning bid amount is revealed after the auction closes.
+ *         Losing bids remain private forever, ensuring true bid confidentiality.
 
  * @dev Flow: bid() → endAuction() → revealWinner()
  *      Uses FHE.gt/select to find winner without revealing losing bids.

package/contracts/advanced/EncryptedEscrow.sol

@@ -10,7 +10,11 @@ import {
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Encrypted Escrow service - amounts hidden until release!
+ * @notice Confidential escrow service with hidden transaction amounts.
+ *         Buyer and seller agree on encrypted escrow amount. Funds are held
+ *         securely until conditions are met. Amount remains hidden from public
+ *         view until release or refund. Includes arbiter for dispute resolution.
+ *         Perfect for high-value transactions requiring privacy.
  *
  * @dev Flow: createEscrow() → fundEscrow() → release()/requestRefund()/raiseDispute()
  *      Multi-party agreement with arbiter for disputes.

package/contracts/advanced/HiddenVoting.sol

@@ -5,7 +5,11 @@ import {FHE, euint64, ebool, externalEuint8} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Hidden Voting with encrypted ballots and homomorphic tallying - individual votes stay private forever!
+ * @notice Private voting system with homomorphic vote tallying.
+ *         Voters submit encrypted ballots (Yes/No). Votes are tallied using
+ *         homomorphic addition WITHOUT decrypting individual ballots. Only the
+ *         final tally is revealed - individual votes remain private forever.
+ *         Perfect for DAO governance, elections, or any scenario requiring ballot secrecy.
  *
  * @dev Flow: vote() → closeVoting() → revealResults()
  *      ⚡ Gas: Each vote costs ~200k gas (FHE.add + FHE.select operations)

package/contracts/advanced/PrivateKYC.sol

@@ -12,7 +12,12 @@ import {
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Private KYC - verify identity without revealing personal data!
+ * @notice Privacy-preserving identity verification using predicate proofs.
+ *         Users submit encrypted personal data (age, country, credit score).
+ *         Contract can verify predicates like "Is user 18+?" or "Good credit?"
+ *         without learning the actual values. Returns encrypted booleans that
+ *         prove compliance without revealing sensitive information. Revolutionary
+ *         for KYC/AML compliance while preserving user privacy.
  *
  * @dev Flow: submitKYC() → verifyAge18()/verifyGoodCredit()/etc.
  *      Returns encrypted booleans: "Is 18+?", "Good credit?" without revealing actual values.

package/contracts/advanced/PrivatePayroll.sol

@@ -10,7 +10,11 @@ import {
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Private Payroll system - salaries stay encrypted, only employees see their own!
+ * @notice Confidential payroll system with encrypted salaries.
+ *         Employers can add employees with encrypted salary amounts. Each employee
+ *         can decrypt only their own salary - other salaries remain hidden.
+ *         Demonstrates selective decryption permissions where different users
+ *         see different encrypted values. Perfect for privacy-preserving HR systems.
  *
  * @dev Flow: addEmployee() → fund() → processPayment()
  *      Each employee can decrypt only their own salary.

package/contracts/basic/decryption/PublicDecryptMultipleValues.sol

@@ -5,7 +5,11 @@ import {FHE, euint8} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice 8-sided die roll game demonstrating public decryption of multiple encrypted values.
+ * @notice Highest die roll game with public decryption of multiple values.
+ *         Two players roll encrypted 8-sided dice, results are made publicly
+ *         decryptable. Demonstrates handling multiple encrypted values in
+ *         checkSignatures() where ORDER MATTERS - the cts[] array must match
+ *         the order of values in the ABI-encoded result.
  *
  * @dev Uses FHE.randEuint8() + FHE.makePubliclyDecryptable() for both dice rolls.
  *      ⚠️ Order matters in cts[] array for checkSignatures!
@@ -29,7 +33,8 @@ contract HighestDieRoll is ZamaEthereumConfig {
     // Mapping to store all game states, accessible by a unique game ID.
     mapping(uint256 gameId => Game game) public games;
 
-    /// @notice Emitted when a new game is started, providing the encrypted handle required for decryption
+    /// @notice Emitted when a new game is started,
+    ///         providing the encrypted handle required for decryption
     /// @param gameId The unique identifier for the game
     /// @param playerA The address of playerA
     /// @param playerB The address of playerB
@@ -97,7 +102,8 @@ contract HighestDieRoll is ZamaEthereumConfig {
         return games[gameId].playerBEncryptedDieRoll;
     }
 
-    /// @notice Returns the address of the game winner. If the game is finalized, the function returns `address(0)`
+    /// @notice Returns the address of the game winner.
+    ///         If the game is finalized, the function returns `address(0)`
     /// @notice if the game is a draw.
     function getWinner(uint256 gameId) public view returns (address) {
         require(games[gameId].revealed, "Game winner not yet revealed");
@@ -109,8 +115,8 @@ contract HighestDieRoll is ZamaEthereumConfig {
         return games[gameId].revealed;
     }
 
-    /// @notice Verifies the provided (decryption proof, ABI-encoded clear values) pair against the stored ciphertext,
-    /// @notice and then stores the winner of the game.
+    /// @notice Verifies the provided (decryption proof, ABI-encoded clear values)
+    ///         pair against the stored ciphertext, and then stores the winner of the game.
     function recordAndVerifyWinner(
         uint256 gameId,
         bytes memory abiEncodedClearGameResult,

package/contracts/basic/decryption/PublicDecryptSingleValue.sol

@@ -5,7 +5,11 @@ import {FHE, ebool} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Simple Heads or Tails game demonstrating public, permissionless decryption with FHE.
+ * @notice Heads or Tails game with public, permissionless decryption.
+ *         Demonstrates makePubliclyDecryptable() which allows ANYONE to decrypt
+ *         the result (not just allowed users). Perfect for public game results,
+ *         lottery winners, or voting tallies. Uses FHE.randEbool() for fair
+ *         randomness and KMS-verified decryption proofs.
  *
  * @dev Uses FHE.randEbool() for random result + FHE.makePubliclyDecryptable() for revealing.
  *      Anyone can decrypt results with valid KMS proof.
@@ -27,7 +31,8 @@ contract HeadsOrTails is ZamaEthereumConfig {
     // Mapping to store all game states, accessible by a unique game ID.
     mapping(uint256 gameId => Game game) public games;
 
-    /// @notice Emitted when a new game is started, providing the encrypted handle required for decryption
+    /// @notice Emitted when a new game is started,
+    ///         providing the encrypted handle required for decryption
     /// @param gameId The unique identifier for the game
     /// @param headsPlayer The address choosing Heads
     /// @param tailsPlayer The address choosing Tails
@@ -97,10 +102,11 @@ contract HeadsOrTails is ZamaEthereumConfig {
         return games[gameId].winner;
     }
 
-    /// @notice Verifies the provided (decryption proof, ABI-encoded clear value) pair against the stored ciphertext,
-    /// @notice and then stores the winner of the game.
+    /// @notice Verifies the provided (decryption proof, ABI-encoded clear value)
+    ///         pair against the stored ciphertext, and then stores the winner of the game.
     /// @dev gameId: The ID of the game to settle.
-    ///      abiEncodedClearGameResult: The ABI-encoded clear value (bool) associated to the `decryptionProof`.
+    ///      abiEncodedClearGameResult: The ABI-encoded clear value (bool)
+    ///                                 associated to the `decryptionProof`.
     ///      decryptionProof: The proof that validates the decryption.
     function recordAndVerifyWinner(
         uint256 gameId,

package/contracts/basic/decryption/UserDecryptMultipleValues.sol

@@ -5,7 +5,11 @@ import {FHE, ebool, euint32, euint64} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Demonstrates user decryption of multiple encrypted values with different types.
+ * @notice Decrypting multiple encrypted values of different types for a user.
+ *         Shows how to handle ebool, euint32, and euint64 in one contract.
+ *         Each value requires individual permission grants - there's no batching
+ *         for permissions (unlike input proofs). Demonstrates the pattern of
+ *         granting allowThis() for each value separately.
  *
  * @dev Each value needs separate permission grants (no batching).
  *      ⚠️ Cannot batch permission grants - must call allow() for each value!

package/contracts/basic/decryption/UserDecryptSingleValue.sol

@@ -5,7 +5,11 @@ import {FHE, euint32} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Demonstrates FHE decryption mechanism and highlights the critical permission pattern.
+ * @notice User-controlled decryption with proper permission management.
+ *         Demonstrates the critical two-step permission pattern: allowThis()
+ *         grants the contract permission to store/compute, while allow() grants
+ *         the user permission to decrypt. Missing either step causes decryption
+ *         to fail. Includes examples of both correct and incorrect patterns.
  *
  * @dev Shows CORRECT vs INCORRECT permission granting.
  *      ⚠️ Both allowThis + allow required for user decryption!

package/contracts/basic/encryption/EncryptMultipleValues.sol

@@ -13,7 +13,10 @@ import {
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Encrypting and handling multiple values in a single transaction efficiently.
+ * @notice Efficient handling of multiple encrypted values in one transaction.
+ *         Demonstrates batched input validation where a single proof covers
+ *         multiple encrypted values (ebool, euint32, eaddress), saving ~50k gas
+ *         per additional value compared to separate proofs.
  *
  * @dev Demonstrates batched input (ONE proof for multiple values).
  *      ⚡ Gas: Batching saves ~50k gas vs separate proofs!

package/contracts/basic/encryption/EncryptSingleValue.sol

@@ -5,7 +5,10 @@ import {FHE, externalEuint32, euint32} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice FHE encryption mechanism with single values, including common pitfalls and best practices.
+ * @notice Single value encryption with proof validation.
+ *         Shows how to receive encrypted data from users, validate proofs,
+ *         and grant proper permissions. Includes examples of common mistakes
+ *         and the correct permission pattern (allowThis + allow).
 
  * @dev Shows the complete flow: receiving encrypted input from user, validating proof,
  *      storing the encrypted value, and granting permissions for decryption.
@@ -20,7 +23,8 @@ contract EncryptSingleValue is ZamaEthereumConfig {
         externalEuint32 inputEuint32,
         bytes calldata inputProof
     ) external {
-        // 🔐 Why proof? Prevents: replay attacks, wrong contract, invalid ciphertext
+        // 🔐 Why proof?
+        // Prevents: replay attacks, wrong contract, invalid ciphertext
         _encryptedEuint32 = FHE.fromExternal(inputEuint32, inputProof);
 
         // 🔑 Why both?

package/contracts/basic/encryption/FHECounter.sol

@@ -5,7 +5,10 @@ import {FHE, euint32, externalEuint32} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Confidential counter implementation using FHEVM, compared with a standard counter to highlight encryption benefits.
+ * @notice Confidential counter with encrypted increment/decrement operations.
+ *         Demonstrates the complete FHE workflow: encryption, computation,
+ *         and permission management. The counter value remains private,
+ *         only accessible through decryption by authorized users.
 
  * @dev Demonstrates basic FHE workflow: fromExternal() → compute → allow permissions.
  *      All arithmetic happens on encrypted values without revealing the count.

package/contracts/basic/fhe-operations/FHEAdd.sol

@@ -5,7 +5,11 @@ import {FHE, euint8, externalEuint8} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Simple example demonstrating addition of two encrypted values (a + b)
+ * @notice Introduction to homomorphic addition on encrypted values.
+ *         Demonstrates the most fundamental FHE operation: adding two encrypted
+ *         numbers without decrypting them. Shows the complete flow from receiving
+ *         encrypted inputs, performing the addition, and granting permissions
+ *         for both contract storage and user decryption.
 
  * @dev Shows the most basic FHE operation and permission flow.
  *      ⚡ Gas: FHE.add() costs ~100k gas (coprocessor call)

package/contracts/basic/fhe-operations/FHEArithmetic.sol

@@ -5,7 +5,11 @@ import {FHE, euint32, externalEuint32} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Demonstrates all FHE arithmetic operations: add, sub, mul, div, rem, min, max
+ * @notice Complete suite of FHE arithmetic operations on encrypted values.
+ *         Covers all basic math: addition, subtraction, multiplication, division,
+ *         remainder (modulo), minimum, and maximum. Includes gas cost comparisons
+ *         and important limitations (e.g., division/remainder only work with
+ *         plaintext divisors, not encrypted divisors).
  *
  * @dev ⚡ Gas costs vary: add/sub (~100k) < mul (~150k) < div/rem (~300k)
  *      ⚠️ div/rem only work with plaintext divisor (not encrypted!)

package/contracts/basic/fhe-operations/FHEComparison.sol

@@ -10,7 +10,11 @@ import {
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Demonstrates all FHE comparison operations: eq, ne, gt, lt, ge, le, select
+ * @notice Complete guide to encrypted comparisons and conditional selection.
+ *         Covers all comparison operators (eq, ne, gt, lt, ge, le) that return
+ *         encrypted booleans (ebool), and demonstrates FHE.select for branching
+ *         without information leakage. Critical for implementing logic like
+ *         "find maximum" or "check threshold" without revealing values.
  *
  * @dev Results are encrypted booleans (ebool) - comparisons reveal nothing!
  *      ⚡ Gas: Comparisons ~100k, select ~120k

package/contracts/basic/fhe-operations/FHEIfThenElse.sol

@@ -5,7 +5,11 @@ import {FHE, ebool, euint8, externalEuint8} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Demonstrates conditional logic: max(a, b) using encrypted comparison
+ * @notice Conditional logic without information leakage using FHE.select.
+ *         Demonstrates how to implement if-then-else logic on encrypted values
+ *         (computing max of two numbers). Using regular if/else would decrypt
+ *         and leak which branch was taken. FHE.select evaluates BOTH branches
+ *         and picks one based on the encrypted condition, preserving privacy.
  *
  * @dev ❌ Can't use if/else (leaks info!) ✅ Use FHE.select instead
  *      ⚡ Gas: ~120k for select operation

package/contracts/concepts/FHEAccessControl.sol

@@ -5,9 +5,14 @@ import {FHE, euint32, externalEuint32} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Critical access control patterns in FHEVM: FHE.allow, FHE.allowThis, FHE.allowTransient with common mistakes.
-
- * @dev allow() = permanent, allowThis() = contract permission, allowTransient() = expires at TX end
+ * @notice Master class for FHE permission patterns and access control.
+ *         Explains the three permission types: allow() for permanent access,
+ *         allowThis() for contract operations, and allowTransient() for
+ *         temporary cross-contract calls. Includes correct and incorrect
+ *         usage examples to prevent common decryption failures.
+
+ * @dev allow() = permanent, allowThis() = contract permission,
+ *      allowTransient() = expires at TX end
  *      Both allowThis + allow required for user decryption!
  */
 contract FHEAccessControl is ZamaEthereumConfig {

package/contracts/concepts/FHEHandles.sol

@@ -5,7 +5,11 @@ import {FHE, euint32, externalEuint32} from "@fhevm/solidity/lib/FHE.sol";
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Understanding FHE handles: creation, computation, and immut ability.
+ * @notice Deep dive into FHE handles: what they are and how they work.
+ *         Explains that handles are uint256 pointers to encrypted data,
+ *         demonstrates three creation methods (fromExternal, asEuint, operations),
+ *         and emphasizes immutability - every operation creates a NEW handle.
+ *         Includes gas cost comparisons for different operations.
  *
  * @dev Handle = uint256 pointer to encrypted data. Operations create NEW handles (immutable).
  *      ⚡ Gas: asEuint32 ~20k, fromExternal ~50k, add/sub ~100k

package/contracts/concepts/FHEInputProof.sol

@@ -11,7 +11,11 @@ import {
 import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
 
 /**
- * @notice Explains input proof validation in FHEVM: why proofs matter and how to batch inputs efficiently.
+ * @notice Input proof validation and batching strategies in FHEVM.
+ *         Explains why proofs are essential (prevent garbage data, wrong types,
+ *         and replay attacks) and demonstrates the gas-efficient batching pattern
+ *         where one proof validates multiple encrypted inputs, saving ~50k gas
+ *         per additional value.
  *
  * @dev Proofs ensure: valid ciphertext + correct range + proof of knowledge.
  *      ⚡ Gas: Batching multiple values in ONE proof saves ~50k gas vs separate proofs!

package/contracts/concepts/antipatterns/ControlFlow.sol

@@ -0,0 +1,160 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {
+    FHE,
+    euint32,
+    ebool,
+    externalEuint32
+} from "@fhevm/solidity/lib/FHE.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+
+/**
+ * @notice Control flow anti-patterns in FHE development.
+ *         Demonstrates common mistakes when using conditional logic
+ *         and loops with encrypted values.
+ *
+ * @dev Covers 3 critical patterns: if/else branching, require statements,
+ *      and encrypted loop iterations.
+ *      Each shows ❌ WRONG and ✅ CORRECT implementations.
+ */
+contract FHEControlFlowAntiPatterns is ZamaEthereumConfig {
+    euint32 private _secretBalance;
+    euint32 private _threshold;
+    ebool private _validationResult;
+
+    /// @notice Initialize contract with encrypted balance (threshold fixed for simplicity)
+    function initialize(
+        externalEuint32 balance,
+        bytes calldata inputProof
+    ) external {
+        _secretBalance = FHE.fromExternal(balance, inputProof);
+        _threshold = FHE.asEuint32(100); // Fixed threshold for simpler testing
+
+        FHE.allowThis(_secretBalance);
+        FHE.allowThis(_threshold);
+        FHE.allow(_secretBalance, msg.sender);
+        FHE.allow(_threshold, msg.sender);
+    }
+
+    // ═══════════════════════════════════════════════════════════════════════
+    // ANTI-PATTERN 1: If/Else Branching on Encrypted Values
+    // ═══════════════════════════════════════════════════════════════════════
+
+    /**
+     * ❌ WRONG: Using if/else with encrypted comparison
+     * @dev This pattern leaks information through control flow
+     */
+    function wrongBranching() external returns (uint256) {
+        // ❌ This would decrypt the comparison result!
+        // The branch taken reveals encrypted information
+        // if (decrypt(_secretBalance > _threshold)) {
+        //     return 1;
+        // }
+        // return 0;
+
+        // Placeholder to make function compile
+        return 0;
+    }
+
+    /**
+     * ✅ CORRECT: Use FHE.select for conditional logic
+     * @dev All computation stays encrypted
+     */
+    function correctConditional() external {
+        ebool isAboveThreshold = FHE.gt(_secretBalance, _threshold);
+
+        // Apply penalty if above threshold, otherwise keep balance
+        euint32 penaltyAmount = FHE.asEuint32(10);
+        euint32 balanceMinusPenalty = FHE.sub(_secretBalance, penaltyAmount);
+
+        _secretBalance = FHE.select(
+            isAboveThreshold,
+            balanceMinusPenalty,
+            _secretBalance
+        );
+
+        FHE.allowThis(_secretBalance);
+        FHE.allow(_secretBalance, msg.sender);
+    }
+
+    // ═══════════════════════════════════════════════════════════════════════
+    // ANTI-PATTERN 2: Require/Revert with Encrypted Conditions
+    // ═══════════════════════════════════════════════════════════════════════
+
+    /**
+     * ❌ WRONG: Cannot use require with encrypted boolean
+     * @dev This doesn't compile - ebool cannot be used in require
+     */
+    function wrongRequire() external pure returns (string memory) {
+        // ❌ COMPILE ERROR: require expects bool, not ebool
+        // ebool hasEnough = FHE.ge(_secretBalance, FHE.asEuint32(100));
+        // require(hasEnough, "Insufficient balance");
+
+        return "This pattern doesn't work with encrypted values";
+    }
+
+    /**
+     * ✅ CORRECT: Store encrypted boolean for client to check
+     * @dev Let the client decrypt via getter and handle validation
+     */
+    function correctValidation() external {
+        ebool hasEnough = FHE.ge(_secretBalance, FHE.asEuint32(100));
+
+        _validationResult = hasEnough;
+        FHE.allowThis(_validationResult);
+        FHE.allow(_validationResult, msg.sender);
+    }
+
+    /// @notice Get validation result
+    function getValidationResult() external view returns (ebool) {
+        return _validationResult;
+    }
+
+    // ═══════════════════════════════════════════════════════════════════════
+    // ANTI-PATTERN 3: Encrypted Loop Iterations
+    // ═══════════════════════════════════════════════════════════════════════
+
+    /**
+     * ❌ WRONG: Loop count based on encrypted value
+     * @dev Gas consumption reveals the loop count
+     */
+    function wrongEncryptedLoop() external pure returns (string memory) {
+        // ❌ GAS LEAK: Number of iterations visible through gas cost!
+        // for (uint i = 0; i < decrypt(_secretBalance); i++) {
+        //     // Each iteration costs gas
+        // }
+
+        return "Loop iterations leak through gas consumption";
+    }
+
+    /**
+     * ✅ CORRECT: Fixed iterations with FHE.select
+     * @dev Always loop maximum times, conditionally apply operations
+     */
+    function correctFixedIterations() external {
+        uint256 MAX_ITERATIONS = 5;
+        euint32 result = FHE.asEuint32(0);
+
+        for (uint256 i = 0; i < MAX_ITERATIONS; i++) {
+            // Check if we should add (i < _secretBalance)
+            ebool shouldAdd = FHE.lt(FHE.asEuint32(uint32(i)), _secretBalance);
+
+            // Add 1 if condition true, 0 otherwise
+            euint32 toAdd = FHE.select(
+                shouldAdd,
+                FHE.asEuint32(1),
+                FHE.asEuint32(0)
+            );
+            result = FHE.add(result, toAdd);
+        }
+
+        FHE.allowThis(result);
+        FHE.allow(result, msg.sender);
+    }
+
+    /// @notice Helper to get balance for testing
+    function getBalance() external view returns (euint32) {
+        return _secretBalance;
+    }
+}