Skip to content

feat(escrow): DEV-36 paymentToken parameterization#9

Open
0xkkkn wants to merge 1 commit into
mainfrom
feat/escrow-per-escrow-payment-token
Open

feat(escrow): DEV-36 paymentToken parameterization#9
0xkkkn wants to merge 1 commit into
mainfrom
feat/escrow-per-escrow-payment-token

Conversation

@0xkkkn

@0xkkkn 0xkkkn commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Migrated as-is from protocol-private #40 (feat/escrow-per-escrow-payment-token). Original commit author preserved (@jishumi).

What: per-escrow payment-token allow-list. Each escrow binds its payment token at creation, gated by an owner-controlled allow-list (new AllowedTokens extension), instead of the engine using a single global token. Wired into both Escrow and ConfidentialEscrow. New IEscrow surface: addAllowedToken / removeAllowedToken / isAllowedToken + per-escrow payment-token accessors.

Migration notes:

  • Squashed the 3 original commits into one — the intermediate ConfidentialERC20Wrapper add (39edf37) was reverted by align with token-agnostic main (d9ad4d9), so the net change touches no tokens package.
  • Cherry-picked cleanly onto current public main; no protocol-fee / Insurance reintroduced.
  • AllowedTokens storage namespace rebranded privara.storage.*reineira.storage.* (erc7201 slot recomputed) to match the scrubbed public main convention.
  • forge build + 158/158 escrow tests green locally.

Review questions from protocol-private #40 are carried over in the conversation below.

Per-escrow payment-token allow-list. Each escrow binds its payment token
at creation, gated by an owner-controlled allow-list (new AllowedTokens
extension), instead of a single global engine token. Wired into Escrow
and ConfidentialEscrow; IEscrow gains addAllowedToken/removeAllowedToken/
isAllowedToken and per-escrow paymentToken accessors.

Migrated as-is from protocol-private #40 (feat/escrow-per-escrow-payment-token),
squashed (intermediate tokens-wrapper add/revert dropped). AllowedTokens
storage namespace rebranded privara.storage -> reineira.storage (slot
recomputed) to match scrubbed public main.
@0xkkkn

0xkkkn commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Migrated review thread from protocol-private #40


Reposted under @0xkkkn; original authors preserved inline.


@madschristensen99:

Looks like theres some leftover json artifacts


@madschristensen99:

Is there a reason we need to use slots for this?


@madschristensen99:

"_paymentTokenOfRaw(" what does of Raw mean?


@madschristensen99:

what does seedAllowed Token do?


@madschristensen99:

Ok so for our mock DAI test which is used to test alternative decimals we just make it 6 even though dai supports 18? ok if it's just for that test. just kinda weird. Maybe should just be explicitly named alt decimals token instead of pDAI for clarity


@jishumi:

Looks like theres some leftover json artifacts

these are the contract ABIs the operator needs in operator-cli


@jishumi:

Is there a reason we need to use slots for this?

did you mean the paymentTokenOf mapping that could move into the EscrowData struct? If so, I can fix this. The idea was to keep the allow-list in the shared extension and reuse the same logic.


@jishumi:

"_paymentTokenOfRaw(" what does of Raw mean?

I mean "unchecked» because there is no validation in the method, it just returns tokens straight from slots. Would _paymentTokenOfUnchecked be better?


@jishumi:

what does seedAllowed Token do?

t does the same as _addAllowedToken without emitting TokenAllowed. It's used in initialize method to seed the default payment token


@jishumi:

Ok so for our mock DAI test which is used to test alternative decimals we just make it 6 even though dai supports 18? ok if it's just for that test. just kinda weird. Maybe should just be explicitly named alt decimals token instead of pDAI for clarity

MockDAI is real 18 decimals, and the wrapper is 6, because FHERC20ERC20Wrapper balances are euint64 and 18 decimals would overflow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants