feat(escrow): DEV-36 paymentToken parameterization#9
Conversation
Per-escrow payment-token allow-list. Each escrow binds its payment token at creation, gated by an owner-controlled allow-list (new AllowedTokens extension), instead of a single global engine token. Wired into Escrow and ConfidentialEscrow; IEscrow gains addAllowedToken/removeAllowedToken/ isAllowedToken and per-escrow paymentToken accessors. Migrated as-is from protocol-private #40 (feat/escrow-per-escrow-payment-token), squashed (intermediate tokens-wrapper add/revert dropped). AllowedTokens storage namespace rebranded privara.storage -> reineira.storage (slot recomputed) to match scrubbed public main.
Migrated review thread from protocol-private #40Reposted under @0xkkkn; original authors preserved inline. Looks like theres some leftover json artifacts Is there a reason we need to use slots for this? "_paymentTokenOfRaw(" what does of Raw mean? what does seedAllowed Token do? Ok so for our mock DAI test which is used to test alternative decimals we just make it 6 even though dai supports 18? ok if it's just for that test. just kinda weird. Maybe should just be explicitly named alt decimals token instead of pDAI for clarity
these are the contract ABIs the operator needs in operator-cli
did you mean the paymentTokenOf mapping that could move into the EscrowData struct? If so, I can fix this. The idea was to keep the allow-list in the shared extension and reuse the same logic.
I mean "unchecked» because there is no validation in the method, it just returns tokens straight from slots. Would _paymentTokenOfUnchecked be better?
t does the same as _addAllowedToken without emitting TokenAllowed. It's used in initialize method to seed the default payment token
MockDAI is real 18 decimals, and the wrapper is 6, because FHERC20ERC20Wrapper balances are euint64 and 18 decimals would overflow |
Migrated as-is from protocol-private #40 (
feat/escrow-per-escrow-payment-token). Original commit author preserved (@jishumi).What: per-escrow payment-token allow-list. Each escrow binds its payment token at creation, gated by an owner-controlled allow-list (new
AllowedTokensextension), instead of the engine using a single global token. Wired into bothEscrowandConfidentialEscrow. NewIEscrowsurface:addAllowedToken/removeAllowedToken/isAllowedToken+ per-escrow payment-token accessors.Migration notes:
ConfidentialERC20Wrapperadd (39edf37) was reverted byalign with token-agnostic main(d9ad4d9), so the net change touches notokenspackage.main; no protocol-fee /Insurancereintroduced.AllowedTokensstorage namespace rebrandedprivara.storage.*→reineira.storage.*(erc7201 slot recomputed) to match the scrubbed public main convention.forge build+ 158/158 escrow tests green locally.Review questions from protocol-private #40 are carried over in the conversation below.