Skip to content

host-contracts

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

host-contracts

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
contracts
contracts
 
 
docs
docs
 
 
examples
examples
 
 
fhevm-foundry
fhevm-foundry
 
 
lib
lib
 
 
rust_bindings
rust_bindings
 
 
tasks
tasks
 
 
test
test
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
.prettierignore
.prettierignore
 
 
.prettierrc.json
.prettierrc.json
 
 
.solcover.js
.solcover.js
 
 
CustomProvider.ts
CustomProvider.ts
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
codegen.config.json
codegen.config.json
 
 
docker-compose.yml
docker-compose.yml
 
 
foundry.toml
foundry.toml
 
 
hardhat.config.ts
hardhat.config.ts
 
 
package.json
package.json
 
 
remappings.txt
remappings.txt
 
 
soldeer.lock
soldeer.lock
 
 
tsconfig.json
tsconfig.json
 
 
upgrade-manifest.json
upgrade-manifest.json
 
 

README.md

Introduction

This node package contains the core Solidity host contracts needed to deploy an FHEVM instance on a host EVM blockchain.

Getting started

run

npm install

To run forge tests:

npm run forge:soldeer
npm run test:forge

Prepare-only executor upgrade

Use task:prepareUpgradeFHEVMExecutor when you need to deploy a new FHEVMExecutor implementation without upgrading the proxy yet.

This task is meant for DAO-driven upgrades:

  • it imports the existing proxy into the OpenZeppelin manifest
  • it deploys the new implementation with prepareUpgrade
  • it prints the implementation address and reinitializeV* calldata
  • it does not mutate the proxy

Run it from a checkout containing the exact new host-contract code you want to deploy. For a backport hotfix, that means the checked-out branch/tag should match the new release.

The task still needs the current deployment addresses on disk because contracts/FHEVMExecutor.sol imports addresses/FHEVMHostAddresses.sol. Generate them first with the existing setter tasks. If you are switching environments, restart from task:setACLAddress so both generated files are rewritten from scratch before the remaining addresses are appended:

npx hardhat task:setACLAddress --address <acl>
npx hardhat task:setFHEVMExecutorAddress --address <executor-proxy>
npx hardhat task:setKMSVerifierAddress --address <kms>
npx hardhat task:setInputVerifierAddress --address <input-verifier>
npx hardhat task:setHCULimitAddress --address <hcu-limit>
npx hardhat task:setPauserSetAddress --address <pauser-set>

Those commands generate:

  • addresses/.env.host
  • addresses/FHEVMHostAddresses.sol

The values to feed into those setter tasks should come from the currently deployed environment you are upgrading. A practical source of truth is the verified source bundle of the implementation currently behind the proxy, specifically addresses/FHEVMHostAddresses.sol.

Then run:

npx hardhat task:prepareUpgradeFHEVMExecutor \
  --network sepolia \
  --upgrade-from-ref v0.11.1 \
  --new-implementation contracts/FHEVMExecutor.sol:FHEVMExecutor \
  --verify-contract true

Notes:

  • --network selects where the implementation deployment transaction is sent.
  • --upgrade-from-ref is only used to load the old implementation source for OZ validation.
  • --new-implementation comes from your current checkout.
  • if you want the proxy address from addresses/.env.host, add --use-internal-proxy-address true
  • the task runs hardhat clean before recompiling so the implementation is not built from stale artifacts compiled against another environment