OpenZeppelin completed a diff audit of its Confidential Contracts library v0.5 (commit 49e71451) against v0.4. The audit covered new features including a hook module framework, account recovery on ERC7984Rwa, an identity check extension, FHESafeMath saturating primitives, and a distinct-underlying invariant for BatcherConfidential. A total of 12 issues were identified (6 resolved), with 5 medium-severity findings (2 resolved) and no critical or high findings. Key medium findings include: self-from transfers allowing zero-amount transfers via empty-proof shortcut, lack of time-bounded recovery for dispatched batches, ERC-2771 meta-transactions making the forwarder the ciphertext principal, misallocation of target-underlying in concurrent partial batches, and transient access escalation to permanent public disclosure. The library, built on Zama's @fhevm/solidity FHE runtime, maintains confidentiality of token balances and transfers through encrypted handles and branchless operations. Trust assumptions include honest agent and admin roles, correctly implemented module access control, and trusted FHE runtime.

Key facts

• 12 issues found (6 resolved); 5 medium-severity, no critical/high.
• OpenZeppelin Confidential Contracts v0.5 adds hook modules, account recovery, identity check.
• Medium finding: self-from transfers allow permissionless zero-amount transfers via empty-proof.
• Medium finding: ERC-2771 meta-transactions misattribute ciphertext principal to forwarder.
• Trust relies on honest agent/admin roles, correct module access control, trusted FHE runtime.