OpenZeppelin
diff --git a/‎contracts/mocks/token/ERC20CustodianMock.sol
Lines changed: 17 additions & 0 deletions b/‎contracts/mocks/token/ERC20CustodianMock.sol
Lines changed: 17 additions & 0 deletions
diff --git a/‎contracts/token/ERC20/extensions/ERC20Allowlist.sol
Lines changed: 87 additions & 0 deletions b/‎contracts/token/ERC20/extensions/ERC20Allowlist.sol
Lines changed: 87 additions & 0 deletions
diff --git a/‎contracts/token/ERC20/extensions/ERC20Blocklist.sol
Lines changed: 87 additions & 0 deletions b/‎contracts/token/ERC20/extensions/ERC20Blocklist.sol
Lines changed: 87 additions & 0 deletions
diff --git a/‎contracts/token/ERC20/extensions/ERC20Custodian.sol
Lines changed: 106 additions & 0 deletions b/‎contracts/token/ERC20/extensions/ERC20Custodian.sol
Lines changed: 106 additions & 0 deletions
diff --git a/‎contracts/token/ERC4626Fees.sol renamed to ‎contracts/token/ERC20/extensions/ERC4626Fees.sol b/‎contracts/token/ERC4626Fees.sol renamed to ‎contracts/token/ERC20/extensions/ERC4626Fees.sol
@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {ERC20, ERC20Custodian} from "../../token/ERC20/extensions/ERC20Custodian.sol";
+
+abstract contract ERC20CustodianMock is ERC20Custodian {
+    address private immutable _custodian;
+
+    constructor(address custodian, string memory name_, string memory symbol_) ERC20(name_, symbol_) {
+        _custodian = custodian;
+    }
+
+    function _isCustodian(address user) internal view override returns (bool) {
+        return user == _custodian;
+    }
+}
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+
+/**
+ * @dev Extension of {ERC20} that allows to implement an allowlist
+ * mechanism that can be managed by an authorized account with the
+ * {_disallowUser} and {_allowUser} functions.
+ *
+ * The allowlist provides the guarantee to the contract owner
+ * (e.g. a DAO or a well-configured multisig) that any account won't be
+ * able to execute transfers or approvals to other entities to operate
+ * on its behalf if {_allowUser} was not called with such account as an
+ * argument. Similarly, the account will be disallowed again if
+ * {_disallowUser} is called.
+ */
+abstract contract ERC20Allowlist is ERC20 {
+    /**
+     * @dev Allowed status of addresses. True if allowed, False otherwise.
+     */
+    mapping(address account => bool) internal _allowed;
+
+    /**
+     * @dev Emitted when a `user` is allowed to transfer and approve.
+     */
+    event UserAllowed(address indexed user);
+
+    /**
+     * @dev Emitted when a user is disallowed.
+     */
+    event UserDisallowed(address indexed user);
+
+    /**
+     * @dev The operation failed because the user is not allowed.
+     */
+    error ERC20Disallowed(address user);
+
+    /**
+     * @dev Returns the allowed status of an account.
+     */
+    function allowed(address account) public virtual returns (bool) {
+        return _allowed[account];
+    }
+
+    /**
+     * @dev Allows a user to receive and transfer tokens, including minting and burning.
+     */
+    function _allowUser(address user) internal virtual returns (bool) {
+        bool isAllowed = allowed(user);
+        if (!isAllowed) {
+            _allowed[user] = true;
+            emit UserAllowed(user);
+        }
+        return isAllowed;
+    }
+
+    /**
+     * @dev Disallows a user from receiving and transferring tokens, including minting and burning.
+     */
+    function _disallowUser(address user) internal virtual returns (bool) {
+        bool isAllowed = allowed(user);
+        if (isAllowed) {
+            _allowed[user] = false;
+            emit UserDisallowed(user);
+        }
+        return isAllowed;
+    }
+
+    /**
+     * @dev See {ERC20-_update}.
+     */
+    function _update(address from, address to, uint256 value) internal virtual override {
+        if (from != address(0) && !allowed(from)) revert ERC20Disallowed(from);
+        if (to != address(0) && !allowed(to)) revert ERC20Disallowed(to);
+        super._update(from, to, value);
+    }
+
+    /**
+     * @dev See {ERC20-_approve}.
+     */
+    function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual override {
+        if (!allowed(owner)) revert ERC20Disallowed(owner);
+        super._approve(owner, spender, value, emitEvent);
+    }
+}
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+
+/**
+ * @dev Extension of {ERC20} that allows to implement a blocklist
+ * mechanism that can be managed by an authorized account with the
+ * {_blockUser} and {_unblockUser} functions.
+ *
+ * The blocklist provides the guarantee to the contract owner
+ * (e.g. a DAO or a well-configured multisig) that any account won't be
+ * able to execute transfers or approvals to other entities to operate
+ * on its behalf if {_blockUser} was not called with such account as an
+ * argument. Similarly, the account will be unblocked again if
+ * {_unblockUser} is called.
+ */
+abstract contract ERC20Blocklist is ERC20 {
+    /**
+     * @dev Blocked status of addresses. True if blocked, False otherwise.
+     */
+    mapping(address user => bool) internal _blocked;
+
+    /**
+     * @dev Emitted when a user is blocked.
+     */
+    event UserBlocked(address indexed user);
+
+    /**
+     * @dev Emitted when a user is unblocked.
+     */
+    event UserUnblocked(address indexed user);
+
+    /**
+     * @dev The operation failed because the user is blocked.
+     */
+    error ERC20Blocked(address user);
+
+    /**
+     * @dev Returns the blocked status of an account.
+     */
+    function blocked(address account) public virtual returns (bool) {
+        return _blocked[account];
+    }
+
+    /**
+     * @dev Blocks a user from receiving and transferring tokens, including minting and burning.
+     */
+    function _blockUser(address user) internal virtual returns (bool) {
+        bool isBlocked = blocked(user);
+        if (!isBlocked) {
+            _blocked[user] = true;
+            emit UserBlocked(user);
+        }
+        return isBlocked;
+    }
+
+    /**
+     * @dev Unblocks a user from receiving and transferring tokens, including minting and burning.
+     */
+    function _unblockUser(address user) internal virtual returns (bool) {
+        bool isBlocked = blocked(user);
+        if (isBlocked) {
+            _blocked[user] = false;
+            emit UserUnblocked(user);
+        }
+        return isBlocked;
+    }
+
+    /**
+     * @dev See {ERC20-_update}.
+     */
+    function _update(address from, address to, uint256 value) internal virtual override {
+        if (blocked(from)) revert ERC20Blocked(from);
+        if (blocked(to)) revert ERC20Blocked(to);
+        super._update(from, to, value);
+    }
+
+    /**
+     * @dev See {ERC20-_approve}.
+     */
+    function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual override {
+        if (blocked(owner)) revert ERC20Blocked(owner);
+        super._approve(owner, spender, value, emitEvent);
+    }
+}
@@ -0,0 +1,106 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+
+/**
+ * @dev Extension of {ERC20} that allows to implement a custodian
+ * mechanism that can be managed by an authorized account with the
+ * {freeze} and {unfreeze} functions.
+ *
+ * This mechanism allows a custodian (e.g. a DAO or a
+ * well-configured multisig) to freeze and unfreeze the balance
+ * of a user.
+ *
+ * The frozen balance is not available for transfers or approvals
+ * to other entities to operate on its behalf if {freeze} was not
+ * called with such account as an argument. Similarly, the account
+ * will be unfrozen again if {unfreeze} is called.
+ */
+abstract contract ERC20Custodian is ERC20 {
+    /**
+     * @dev The amount of tokens frozen by user address.
+     */
+    mapping(address user => uint256 amount) internal _frozen;
+
+    /**
+     * @dev Emitted when tokens are frozen for a user.
+     * @param user The address of the user whose tokens were frozen.
+     * @param amount The amount of tokens that were frozen.
+     */
+    event TokensFrozen(address indexed user, uint256 amount);
+
+    /**
+     * @dev Emitted when tokens are unfrozen for a user.
+     * @param user The address of the user whose tokens were unfrozen.
+     * @param amount The amount of tokens that were unfrozen.
+     */
+    event TokensUnfrozen(address indexed user, uint256 amount);
+
+    /**
+     * @dev The operation failed because the user has insufficient unfrozen balance.
+     */
+    error ERC20InsufficientUnfrozenBalance(address user);
+
+    /**
+     * @dev The operation failed because the user has insufficient frozen balance.
+     */
+    error ERC20InsufficientFrozenBalance(address user);
+
+    /**
+     * @dev Error thrown when a non-custodian account attempts to perform a custodian-only operation.
+     */
+    error ERC20NotCustodian();
+
+    /**
+     * @dev Modifier to restrict access to custodian accounts only.
+     */
+    modifier onlyCustodian() {
+        if (!_isCustodian(_msgSender())) revert ERC20NotCustodian();
+        _;
+    }
+
+    /**
+     * @dev Returns the amount of tokens frozen for a user.
+     */
+    function frozen(address user) public view virtual returns (uint256) {
+        return _frozen[user];
+    }
+
+    /**
+     * @dev Adjusts the amount of tokens frozen for a user.
+     * @param user The address of the user whose tokens to freeze.
+     * @param amount The amount of tokens frozen.
+     *
+     * Requirements:
+     *
+     * - The user must have sufficient unfrozen balance.
+     */
+    function freeze(address user, uint256 amount) external virtual onlyCustodian {
+        if (availableBalance(user) < amount) revert ERC20InsufficientUnfrozenBalance(user);
+        _frozen[user] = amount;
+        emit TokensFrozen(user, amount);
+    }
+
+    /**
+     * @dev Returns the available (unfrozen) balance of an account.
+     * @param account The address to query the available balance of.
+     * @return available The amount of tokens available for transfer.
+     */
+    function availableBalance(address account) public view returns (uint256 available) {
+        available = balanceOf(account) - frozen(account);
+    }
+
+    /**
+     * @dev Checks if the user is a custodian.
+     * @param user The address of the user to check.
+     * @return True if the user is authorized, false otherwise.
+     */
+    function _isCustodian(address user) internal view virtual returns (bool);
+
+    function _update(address from, address to, uint256 value) internal virtual override {
+        if (from != address(0) && availableBalance(from) < value) revert ERC20InsufficientUnfrozenBalance(from);
+        super._update(from, to, value);
+    }
+}