Quests Protocol is a protocol to distribute token rewards for completing on-chain tasks.
For more information on all docs related to the Quest Protocol, see the documentation directory here.
Generated with:
tree --filelimit 20 -I artifacts -I contracts-upgradeable -I factories -I typechain-types -I cache -I img.png├── LICENSE
├── README.md
├── audits
├── contracts
│ ├── Erc1155Quest.sol
│ ├── Erc20Quest.sol
│ ├── Quest.sol
│ ├── QuestFactory.sol
│ ├── RabbitHoleReceipt.sol
│ ├── RabbitHoleTickets.sol
│ ├── ReceiptRenderer.sol
│ ├── SampleERC20.sol
│ ├── SampleErc1155.sol
│ ├── TicketRenderer.sol
│ ├── interfaces
│ │ ├── IQuest.sol
│ │ └── IQuestFactory.sol
│ └── test
│ └── TestERC20.sol
├── coverage
│ ├── base.css
│ ├── contracts
│ │ ├── Erc1155Quest.sol.html
│ │ ├── Erc20Quest.sol.html
│ │ ├── Quest.sol.html
│ │ ├── QuestFactory.sol.html
│ │ ├── RabbitHoleReceipt.sol.html
│ │ ├── RabbitHoleTickets.sol.html
│ │ ├── ReceiptRenderer.sol.html
│ │ ├── SampleERC20.sol.html
│ │ ├── SampleErc1155.sol.html
│ │ ├── TicketRenderer.sol.html
│ │ ├── index.html
│ │ ├── interfaces
│ │ │ ├── IQuest.sol.html
│ │ │ ├── IQuestFactory.sol.html
│ │ │ └── index.html
│ │ └── test
│ │ ├── TestERC20.sol.html
│ │ └── index.html
│ ├── coverage-final.json
│ ├── index.html
│ ├── lcov-report
│ │ ├── base.css
│ │ ├── contracts
│ │ │ ├── Erc1155Quest.sol.html
│ │ │ ├── Erc20Quest.sol.html
│ │ │ ├── Quest.sol.html
│ │ │ ├── QuestFactory.sol.html
│ │ │ ├── RabbitHoleReceipt.sol.html
│ │ │ ├── RabbitHoleTickets.sol.html
│ │ │ ├── ReceiptRenderer.sol.html
│ │ │ ├── SampleERC20.sol.html
│ │ │ ├── SampleErc1155.sol.html
│ │ │ ├── TicketRenderer.sol.html
│ │ │ ├── index.html
│ │ │ ├── interfaces
│ │ │ │ ├── IQuest.sol.html
│ │ │ │ ├── IQuestFactory.sol.html
│ │ │ │ └── index.html
│ │ │ └── test
│ │ │ ├── TestERC20.sol.html
│ │ │ └── index.html
│ │ ├── index.html
│ │ ├── prettify.css
│ │ ├── prettify.js
│ │ ├── sort-arrow-sprite.png
│ │ └── sorter.js
│ ├── lcov.info
│ ├── prettify.css
│ ├── prettify.js
│ ├── sort-arrow-sprite.png
│ └── sorter.js
├── coverage.json
├── docs
│ ├── overview.md
│ ├── quest-claim.md
│ └── quest-create.md
├── hardhat.config.ts
├── node_modules [492 entries exceeds filelimit, not opening dir]
├── package.json
├── scripts
│ ├── deployQuestFactory.js
│ ├── deployRabbitHoleReceipt.js
│ ├── deployRabbitHoleTickets.js
│ ├── upgradeQuestFactory.js
│ ├── upgradeRabbitHoleReceipt.js
│ └── upgradeRabbitHoleTickets.js
├── test
│ ├── Erc1155Quest.spec.ts
│ ├── Erc20Quest.spec.ts
│ ├── Quest.spec.ts
│ ├── QuestFactory.spec.ts
│ ├── RabbitHoleReceipt.spec.ts
│ ├── RabbitHoleTickets.spec.ts
│ ├── SampleErc1155.spec.ts
│ ├── SampleErc20.spec.ts
│ └── types.ts
├── test-gas-stories
├── tsconfig.json
├── waffle.json
└── yarn.lock
All contracts are deployed with the same addresses on Goerli, Mainnet and Optimism. The addresses are as follows:
| Contract Name | Address |
|---|---|
| Quest Factory | 0x52629961F71C1C2564C5aa22372CB1b9fa9EBA3E |
| RabbitHole Receipt | 0xEC3a9c7d612E0E0326e70D97c9310A5f57f9Af9E |
| RabbitHole Tickets | 0xB0A67B12F2983a0796Fb7CC5C28C153eA074D327 |
The main contracts involved in this phase are:
Quest Factory(code)- Creates new
Questinstances of an ERC-1155 reward Quest or ERC-20 reward Quest.
- Creates new
RabbitHole Receipt(code)- An ERC-721 contract that acts as a proof of on-chain activity. Claimed via usage of ECDSA sig/hash
ERC-20 Quest(code)- A Quest in which the reward is an ERC-20 token
ERC-1155 Quest(code)- A Quest in which the reward is an ERC-1155 token
The contracts use two main patterns.
More reading here
More reading here
More reading here
yarnyarn compileyarn testyarn test:coverageyarn test:gas-storiesAll contracts are deployed with the same addresses on Goerli, Mainnet and Optimism. The addresses are as follows:
| Contract Name | Address |
|---|---|
| Quest Factory | 0x52629961F71C1C2564C5aa22372CB1b9fa9EBA3E |
| RabbitHole Receipt | 0xEC3a9c7d612E0E0326e70D97c9310A5f57f9Af9E |
| RabbitHole Tickets | 0xB0A67B12F2983a0796Fb7CC5C28C153eA074D327 |
yarn hardhat deploy --network network_name where network_name is one of goerli, mainnet, optimism
yarn hardhat --network goerli etherscan-verify --api-key etherscan_api_key
The Quest Factory is an upgradable contract. Over time as the space evolves there will be more than just ERC-20 or ERC-1155 rewards and we want to be non-limiting in our compatibility.
yarn hardhat run --network goerli scripts/upgradeQuestFactory.jsorscripts/upgradeRabbitHoleReceipt.jsand replace the network withmainnetif you are upgrading on mainnet.- If you get an error like
NomicLabsHardhatPluginError: Failed to send contract verification request.It's usually because the contract wasn't deployed by the time verification ran. You can run verification again withyarn hardhat verify --network goerli IMPLENTATION_ADDRESSwhere the implementation address is in the output of the upgrade script.
- If you get an error like
- go to https://defender.openzeppelin.com/#/admin and approve the upgrade proposal (the link is also in the output of the upgrade script)
- After the upgrade proposal is approved, create a PR with the updates to the .openzeppelin/[network-name].json file.
The following auditors reviewed the protocol. You can see reports in /audits directory:
- Code4rena TBD (report here)
Once all audits are wrapped up, all contracts except tests, interfaces, dependencies are in scope and eligible for the Quest Protocol Bug Bounty program.
The rubric we use to determine bug bounties is as follows:
| Level | Example | Maximum Bug Bounty |
|---|---|---|
| 6. Severe | - Draining or freezing of holdings protocol-wide (e.g. draining token distributor, economic attacks, reentrancy, MEV, logic errors) | Let's talk |
| 5. Critical | - Contracts with balances can be exploited to steal holdings under specific conditions (e.g. bypass guardrails to transfer precious NFT from parties, user can steal their party's distribution) | Up to 25 ETH |
| 4. High | - Contracts temporarily unable to transfer holdings - Users spoof each other |
Up to 10 ETH |
| 3. Medium | - Contract consumes unbounded gas - Griefing, denial of service (i.e. attacker spends as much in gas as damage to the contract) |
Up to 5 ETH |
| 2. Low | - Contract fails to behave as expected, but doesn't lose value | Up to 1 ETH |
| 1. None | - Best practices |
Any vulnerability or bug discovered must be reported only to the following email: [email protected].
The primary license for the Quest Protocol is the GNU General Public License 3.0 (GPL-3.0), see LICENSE.
Several interface/dependencies files from other sources maintain their original license (as indicated in their SPDX header). All files in test/ remain unlicensed (as indicated in their SPDX header).