Quests Protocol is a protocol to distribute token rewards for completing on-chain tasks.
For more information on all docs related to the Quest Protocol, see the documentation directory here.
Generated with:
tree --filelimit 20 -I artifacts -I contracts-upgradeable -I factories -I typechain-types -I cache -I img.png
├── LICENSE
├── README.md
├── audits
├── contracts
│ ├── Erc1155Quest.sol
│ ├── Erc20Quest.sol
│ ├── Quest.sol
│ ├── QuestFactory.sol
│ ├── RabbitHoleReceipt.sol
│ ├── RabbitHoleTickets.sol
│ ├── ReceiptRenderer.sol
│ ├── SampleERC20.sol
│ ├── SampleErc1155.sol
│ ├── TicketRenderer.sol
│ ├── interfaces
│ │ ├── IQuest.sol
│ │ └── IQuestFactory.sol
│ └── test
│ └── TestERC20.sol
├── coverage
│ ├── base.css
│ ├── contracts
│ │ ├── Erc1155Quest.sol.html
│ │ ├── Erc20Quest.sol.html
│ │ ├── Quest.sol.html
│ │ ├── QuestFactory.sol.html
│ │ ├── RabbitHoleReceipt.sol.html
│ │ ├── RabbitHoleTickets.sol.html
│ │ ├── ReceiptRenderer.sol.html
│ │ ├── SampleERC20.sol.html
│ │ ├── SampleErc1155.sol.html
│ │ ├── TicketRenderer.sol.html
│ │ ├── index.html
│ │ ├── interfaces
│ │ │ ├── IQuest.sol.html
│ │ │ ├── IQuestFactory.sol.html
│ │ │ └── index.html
│ │ └── test
│ │ ├── TestERC20.sol.html
│ │ └── index.html
│ ├── coverage-final.json
│ ├── index.html
│ ├── lcov-report
│ │ ├── base.css
│ │ ├── contracts
│ │ │ ├── Erc1155Quest.sol.html
│ │ │ ├── Erc20Quest.sol.html
│ │ │ ├── Quest.sol.html
│ │ │ ├── QuestFactory.sol.html
│ │ │ ├── RabbitHoleReceipt.sol.html
│ │ │ ├── RabbitHoleTickets.sol.html
│ │ │ ├── ReceiptRenderer.sol.html
│ │ │ ├── SampleERC20.sol.html
│ │ │ ├── SampleErc1155.sol.html
│ │ │ ├── TicketRenderer.sol.html
│ │ │ ├── index.html
│ │ │ ├── interfaces
│ │ │ │ ├── IQuest.sol.html
│ │ │ │ ├── IQuestFactory.sol.html
│ │ │ │ └── index.html
│ │ │ └── test
│ │ │ ├── TestERC20.sol.html
│ │ │ └── index.html
│ │ ├── index.html
│ │ ├── prettify.css
│ │ ├── prettify.js
│ │ ├── sort-arrow-sprite.png
│ │ └── sorter.js
│ ├── lcov.info
│ ├── prettify.css
│ ├── prettify.js
│ ├── sort-arrow-sprite.png
│ └── sorter.js
├── coverage.json
├── docs
│ ├── overview.md
│ ├── quest-claim.md
│ └── quest-create.md
├── hardhat.config.ts
├── node_modules [492 entries exceeds filelimit, not opening dir]
├── package.json
├── scripts
│ ├── deployQuestFactory.js
│ ├── deployRabbitHoleReceipt.js
│ ├── deployRabbitHoleTickets.js
│ ├── upgradeQuestFactory.js
│ ├── upgradeRabbitHoleReceipt.js
│ └── upgradeRabbitHoleTickets.js
├── test
│ ├── Erc1155Quest.spec.ts
│ ├── Erc20Quest.spec.ts
│ ├── Quest.spec.ts
│ ├── QuestFactory.spec.ts
│ ├── RabbitHoleReceipt.spec.ts
│ ├── RabbitHoleTickets.spec.ts
│ ├── SampleErc1155.spec.ts
│ ├── SampleErc20.spec.ts
│ └── types.ts
├── test-gas-stories
├── tsconfig.json
├── waffle.json
└── yarn.lock
All contracts are deployed with the same addresses on Goerli, Mainnet and Optimism. The addresses are as follows:
Contract Name | Address |
---|---|
Quest Factory | 0x52629961F71C1C2564C5aa22372CB1b9fa9EBA3E |
RabbitHole Receipt | 0xEC3a9c7d612E0E0326e70D97c9310A5f57f9Af9E |
RabbitHole Tickets | 0xB0A67B12F2983a0796Fb7CC5C28C153eA074D327 |
The main contracts involved in this phase are:
Quest Factory
(code)- Creates new
Quest
instances of an ERC-1155 reward Quest or ERC-20 reward Quest.
- Creates new
RabbitHole Receipt
(code)- An ERC-721 contract that acts as a proof of on-chain activity. Claimed via usage of ECDSA sig/hash
ERC-20 Quest
(code)- A Quest in which the reward is an ERC-20 token
ERC-1155 Quest
(code)- A Quest in which the reward is an ERC-1155 token
The contracts use two main patterns.
More reading here
More reading here
More reading here
yarn
yarn compile
yarn test
yarn test:coverage
yarn test:gas-stories
All contracts are deployed with the same addresses on Goerli, Mainnet and Optimism. The addresses are as follows:
Contract Name | Address |
---|---|
Quest Factory | 0x52629961F71C1C2564C5aa22372CB1b9fa9EBA3E |
RabbitHole Receipt | 0xEC3a9c7d612E0E0326e70D97c9310A5f57f9Af9E |
RabbitHole Tickets | 0xB0A67B12F2983a0796Fb7CC5C28C153eA074D327 |
yarn hardhat deploy --network network_name
where network_name is one of goerli
, mainnet
, optimism
yarn hardhat --network goerli etherscan-verify --api-key etherscan_api_key
The Quest Factory is an upgradable contract. Over time as the space evolves there will be more than just ERC-20 or ERC-1155 rewards and we want to be non-limiting in our compatibility.
yarn hardhat run --network goerli scripts/upgradeQuestFactory.js
orscripts/upgradeRabbitHoleReceipt.js
and replace the network withmainnet
if you are upgrading on mainnet.- If you get an error like
NomicLabsHardhatPluginError: Failed to send contract verification request.
It's usually because the contract wasn't deployed by the time verification ran. You can run verification again withyarn hardhat verify --network goerli IMPLENTATION_ADDRESS
where the implementation address is in the output of the upgrade script.
- If you get an error like
- go to https://defender.openzeppelin.com/#/admin and approve the upgrade proposal (the link is also in the output of the upgrade script)
- After the upgrade proposal is approved, create a PR with the updates to the .openzeppelin/[network-name].json file.
The following auditors reviewed the protocol. You can see reports in /audits
directory:
- Code4rena TBD (report here)
Once all audits are wrapped up, all contracts except tests, interfaces, dependencies are in scope and eligible for the Quest Protocol Bug Bounty program.
The rubric we use to determine bug bounties is as follows:
Level | Example | Maximum Bug Bounty |
---|---|---|
6. Severe | - Draining or freezing of holdings protocol-wide (e.g. draining token distributor, economic attacks, reentrancy, MEV, logic errors) | Let's talk |
5. Critical | - Contracts with balances can be exploited to steal holdings under specific conditions (e.g. bypass guardrails to transfer precious NFT from parties, user can steal their party's distribution) | Up to 25 ETH |
4. High | - Contracts temporarily unable to transfer holdings - Users spoof each other |
Up to 10 ETH |
3. Medium | - Contract consumes unbounded gas - Griefing, denial of service (i.e. attacker spends as much in gas as damage to the contract) |
Up to 5 ETH |
2. Low | - Contract fails to behave as expected, but doesn't lose value | Up to 1 ETH |
1. None | - Best practices |
Any vulnerability or bug discovered must be reported only to the following email: [email protected].
The primary license for the Quest Protocol is the GNU General Public License 3.0 (GPL-3.0), see LICENSE.
Several interface/dependencies files from other sources maintain their original license (as indicated in their SPDX header). All files in test/ remain unlicensed (as indicated in their SPDX header).