Skip to content
/ quest-protocol Public

Quests Protocol is a protocol to distribute token rewards for completing on-chain tasks.

License

GPL-3.0 license
89 stars 23 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rabbitholegg/quest-protocol

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

621 Commits
.github/workflows
.github/workflows
 
 
.husky
.husky
 
 
.openzeppelin
.openzeppelin
 
 
.vscode
.vscode
 
 
broadcast
broadcast
 
 
contracts
contracts
 
 
docs
docs
 
 
lib
lib
 
 
script
script
 
 
svgs
svgs
 
 
test-gas-stories
test-gas-stories
 
 
test
test
 
 
.env.example
.env.example
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.mocharc.json
.mocharc.json
 
 
.solhint.json
.solhint.json
 
 
.yarnrc
.yarnrc
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
coverage.json
coverage.json
 
 
foundry.toml
foundry.toml
 
 
gas-stories.txt
gas-stories.txt
 
 
hardhat.config.ts
hardhat.config.ts
 
 
hardhat.gas-stories.config.ts
hardhat.gas-stories.config.ts
 
 
img.png
img.png
 
 
package.json
package.json
 
 
remappings.txt
remappings.txt
 
 
slither.config.json
slither.config.json
 
 
tsconfig.json
tsconfig.json
 
 
waffle.json
waffle.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

Quest Protocol

Tests Lint

Overview

Quests Protocol is a protocol to distribute token rewards for completing on-chain tasks.

img.png

Table of Contents

Documentation

For more information on all docs related to the Quest Protocol, see the documentation directory here.

Addresses

Mainnet, Optimism, Polygon, Arbitrum, Base and Sepolia:

Contract Name Address
Quest Factory 0x52629961F71C1C2564C5aa22372CB1b9fa9EBA3E
RabbitHole Tickets 0x0D380362762B0cf375227037f2217f59A4eC4b9E
Protocol Rewards 0x168437d131f8deF2d94B555FF34f4539458DD6F9

Contracts

The main contracts are:

  • Quest Factory (code)
    • Creates new Quest instances of an NFT reward Quest or ERC-20 reward Quest.
  • Quest (code)
    • A Quest in which the reward is an ERC-20 token
  • QuestNFT (code)
    • A Quest in which the reward is a NFT
  • Protocol Rewards (code)
    • An escrow like contract in which funds are deposited into account balances.

Contract Structure

Contracts are layed out in the following order:

  1. Use statements (i.e. using SafeTransferLib for address;)
  2. Contract storage - we use upgradable architecture so pay special attention to preserving the order of contract storage, and only add to the end.
  3. Contract constructors and initialization functions
  4. Modifiers
  5. External Update functions - anything that modifies contract state
  6. External View Functions - self explanatory
  7. Internal Update functions
  8. Internal View functions

Interfaces should be used to hold the following:

  1. Events
  2. Errors
  3. Structs

Best Practices

For anything not covered here please refer to the Foundry Best Practices for more information.

Patterns

The contracts use two main patterns.

Factory Pattern

More reading here

image

Dependency Injection

More reading here image

Factory Creation Pattern

More reading here

Install

Install dependencies

yarn

Compile Contracts

yarn compile

Testing

Run all tests:

yarn test

Run test coverage report:

yarn test:coverage

Run gas test:

yarn test:gas-stories

Gotchas

If you see something like this expected error: 0xdd8133e6 != 0xce3f0005 in Forge logging, your best bet is to search for the hex string (ce3f0005 don't prepend 0x) in Errors.json within the build artifacts - that should have most error strings in it.

Deployment

  1. Deploy the ProxyAdmin forge script script/ProxyAdmin.s.sol:ProxyAdminDeploy --rpc-url sepolia --broadcast --verify -vvvv
  2. Deploy QuestFactory (this also upgrades it to the latest version) forge script script/QuestFactory.s.sol:QuestFactoryDeploy --rpc-url sepolia --broadcast --verify -vvvv
  3. Deploy RabbitHoleTickets (this also upgrades it to the latest version) forge script script/RabbitHoleTickets.s.sol:RabbitHoleTicketsDeploy --rpc-url sepolia --broadcast --verify -vvvv
  4. Deploy Quest forge script script/Quest.s.sol:QuestDeploy --rpc-url sepolia --broadcast --verify -vvvv
  5. Deploy Quest1155 forge script script/Quest.s.sol:Quest1155Deploy --rpc-url sepolia --broadcast --verify -vvvv
  6. Set any storage variables manually if need be.

Depricated hardhat-deploy method

RabbitHoleReceipt and QuestFactory

  • checkout from sha ea60f723fadfb5f02edad862f56072c0c972cfc2

QuestTerminalKey

  • checkout from sha fbc3c0fb7fdf13713314b996fa20a2551f9d591e

RabbitHoleTickets

  • checkout from sha 70a56a1567dcd9c4d6f7718388667c5e0564fb2f (must add in the deploy script manually)

then:

  • yarn hardhat deploy --network network_name
  • yarn hardhat --network network_name etherscan-verify --api-key etherscan_api_key

Upgrading

important: make sure storage layouts are compatible, by running the upgrades-core validate script on the contract you are upgrading, for example: forge clean && forge build && npx @openzeppelin/upgrades-core validate --contract RabbitHoleTickets

Then to upgrade a contract, run one of the following commands: forge script script/QuestFactory.s.sol:QuestFactoryUpgrade --rpc-url sepolia --broadcast --verify -vvvv forge script script/RabbitHoleTickets.s.sol:RabbitHoleTicketsUpgrade --rpc-url sepolia --broadcast --verify -vvvv forge script script/Quest.s.sol:QuestDeploy --rpc-url sepolia --broadcast --verify -vvvv forge script script/Quest.s.sol:Quest1155Deploy --rpc-url sepolia --broadcast --verify -vvvv

Audits

The following auditors reviewed the protocol.

  • Code4rena (report here)

Bug Bounty

All contracts except tests, interfaces, dependencies are in scope and eligible for the Quest Protocol Bug Bounty program.

The rubric we use to determine bug bounties is as follows:

Level Example Maximum Bug Bounty
6. Severe - Draining or freezing of holdings protocol-wide (e.g. draining token distributor, economic attacks, reentrancy, MEV, logic errors) Let's talk
5. Critical - Contracts with balances can be exploited to steal holdings under specific conditions (e.g. bypass guardrails to transfer precious NFT from parties, user can steal their party's distribution) Up to 25 ETH
4. High - Contracts temporarily unable to transfer holdings
- Users spoof each other		 Up to 10 ETH
3. Medium - Contract consumes unbounded gas
- Griefing, denial of service (i.e. attacker spends as much in gas as damage to the contract)		 Up to 5 ETH
2. Low - Contract fails to behave as expected, but doesn't lose value Up to 1 ETH
1. None - Best practices

Any vulnerability or bug discovered must be reported only to the following email: security@rabbithole.gg.

License

The primary license for the Quest Protocol is the GNU General Public License 3.0 (GPL-3.0), see LICENSE.

Several interface/dependencies files from other sources maintain their original license (as indicated in their SPDX header). All files in test/ remain MIT (as indicated in their SPDX header).

About

Quests Protocol is a protocol to distribute token rewards for completing on-chain tasks.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

89 stars

Watchers

9 watching

Forks

23 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 9

Languages