A decentralized smart contract audit platform built on the Stacks blockchain (Bitcoin L2). Quest Tavern connects project owners (Tavernmasters) who need their smart contracts audited with security researchers (Hunters) who find and report vulnerabilities.
LedgerGuard/
├── contracts/
│ ├── traits/
│ │ └── quest-trait.clar # Interface definition for quest operations
│ ├── quest-manager.clar # Core contract managing quests and findings
│ ├── escrow.clar # Multi-token escrow system
│ └── token-whitelist.clar # Approved payment tokens management
├── tests/ # Unit tests (to be implemented)
├── docs/
│ └── Dev.MD # Detailed development guide
├── Clarinet.toml # Clarinet configuration
└── README.md # This file
Defines the standard interface for quest operations:
create-quest- Create a new audit questjoin-quest- Join an existing quest as a huntersubmit-finding- Submit a vulnerability findingdistribute-rewards- Distribute rewards to approved findings
Core contract for managing the entire quest lifecycle:
- Quest Management: Create, join, and cancel quests
- Finding Submission: Hunters submit vulnerability findings with severity levels
- Approval System: Tavernmasters approve/reject findings and allocate rewards
- Reward Distribution: Automatic distribution after quest completion
- Hunter Statistics: Track earnings, completed quests, and accepted findings
Key Features:
- 5 severity levels: Critical, High, Medium, Low, Informational
- Platform fee: 5% (500 basis points)
- Quest status tracking: Active, Completed, Cancelled
- Finding status tracking: Pending, Approved, Rejected
Multi-token escrow system supporting:
- Token Support: USDCx, sBTC, and native STX
- Escrow Operations: Lock, release, and refund tokens
- Token Whitelist: Only approved tokens can be escrowed
- Batch Release: Distribute rewards to multiple recipients
- Admin Controls: Manage token whitelist and permissions
Manages approved payment tokens:
- Default Tokens: STX and sBTC pre-configured
- Admin Functions: Add/remove tokens, enable/disable tokens
- Token Metadata: Name, symbol, decimals tracking
- Multi-Admin Support: Flexible permission management
✅ All contracts implemented and verified with Clarinet
✅ Core quest management functionality complete
✅ Multi-token escrow system ready
✅ Token whitelist management implemented
- Token transfers are simplified (commented out for development)
as-contractcalls removed for initial testing- External SIP-010 trait imports simplified
- Some functions marked as "Note: In production..." need full implementation
- Clarinet installed
- Node.js (for tests)
- VS Code with Clarity extension (recommended)
# Clone the repository
cd /home/oxcore/SideQuest/LedgerGuard
# Check contracts
clarinet check
# Run tests (once implemented)
npm install
npm testAll contracts pass Clarinet's syntax checker:
clarinet checkResult: ✔ 4 contracts checked (52 warnings are code quality suggestions)
(contract-call? .quest-manager create-quest
"https://github.com/project/repo"
u1000000 ;; 1,000,000 tokens reward
'ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM.token-contract
u1000 ;; 1000 blocks duration
)(contract-call? .quest-manager join-quest u1) ;; Join quest #1(contract-call? .quest-manager submit-finding
u1 ;; quest-id
u1 ;; severity (1=Critical)
0x1234... ;; description-hash (IPFS)
0x5678... ;; proof-hash
)(contract-call? .quest-manager approve-finding
u1 ;; finding-id
u25 ;; reward-percentage (25% of total)
)(contract-call? .quest-manager distribute-rewards u1) ;; quest-idu100- Unauthorizedu101- Quest not foundu102- Quest endedu103- Quest still activeu104- Already joinedu105- Not joinedu106- Invalid severityu107- Finding already processedu111- Quest has hunters (cannot cancel)
u200- Unauthorizedu201- Escrow not foundu202- Already releasedu207- Token not whitelisted
u300- Unauthorizedu301- Token not foundu302- Token already existsu303- Token disabled
- Blockchain: Stacks (Bitcoin L2)
- Smart Contract Language: Clarity
- Development Tools: Clarinet
- Testing: Vitest + @stacks/clarinet-sdk
- Payment Tokens: USDCx, sBTC, STX
- Project setup
- Core contracts implemented
- Clarinet verification passed
- Implement full token transfer logic
- Add SIP-010 trait integration
- Complete escrow functionality
- Unit tests with Clarinet SDK
- Integration tests
- Gas optimization
- Frontend development (React + Stacks.js)
- Mainnet deployment
- Security audit
This is currently in development. See Dev.MD for detailed development guidelines.
- Complete security audit
- Implement full token transfer logic
- Add comprehensive test coverage
- Review all error handling
- Optimize gas usage
- Test on testnet extensively
[Add your license here]
[Add your contact information here]