A comprehensive ERC-20 token implementation with upgradeable architecture, role-based access control (RBAC), and advanced security features including blocked list functionality.
The Quantoz tokens are upgradeable ERC-20 tokens built on OpenZeppelin's upgradeable contracts framework. The project includes multiple token implementations with different feature sets:
- QuantozToken: Base token with owner-based minting/burning and blocked list functionality
- QuantozTokenLZ: Upgraded version with RBAC (Role-Based Access Control) for enhanced security
- ExampleUpgradedQuantozToken: Example of further upgrades demonstrating extensibility
- Upgradeable Architecture: Built using OpenZeppelin's upgradeable contracts
- ERC-20 Standard: Full ERC-20 compliance with additional features
- ERC-20 Permit: Support for gasless approvals via EIP-2612
- Custom Decimals: Configurable decimal places (1-18)
- Blocked List: Ability to block/unblock addresses from transfers
- Owner Controls: Only owner can add/remove addresses from blocked list
- Transfer Restrictions: Blocked addresses cannot transfer tokens
- Contract Address Protection: Prevents transfers to the token contract itself
- Role-Based Access Control: Replaces owner-only permissions with roles
- MINTER_ROLE: Can mint new tokens
- BURNER_ROLE: Can burn tokens from any address
- DEFAULT_ADMIN_ROLE: Can manage other roles
- Backward Compatibility: Maintains all original functionality
contract QuantozToken is
ERC20PermitUpgradeable,
BlockedList
{
// Core ERC-20 functionality
// Owner-based minting/burning
// Blocked list integration
}contract QuantozTokenLZ is
QuantozToken,
AccessControlUpgradeable
{
// All QuantozToken features
// Role-based minting/burning
// Enhanced security model
}contract BlockedList is OwnableUpgradeable {
// Blocked address management
// Transfer restrictions
// Owner-only controls
}- Node.js >= 16.0.0
- npm >= 8.0.0
- Hardhat
- Foundry (for advanced testing)
# Clone the repository
git clone <repository-url>
cd quantoz-tokens
# Install dependencies
npm install
# Install Foundry (if not already installed)
curl -L https://foundry.paradigm.xyz | bash
foundryupCreate a .env file with the following variables:
MNEMONIC=your_mnemonic_phrase_here
ETHEREUM_RPC_URL=your_ethereum_rpc_url
ETHERSCAN_TOKEN=your_etherscan_api_keynpx hardhat run scripts/deploy.js --network <network>npx hardhat run scripts/deployWithFactory.js --network <network>npx hardhat run scripts/deployMultisig.js --network <network>const QuantozTokenLZ = await ethers.getContractFactory("QuantozTokenLZ");
await upgrades.upgradeProxy(tokenAddress, QuantozTokenLZ);// Grant initial roles to owner
await token.grantInitialRole();
// Grant specific roles
await token.grantRole(await token.MINTER_ROLE(), minterAddress);
await token.grantRole(await token.BURNER_ROLE(), burnerAddress);npx hardhat run scripts/grantRole.js --network <network>npx hardhat run scripts/callgrantRoleMultisig.js --network <network>npx hardhat run scripts/revokeRole.js --network <network>// Owner-based (QuantozToken)
await token.connect(owner).mint(userAddress, amount);
// Role-based (QuantozTokenLZ)
await token.connect(minter).mint(userAddress, amount);// Owner-based (QuantozToken)
await token.connect(owner).burn(userAddress, amount);
// Role-based (QuantozTokenLZ)
await token.connect(burner).burn(userAddress, amount);// Add to blocked list
await token.connect(owner).addToBlockedList(userAddress);
// Remove from blocked list
await token.connect(owner).removeFromBlockedList(userAddress);
// Check if blocked
const isBlocked = await token.isBlocked(userAddress);npm testforge testforge test --match-contract QuantozTokenFuzzTestnpx hardhat coverageThe comprehensive test suite covers:
- Basic Upgrade: QuantozToken → QuantozTokenLZ
- Multi-Step Upgrade: QuantozToken → QuantozTokenLZ → ExampleUpgradedQuantozToken
- State Preservation: Balances, allowances, blocked lists maintained
- Functionality Preservation: All original features work after upgrade
- Role Assignment: Granting/revoking roles
- Permission Testing: Role-based access control
- Backward Compatibility: Original owner functions still work
- Security: Non-role holders cannot perform restricted operations
- Block/Unblock: Adding/removing addresses
- Transfer Restrictions: Blocked addresses cannot transfer
- Owner Override: Owner can still burn from blocked addresses
- Integration: Works with both base and RBAC versions
- Input Validation: Zero address, zero amount checks
- Permission Checks: Only authorized users can perform operations
- Event Emission: Proper event logging
- Owner-Only Management: Only contract owner can modify blocked list
- Zero Address Protection: Cannot block zero address
- Transfer Prevention: Blocked addresses cannot transfer tokens
- Owner Override: Owner can still burn from blocked addresses
- Role-Based Permissions: Granular access control
- Admin Role Management: Only admins can grant/revoke roles
- Separation of Concerns: Different roles for different operations
- Backward Compatibility: Original owner functions preserved
- Input Validation: Comprehensive parameter checking
- Event Logging: All important operations emit events
- Upgrade Safety: Safe upgrade patterns with state preservation
The project supports multiple networks:
mainnet: {
url: process.env.ETHEREUM_RPC_URL,
chainId: 1,
accounts: accounts
}polygon: {
url: "https://polygon-mainnet.infura.io/v3/...",
chainId: 137,
accounts: accounts
}hardhat: {
// Default Hardhat network
}deploy.js: Basic token deploymentdeployWithFactory.js: Factory-based deploymentdeployMultisig.js: MultiSig wallet deployment
grantRole.js: Grant roles to addressesrevokeRole.js: Revoke roles from addressesgetOwner.js: Get current token ownergetProxyAdmin.js: Get proxy admin address
callgrantRoleMultisig.js: Grant roles via MultiSigcallGrantBurnerRoleMultisig.js: Grant burner role via MultiSigcallMintMultisig.js: Mint tokens via MultiSigcallBurnMultisig.js: Burn tokens via MultiSigupgradeViaMultiSig.js: Upgrade token via MultiSig
debug.js: Debug token statedebugUpgradeIssue.js: Debug upgrade issuestransferOwnershipToMultiSig.js: Transfer ownership to MultiSig
@openzeppelin/contracts: 4.9.6@openzeppelin/contracts-upgradeable: 4.9.6hardhat: ^2.25.0
@openzeppelin/hardhat-upgrades: ^1.28.0@nomicfoundation/hardhat-toolbox: ^2.0.2@nomicfoundation/hardhat-foundry: ^1.1.2solidity-coverage: ^0.8.2
- QuantozToken: MIT License
- BlockedList: Apache 2.0 License (based on Tether's implementation)
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
For questions, issues, or contributions, please:
- Check the existing issues
- Review the test files for usage examples
- Consult the UPGRADE_GUIDE.md for upgrade procedures
- Create a new issue with detailed information
- v1.0: Initial QuantozToken with blocked list functionality
- v2.0: QuantozTokenLZ with RBAC upgrade
- v3.0: Example upgrades demonstrating extensibility
Note: This project is designed for production use with proper security considerations. Always audit contracts before deployment and follow security best practices.