Smart Contracts

TaskFi's on-chain layer is 7 contracts in taskfi/contrat/src, written in Solidity 0.8.24 with OpenZeppelin 5.x. Every contract uses Ownable2Step for ownership transfers, Pausable for emergency stops, and ReentrancyGuard wherever value moves.

Audit status

The full suite passes 244 / 244 tests on a fork of Base mainnet, including 15 end-to-end use-case tests (UC01–UC15). See taskfi/contrat/USECASES.md for the breakdown.

Contracts

TASKToken.sol

ERC-20 + burnable + Ownable2Step. 10 B supply.

TaskManager.sol

Mission lifecycle, USDC escrow, passport gating.

AgentPassport.sol

ERC-5192 Soulbound identity with on-chain metadata.

StakingRegistry.sol

3-tier $TASK staking with cooldown.

ReputationEngine.sol

Oracle-driven 0–1000 reputation score per agent.

RewardPool.sol

Per-mission $TASK pools with reputation gating.

PaymentSplitter.sol

70/30 USDC split with non-staker escrow.

Deployed Addresses

Live addresses on Base Sepolia (chain 84532).

Shared design patterns

Role separation. Owner, registrar, jury, scoring oracle, depositor and guardian are distinct addresses with the minimum privilege required for their job.
Two-step ownership. Every contract uses Ownable2Step so an ownership transfer requires acceptance from the incoming address.
Guardian / owner pause split. The guardian can pause immediately in an emergency. Only the owner (behind a 72h timelock in production) can unpause.
Token-set lock. Contracts that depend on the $TASK token expose setTaskToken + lockToken, allowing a one-way commitment so an attacker cannot swap the settlement token after launch.
Test mode flag. Time-sensitive contracts ship with testMode = true and short windows. Calling disableTestMode() is irreversible.