| Group Members: | |
| Date: |
Tips for Analysis: Read each contract carefully. Look for patterns from the vulnerability
reference guide. Think step-by-step about how an attacker could exploit the code. Be specific in your
explanations - vague answers like "there's a security bug" won't receive full credit.
Contract 1: Bank Withdrawal System
Vulnerability Analysis
1. What is the primary vulnerability in this contract?
2. Explain step-by-step how an attacker could exploit this vulnerability:
3. What is the impact severity?
4. Propose a fix for this vulnerability:
5. Bug Bounty Valuation
Formula: Bounty = (TVL at Risk × Severity Factor) × 10%
Severity Factors: Critical = 1.0, High = 0.5, Medium = 0.2, Low = 0.05
| Estimated Total Value Locked (TVL) at Risk: | $ |
| Severity Factor: | |
| Estimated Bug Bounty: | $ |
Contract 2: Token Ownership Manager
Vulnerability Analysis
1. What is the primary vulnerability in this contract?
2. Explain step-by-step how an attacker could exploit this vulnerability:
3. What is the impact severity?
4. Propose a fix for this vulnerability:
5. Bug Bounty Valuation
| Estimated Total Value Locked (TVL) at Risk: | $ |
| Severity Factor: | |
| Estimated Bug Bounty: | $ |
Contract 3: Simple Token Transfer
Vulnerability Analysis
1. What is the primary vulnerability in this contract?
2. Explain step-by-step how an attacker could exploit this vulnerability:
3. What is the impact severity?
4. Propose a fix for this vulnerability:
5. Bug Bounty Valuation
| Estimated Total Value Locked (TVL) at Risk: | $ |
| Severity Factor: | |
| Estimated Bug Bounty: | $ |
Comparative Analysis
Cross-Contract Insights
1. Which vulnerability is most severe? Why?
2. Are any vulnerabilities related or compound? Explain:
3. Game Theory: Attack vs. Report Decision
Assume you discovered all three vulnerabilities in a protocol with $50M TVL. Calculate potential outcomes:
| Scenario | Potential Profit | Risk/Consequences |
|---|---|---|
| Exploit the vulnerabilities | ||
| Report via bug bounty | ||
| Rational choice? | ||
4. What does this exercise reveal about mechanism design in crypto?
🏆 BONUS CONTRACTS (Extra Credit: +10 Points) 🏆
Complete analysis for Contracts 4, 5, and 6 using the same format above. Attach additional pages.
Bonus Contract Completed:
Contract 4: Flash Loan Lending Pool
Contract 5: Price Oracle Aggregator
Contract 6: Time-Locked Vault
Contract 5: Price Oracle Aggregator
Contract 6: Time-Locked Vault
Presentation Notes
5-Minute Presentation Preparation
Which contract will your group present?
Key points to cover (outline your presentation):
© Joerg Osterrieder 2025-2026. All rights reserved.