toufik-airane · April 15, 2025 20:17
diff --git a/gistfile1.txt b/gistfile1.txt
 ## 🧠 Web3 Security Quizz  
 **⏱️ Duration**: 60 minutes  
 **📋 Format**: Multiple Choice Quiz (QCM)  
 **📈 Total Questions**: 12

 ---

 ### **1. Contract Interaction Logic**  
 You deployed both Contract X and Contract Y. You called `Y.increment_1()` followed by `Y.increment_2()`. What are the values of the `counter` variables in X and Y?

 A) X = 1, Y = 1  
 B) X = 2, Y = 0  
 C) X = 0, Y = 2  
 D) X = 1, Y = 2  

 ---

 ### **2. Struct Storage & Memory Size**  
 Given a struct with multiple fields, how many bytes does it occupy in **storage** and **memory**, respectively?

 A) 32 bytes in storage, dynamic in memory  
 B) Depends on packing, always 32 in memory  
 C) 64 bytes fixed for both  
 D) Cannot be determined without the struct definition  

 ---

 ### **3. Uniswap v3 OracleLibrary Integration**  
 Which of the following OracleLibrary usage examples is correctly implemented?

 A) `OracleLibrary.consult(pool, secondsAgo)`  
 B) `OracleLibrary.getTWAP(pool, startTime)`  
 C) `OracleLibrary.price(pool, interval)`  
 D) `OracleLibrary.computeTWAP(poolAddress, tickSpacing)`  

 ---

 ### **4. DeFi Swap Routing Strategy**  
 A protocol uses a hardcoded Uniswap v2 pool for swaps. What is the best improvement?

 A) Add a fallback to Sushiswap  
 B) Allow dynamic routing to any DEX with price comparison  
 C) Use Uniswap v3 exclusively  
 D) Increase slippage tolerance to avoid failed swaps  

 ---

 ### **5. Vyper Pseudocode Bug**  
 What’s wrong in the following Vyper pseudocode?

 A) Missing `@public` decorator  
 B) Incorrect storage variable indexing  
 C) Reentrancy risk from external call before state change  
 D) Using `assert` instead of `require`  

 ---

 ### **6. Token Authenticity**  
 Which of the following is **not** a real token?

 A) DAI  
 B) WETH  
 C) FLUXCAP  
 D) UNI  

 ---

 ### **7. Compound Fork Security Best Practices**  
 Choose all that apply. To avoid known vulnerabilities in a Compound v2 fork, you must:

 A) Patch the price oracle logic  
 B) Use Solidity 0.4.24 for compatibility  
 C) Restrict admin controls and verify governor contract  
 D) Eliminate interest accrual logic  

 ---

 ### **8. LP Exit via Gelato Trigger**  
 A protocol wants to withdraw its Uniswap v3 LP when ETH hits $3000 using Gelato. What challenges may arise? *(Select all that apply)*

 A) Price volatility near trigger point  
 B) Tick slippage may prevent full withdrawal  
 C) Gelato supports Uniswap v2 only  
 D) Oracle sync delays or frontrunning  

 ---

 ### **9. Proxy Storage Collisions**  
 Which design mitigates proxy storage collisions?

 A) Separate admin and implementation contracts  
 B) Use unique storage slots via keccak256  
 C) Flatten contracts into one  
 D) Store state in calldata only  

 ---

 ### **10. Identify the Vulnerability**  
 Review the following Solidity code. What type of vulnerability is present?

 A) Integer overflow  
 B) Reentrancy  
 C) Front-running  
 D) Delegatecall misuse  

 ---

 ### **11. Reentrancy Explained**  
 What makes reentrancy a unique blockchain security issue?

 A) It only affects Solidity  
 B) Web2 servers use async processing  
 C) Contract calls can re-enter before state changes finalize  
 D) It only impacts gas-heavy operations  

 ---

 ### **12. Creative Exploits**  
 Which of the following best describes a **creative** on-chain exploit? *(Choose one)*

 A) Flash loan-based governance takeover  
 B) Basic phishing link  
 C) Social engineering on Discord  
 D) Incorrect block gas limit handling
	## 🧠 Web3 Security Quizz
	⏱️ Duration: 60 minutes
	📋 Format: Multiple Choice Quiz (QCM)
	📈 Total Questions: 12

	---

	### 1. Contract Interaction Logic
	You deployed both Contract X and Contract Y. You called `Y.increment_1()` followed by `Y.increment_2()`. What are the values of the `counter` variables in X and Y?

	A) X = 1, Y = 1
	B) X = 2, Y = 0
	C) X = 0, Y = 2
	D) X = 1, Y = 2

	---

	### 2. Struct Storage & Memory Size
	Given a struct with multiple fields, how many bytes does it occupy in storage and memory, respectively?

	A) 32 bytes in storage, dynamic in memory
	B) Depends on packing, always 32 in memory
	C) 64 bytes fixed for both
	D) Cannot be determined without the struct definition

	---

	### 3. Uniswap v3 OracleLibrary Integration
	Which of the following OracleLibrary usage examples is correctly implemented?

	A) `OracleLibrary.consult(pool, secondsAgo)`
	B) `OracleLibrary.getTWAP(pool, startTime)`
	C) `OracleLibrary.price(pool, interval)`
	D) `OracleLibrary.computeTWAP(poolAddress, tickSpacing)`

	---

	### 4. DeFi Swap Routing Strategy
	A protocol uses a hardcoded Uniswap v2 pool for swaps. What is the best improvement?

	A) Add a fallback to Sushiswap
	B) Allow dynamic routing to any DEX with price comparison
	C) Use Uniswap v3 exclusively
	D) Increase slippage tolerance to avoid failed swaps

	---

	### 5. Vyper Pseudocode Bug
	What’s wrong in the following Vyper pseudocode?

	A) Missing `@public` decorator
	B) Incorrect storage variable indexing
	C) Reentrancy risk from external call before state change
	D) Using `assert` instead of `require`

	---

	### 6. Token Authenticity
	Which of the following is not a real token?

	A) DAI
	B) WETH
	C) FLUXCAP
	D) UNI

	---

	### 7. Compound Fork Security Best Practices
	Choose all that apply. To avoid known vulnerabilities in a Compound v2 fork, you must:

	A) Patch the price oracle logic
	B) Use Solidity 0.4.24 for compatibility
	C) Restrict admin controls and verify governor contract
	D) Eliminate interest accrual logic

	---

	### 8. LP Exit via Gelato Trigger
	A protocol wants to withdraw its Uniswap v3 LP when ETH hits $3000 using Gelato. What challenges may arise? (Select all that apply)

	A) Price volatility near trigger point
	B) Tick slippage may prevent full withdrawal
	C) Gelato supports Uniswap v2 only
	D) Oracle sync delays or frontrunning

	---

	### 9. Proxy Storage Collisions
	Which design mitigates proxy storage collisions?

	A) Separate admin and implementation contracts
	B) Use unique storage slots via keccak256
	C) Flatten contracts into one
	D) Store state in calldata only

	---

	### 10. Identify the Vulnerability
	Review the following Solidity code. What type of vulnerability is present?

	A) Integer overflow
	B) Reentrancy
	C) Front-running
	D) Delegatecall misuse

	---

	### 11. Reentrancy Explained
	What makes reentrancy a unique blockchain security issue?

	A) It only affects Solidity
	B) Web2 servers use async processing
	C) Contract calls can re-enter before state changes finalize
	D) It only impacts gas-heavy operations

	---

	### 12. Creative Exploits
	Which of the following best describes a creative on-chain exploit? (Choose one)

	A) Flash loan-based governance takeover
	B) Basic phishing link
	C) Social engineering on Discord
	D) Incorrect block gas limit handling