web3-case-study-role-misconfig
CommunityEnd-to-end case study for role misconfig bugs.
Software Engineering#poc#access-control#smart-contract#role-misconfiguration#yield-aggregator#rewards-distributor
Authorshuvonsec
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Case study demonstrating how a role misconfiguration in a rewards-distributor contract can permanently lock all earned rewards, enabling auditors to reproduce and assess the risk in a controlled setting.
Core Features & Use Cases
- Architecture walkthrough of a yield-aggregator target with a focus on Access Control patterns.
- Complete bug class verdicts across 10 classes and two live findings (DISTRIBUTOR_ROLE never granted; dust harvest DoS)
- Complete PoC templates, remediation guidance, and validation steps to reproduce in a testnet or forked mainnet.
Quick Start
Fork the mainnet and run the RoleNeverGranted PoC to verify that getRoleMemberCount(DISTRIBUTOR_ROLE) is 0 and that claimFor() reverts for any address.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: web3-case-study-role-misconfig Download link: https://github.com/shuvonsec/web3-bug-bounty-hunting-ai-skills/archive/main.zip#web3-case-study-role-misconfig Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.