I really respect how the OpenZeppelin team took the time to create a wargame level after:
- Receiving and analyzing the UUPS vulnerability report from an external source
- Mitigating the fallout to users by sending
initialize()transactions to implementation contracts
- Writing a detailed security advisory and post mortem
- Improving documentation and tooling to minimize the chance of similar exploits further
I've handled security exploits and mitigation before. The work and stress make it hard enough to hold a good "Lessons Learned" session in the original dev team afterward. Creating a public war game level to educate developers in the whole ecosystem shows real dedication.
My regret as a lover of Ethernaut challenges is that I happened to be using
UUPS and thus have read the vulnerability description immediately when I noticed it. I was robbed of the joy of coming up with the exploit for the Motorbike level because I just implemented the recommended mitigation for work .