Build a Smart Contract or Cloud Security Harness

Capstone C2 · Course 2A · Capstones

90 min · Design · Build · Run · Benchmark · Publish

Prerequisite: C1 complete

Same architecture, different domain

The C1 skeleton — scope middleware, memory, tools, evidence, triage, report — ports directly. What changes is the tool suite, the target, and the benchmark.

This capstone applies the harness architecture to a specialized domain and produces a publishable portfolio artifact.

C2.1 — Design and Scoping (15 min)

Choose a track. Define the three modes. Write the authorization document.

Two tracks, three modes each

TrackModesLab target
Smart contract
(EVMbench-aligned)
Detect · Patch · ExploitDVD / forked mainnet / EVMbench subset
Cloud
(posture + red team)
Detect · Remediate · ExploitIsolated AWS account / LocalStack

A harness that only runs Detect is half a harness. The three modes together are the benchmark — recall alone hides Patch/Remediate and Exploit weaknesses.

The authorization document is not a formality

For cloud especially, an exploit action against the wrong account or without blast-radius limits is a real incident. Write it before you build.

Smart contract: contracts in scope, commit hashes, forked block, authorized actions (read, mutate in fork, deploy PoCs). Cloud: account ID, regions, resources, exploit blast-radius limits, teardown procedure.

C2.2 — Build and Run (60 min)

Implement the full pipeline. Run it against a real lab target. A harness tested only on toy examples is a hypothesis.

The pipeline (both tracks)

Load target (source + metadata / account + controls)
Detect mode → candidate findings / posture violations
Patch/Remediate mode → fix + verify (re-detect clean, tests pass)
Exploit mode → PoC on forked mainnet / red-team action
Triage → filter FP, confirm with evidence
Report → client-ready (HTML + JSON)

Evidence captured at every stage: finding → evidence (sha256) → tool call → trace ID. Same tamper-evident chain from C1.

Real lab targets

Smart contract

Damn Vulnerable DeFi — known solutions per challenge

Forked mainnet — historical exploit before the fix

EVMbench subset — 10-15 vulns, three modes each

Cloud

Isolated AWS — Terraform-provisioned misconfigs

LocalStack — local emulator for fast iteration

Teardown destroys everything after the run

C2.3 — Benchmark and Publish (15 min)

Three independent scores. All three reported together. The scores are falsifiable — anyone can run the same target and compare.

Three scores, reported together

Smart contractCloud
Detect recallDetect recall
Patch quality (fix + behavior preserved)Remediation success (resolved, app unbroken)
Exploit success (PoC on forked mainnet)Exploit success (red-team objective achieved)

85% Detect / 30% Patch / 30% Exploit = detection engine. 80% across all three = genuine harness.

The one-page summary is the asset

Benchmark + client report distill into a single publishable page.

GitHub README (full report + evidence linked) · LinkedIn post (benchmark as falsifiable claim) · Deepthreat.ai (demonstration asset).

The harness is the engine. The benchmark is the proof. The published summary is the portfolio. This is the culmination of Course 2A.