Add this vulnerable contract as a challenge

[SergioDemianLerner]

// Courtesy of SDL, Coinspect.com

pragma solidity ^0.4.13;

// String Helper contract library
library String {
    function equals(string memory _a, string memory _b) internal returns (bool) {
		bytes memory a = bytes(_a);
		bytes memory b = bytes(_b);
		if (a.length != b.length)
			return false;
		
		for (uint i = 0; i < a.length; i ++)
			if (a[i] != b[i])
				return false;
		return true;
	}
}

contract MyEtherWallet {
    
  using String for string;
  
  event onWithdrawal(string logmsg,address a);
  
  function MyEtherWallet() {
      
  }
    
     // Basic function to withdraw an amount of funds from the Token contract
     function  withdrawFunds(string logmsg) returns(bool) {
         if (logmsg.equals("OWNER"))
            onWithdrawal(logmsg,msg.sender);
         return msg.sender.send(this.balance);
    }
   
}


contract MyProtectedWallet is MyEtherWallet {
    
  address owner;
  
  function MyProtectedWallet()  {
      owner = msg.sender;
  }
  
  // This function restricts withdrawals to the contract owner and
  // fixes log msg.
  function  withdrawFunds(String logmsg) returns(bool) {
   if (msg.sender!=owner)
     return false;
  
   return super.withdrawFunds("OWNER");
  }  
}

[SergioDemianLerner]

The MyEtherWallet is a ether wallet with some additional features, which have been removed to show the relevant code. The owner deploys the MyProtectedWallet, which is an inherited contract that restricts the withdrawal of all funds to the owner of the contract.
Sadly all ether payments to this wallet can be stolen.