diff --git a/heap_3/chall b/heap_3/chall
new file mode 100755
index 0000000..37f466d
Binary files /dev/null and b/heap_3/chall differ
diff --git a/heap_3/chall.c b/heap_3/chall.c
new file mode 100755
index 0000000..4c7a811
--- /dev/null
+++ b/heap_3/chall.c
@@ -0,0 +1,116 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define FLAGSIZE_MAX 64
+
+// Create struct
+typedef struct {
+  char a[10];
+  char b[10];
+  char c[10];
+  char flag[5];
+} object;
+
+int num_allocs;
+object *x;
+
+void check_win() {
+  if(!strcmp(x->flag, "pico")) {
+    printf("YOU WIN!!11!!\n");
+
+    // Print flag
+    char buf[FLAGSIZE_MAX];
+    FILE *fd = fopen("flag.txt", "r");
+    fgets(buf, FLAGSIZE_MAX, fd);
+    printf("%s\n", buf);
+    fflush(stdout);
+
+    exit(0);
+
+  } else {
+    printf("No flage for u :(\n");
+    fflush(stdout);
+  }
+  // Call function in struct
+}
+
+void print_menu() {
+    printf("\n1. Print Heap\n2. Allocate object\n3. Print x->flag\n4. Check for win\n5. Free x\n6. "
+           "Exit\n\nEnter your choice: ");
+    fflush(stdout);
+}
+
+// Create a struct
+void init() {
+
+    printf("\nfreed but still in use\nnow memory untracked\ndo you smell the bug?\n");
+    fflush(stdout);
+
+    x = malloc(sizeof(object));
+    strncpy(x->flag, "bico", 5);
+}
+
+void alloc_object() {
+    printf("Size of object allocation: ");
+    fflush(stdout);
+    int size = 0;
+    scanf("%d", &size);
+    char* alloc = malloc(size);
+    printf("Data for flag: ");
+    fflush(stdout);
+    scanf("%s", alloc);
+}
+
+void free_memory() {
+    free(x);
+}
+
+void print_heap() {
+    printf("[*]   Address   ->   Value   \n");
+    printf("+-------------+-----------+\n");
+    printf("[*]   %p  ->   %s\n", x->flag, x->flag);
+    printf("+-------------+-----------+\n");
+    fflush(stdout);
+}
+
+int main(void) {
+
+    // Setup
+    init();
+
+    int choice;
+
+    while (1) {
+        print_menu();
+	if (scanf("%d", &choice) != 1) exit(0);
+
+        switch (choice) {
+        case 1:
+            // print heap
+            print_heap();
+            break;
+        case 2:
+            alloc_object();
+            break;
+        case 3:
+            // print x
+            printf("\n\nx = %s\n\n", x->flag);
+            fflush(stdout);
+            break;
+        case 4:
+            // Check for win condition
+            check_win();
+            break;
+        case 5:
+            free_memory();
+            break;
+        case 6:
+            // exit
+            return 0;
+        default:
+            printf("Invalid choice\n");
+            fflush(stdout);
+        }
+    }
+}