Find bugs with the help of AI and write robust test for your smart contract.
Multiply your auditing technique and be a more organized auditor
Checkout the latest video I made about
@audit_wizard
Well it seems i'm improving now,
My first 3 digit payout from
@code4rena
from the Canto contest.
My first top 10 as well for.
Also my guy Satyam_sharma got the 2nd rank in it Kudos.
This was my first full month in web3 auditing, here are some of the stats:
1. Earned $1719 as a reward.
2. Rank 1 for one of the audit contest
@secure3io
3. Found 2 solo M.
4. A total of 4M severity bugs
Thanks to
@secure3io
and
@code4rena
and
@sherlockdefi
for the oppurtunity
On Feb 8 my birthday I decided to start competing with the name "PseudoArtist" on Sherlock and was blessed to be in the top 10 and receive my first 4 digit on Sherlock ✅
Many more to go 🙂
After finding 5H and 9M in a tight competition of Noya I was expecting nothing since it has almost 100 HM findings.
But I got a sweet little reward and the name of my team next to some great researchers.
Now tell me why I shouldn't do it in a team 🫢
I
@dkni8mare
and
@AnmolPokhrel6
did predy and found 5/12 issues in the codebase, and got this reward .
Although I was expecting more in terms of rewards but that's okay.
More wins in the bag of WinSec
You know what's the best feeling in the whole wide world?
Experiencing fatherhood 🙂
I am a proud father today, And it's been the best day of my life in last 16 years ❤
Join me in my audit process!
Essential guide for beginners: 'How to Start an Audit.' Whether you're a budding auditor or simply curious about the world of auditing, this video is your go-to resource. !"
Since I started auditing, All I see on Twitter is about smart contract auditing and I feel I'm so late 🤣
But in reality the numbers for smart contract auditors are still so low.
What
@zksync
has done for security researchers should inspire most protocols to do and incentivise security researchers.
It's a win win for both protocols as well as researchers.
Hope we see more such moves from protocols in the future 🚀
The only thing you need is consistency and nothing else.
No auditing roadmap
No alpha posts
No 5yrs of experience
Just consistency and you'll be there 🔥
Keep hustling keep growing 🙏
This weekend I'm going to start a mentorship programme for beginners, and it is great for the beginners to kickstart their journey
@cawfree
and
@0x3b33
will be taking guest lectures in this programme.
Tomorrow is the last day to enroll!
Who wants to do a quick private audit with me ?
It's a low budget audit so if you want a private audit under your portfolio then DM me.
Also I'll be considering a first few people only with decent portfolio.
As a beginner, I've always wondered where to start while doing an audit but not anymore.
I've made a video where I talk about how to approach a codebase while auditing and what mindset should one have.
Watch out the video here 👇👇👇👇
Happy to have found 1 Medium in the
@VenusProtocol
contest.
Rewards are not too much but I'm happy to see my progress.
Thanks
@code4rena
for such a great platform 🤩
Unfortunately the bug I submitted
@immunefi
was indeed a valid bug but somehow it was out of scope.
The bug was in the smart contract that was in the scope but the type (griefing) was out of scope so I got nothing but experience and learnings .
Someone found 6/12 issues in a contest on C4 and got 40k+ and my team found 5/12 issues and just got $479.
I still can't believe how you have to be very hard working + lucky to earn hefty in contests.
The new C4 gatherer bonus is just like Sherlock's LSW model.
Lets dissect the overlooked role of luck in audit competitions. While skill is paramount, luck can sway outcomes more than we realize. Explore the interplay between skill and chance, offering strategies to navigate uncertainty and thrive in audit contests.
I see people in the space who are genuine and committed to build and give back to the community and one of those are
@hangoutDao_
💜
Even though I have been very late to be with them but joining the spaces and talking to them feels so genuine.
I asked the sponsor that protocol has wrong assumptions and it could lead to serious problems and he said if that happens they will just pause the contract! I didn't submit the issue and Its a valid Medium 🥲Lesson learned, Devs never accept their mistake so submit everything
Participating in
@Wise_Lending
audit on
@code4rena
and I made this diagram for my understanding of the flow, The code is written in a very organized manner and so needs a lot of helper functions in the architecture.
PS : This diagram only involves starting part.
Happy Hunting🤘
Waiting eagerly for my 2 cents from Noya contest !
Choosing contest is one of the most important things to do as a security researcher!
Better not waste energy and time if there are too many auditors doing it!
After days of trying to break into
@Wise_Lending
I finally got something juicy. This is very well written and I absorbed way too much in this codebase, Improved myself with code. Lets see what I get in the end.
Never say never till the contest end.
If you are auditing a Lending/borrowing protocol it's a great read with already reported bugs.
@DevDacian
made a great consolidation of bugs here.
Happy hunting :)
Made a little diagram for my better understanding of AI Arena, since this was one of the biggest function it helped me understand things better, also mind mapping for me only works till certain limits 😁
I just realised it's never too late!
You just need to be consistent enough and keep doing it. If anyone still thinks it's too late to learn auditing I believe it's not 💯
I can't imagine how exponential your growth in audit contests are, I just had a mock audit for a job and I found 3 bugs instantly 🔥
Most of the Lows or QAs in C4 contests are actually real bugs 🐞
Get your code audited before it's too late 🏃
I need a partner who can team up with me for the contests, I've tried finding a mentor but was unsuccessful in that.
Anyone who is willing to give 8+ hrs everyday without fail can DM me.
Many protocols integrate UniV3 and forget about an important check which leads to a critical integration bug in
#UniswapV3
! 🚨 Check out my latest video where I dive into the details and potential impacts. Stay informed ! 📉💻
I'll get a burger with this 1H finding reward while watching other warden escalate issues during my next contest ✅
@sherlockdefi
is not for weak hearted 😄
This is a confession post.Not many people do this, But I wanted to thank
@CirrusNFT
for letting me be the part of the community 💜
I sold my pass cuz I needed liquidity, My wallet was hacked and I lost my life savings there and selling the pass was only option I had.
I made a massive mistake of jumping from contest to contest.
I will no longer do it again and will only focus on one audit at a time for the whole contest period.
PS : An advice from an OG warden
There is always a feeling of not understanding enough and leaving the audit in before even you start, but once you get better understanding of the protocol the real fun begins!
I just love auditing , its like challenging yourself everyday!
Security research is like exploring the unexplored ✅
Those who love digging up will definitely love this because it let's you dig things up and connect them.
Okay so here I am starting small, I am going to add everything in my audit portfolio these coming months and see how it pans out.
Making a portfolio for yourself is very important, Its a proof of work and I suggest everyone to have one
I'm sharing mine .
Remember the bug I submitted on immunefi a few days back ?
Well that didn't go pretty well and now I understand why most of the whitehats have bad experience with immunefi.
Just completed my first private audit with my guy
@Satyam33sharma
.
The client was very happy with the service.
I will continue to push myself hard and make this space a more secure place to be
When you hear top auditors making thousands of dollars in an audit competition and you go all in and after months of hard work you get 1.01$ for 1H,2M in a competition 🥹
The pain is real 😄
We need more protocols like this.
@ExactlyProtocol
You guys are way too serious for your protocol's security and that shows the amount of seriousness you guys have for users.
One thing I feel personally is to uncover good bugs you need time to understand the protocol.
Take your time to understand and then try to uncover bugs 🐛
Best technique.
Don't hurry !
Anyone who wants a free private audit of codes less than 500 SLOC can contact me in my DMs :)
Happy to provide service to those who can't afford a private audit ;)
I'm an Electrical Engineer by degree
I worked as a business analyst after College
I left the job and prepared for government
I joined ISRO and worked at the ground station of NAVIC(Just like GPS)
Worked for a year at the Income tax department.
Now I'm working in the Defence.
I don't know what everyone is reading to upgrade their skillset, But to me book by
@RareSkills_io
is one of the best and clear expalanation of how AMM works.
Kick start and learn about Uniswap V2 by deep diving in this book :
Thanks alot to every single one of you who joined our space.When we started never though we could gather an audience but look at us now
So many people hearing us now.
Thanks alot
@luuminize
for joining the space and sharing your journey ❤️
Love and respect 😊
Shoutout to everyone
For the culture :)
Thanks
@bytes032
and
@FindAudit
for such a great platform.
Here is my profile for the
@FindAudit
and I'm glad to share with you all :)
So many ups and downs, so many challenges irl
But I have to take a leap of faith and dive in.
Taking up a hard challenge 💪
I'm going to do full time web3 sec for 4 months and If I see sufficient results
I'll leave 9-5!
One thing that haunts me most is I don't want to fail without even giving it a try.
So I try almost everything in my life.
I have learnt :
YouTube (Have my own Channel)
Video Editing
Guitar
NFTs
Crypto
Coding
Stock Market
Options Trading
Yoga
Smart contract Auditing isn't easy, It requires immense focus and lots of hard work to reach a level where things start getting obvious.
Are you willing to give your best anon?