chrisdior.eth
@chrisdior777
Followers
7K
Following
7K
Statuses
3K
Co-Founder @CDSecurity_ Providing Elite Smart Contract Security
Web3
Joined October 2021
3 years ago, I started learning Solidity on Now, I am a Co-Founder of a company with 50+ successful smart contract security reviews, an official security partner of Polygon Labs, and collaborating with some of the top auditors. What a journey!
25
40
466
RT @chrisdior777: If I were a smart contract auditor, I’d definitely check out these podcasts. When top people in your field talk, you li…
0
10
0
If I were a smart contract auditor, I’d definitely check out these podcasts. When top people in your field talk, you listen. 3 episodes so far—tons to learn. 10x @0xriptide for making this happen and inspiring the next wave of talent in the space!
2
10
74
10x to @RareSkills_io for this GOLD! Yul Puzzles help developers master Solidity’s low-level assembly (Yul) through hands-on practice. 60 puzzles cover key concepts like ABI encoding, storage slots, and more. It’s free and open to everyone!
1
6
60
Office view for the last 5 days. Can’t complain. Not so productive though, the pool is too tempting 🤣 Back to basics from tomorrow🚀
2
0
46
RT @chrisdior777: Complexity in smart contracts increases the likelihood of errors. 1. Ensure the contract logic is simple 2. Us…
0
1
0
Complexity in smart contracts increases the likelihood of errors. 1. Ensure the contract logic is simple 2. Use already-written tools or code where possible (eg. don't roll your own random number generator) 3. Prefer clarity to performance whenever possible 🤝
2
1
57
Quick tip for the new Solidity devs/auditors: Integer division rounds down, causing precision issues (e.g., 1.99 days rounds to 1). To fix, use fixed-point math by scaling values (e.g., multiplying by 1e18) before dividing. This reduces calculation errors.
3
8
94
Pure ALPHA on how you can you start making money as a Smart Contract Auditor in 7 steps. Pay close attention to Number 7⃣. It's the ultimate game-changer that determines success or failure.
Q) How to start making money through auditing? Assuming you have built up a decent skillset, the following strategies may work: 1⃣ Pick a protocol niche (DAO, Perps, Dex/AMM, Lending/Borrowing, Bridges/Cross-Chain etc) then study all the past contest & private reports for protocols of that type, learning all the vuln types & gotchas inside-out. Then focus on contests with that protocol type. Eg @windhustler is known as The LayerZero Guru 2⃣ Apply the same technique to bug bounties, especially if you specialize in some really niche stuff like Fuel/Sway or interactions between Solidity/Rust components - some very high value bug bounties have been found in these newer niche areas where there is less demand but also far less competition 3⃣ Choose a service niche to specialize in, provide a great service and market yourself effectively (people have made $ specializing in all sorts of things like gas optimization @PopPunkOnChain , fuzz testing @getreconxyz , formal verification @alexzoid_eth. Aim to post once per day with content for your niche, become known as the expert in that specialized area 4⃣ Publish high-impact research that gets featured in @blockthreat ; you could take all your learnings from 1,2,3 above and use it to write and publish vulnerability deep dives and all sorts of other valuable content 5⃣ Build a brand - a lot of the security business is branding, protocols are buying not just your services but also the brand name. Once you have a decent brand name you can likely start doing private audits for small protocols, especially in this market there is tons of demand 6⃣ Build a portfolio - create a portfolio of your work showcasing your accomplishments. This is great both for getting private audits and also taking a full-time role at a firm 7⃣ Commit - none of the above will happen overnight. Commit to working hard for the next 6-12 months and see your life change. The only people who didn't make it from when I started are the ones who gave up and disappeared - everyone who stuck around and put in the effort is now printing $$$,$$$ and some even more!
1
1
22
It's surprising how often the crucial step of validating function input parameters gets overlooked in the Solidity audits we conduct. ENSURE thorough validation of input parameters! This simple yet critical practice prevents unexpected issues from arising. ✅
4
0
24
Smart contract audits are essential to: - Prevent financial loss from vulnerabilities. - Ensure the contract works as intended. - Boost user and investor confidence. Projects should conduct as many audits as possible. 🫡
1
3
48
RT @chrisdior777: Money drives motivation. Before paying $3,000 for an audit of your 1,500 nSLOC project, consider this: Good auditors wo…
0
6
0
Money drives motivation. Before paying $3,000 for an audit of your 1,500 nSLOC project, consider this: Good auditors won’t be motivated by that amount at all. The more you pay, the more effort you get, and vice versa. That’s how it works—more money equals more motivation.
3
6
88
RT @DevDacian: Q) How to start making money through auditing? Assuming you have built up a decent skillset, the following strategies may w…
0
44
0
Many security researchers avoid complex topics like EIPs, ZK, or L2s. Remember, most people find them intimidating and skip learning, missing the chance to master that tech. Instead, push through and become an expert in these areas! 🫡
5
3
106
Here are 3 common pricing models for Smart Contract Audits 🫡: - Weekly Rate: A fixed fee is charged for each week of the audit. - Project-Based: Pricing is based on complexity, timeline, and urgency. - Pay-Per-Vulnerability: Charges are based on the number of bugs found.
1
0
29