Art Of Auditing
@ArtOfAuditing
Followers
746
Following
144
Media
0
Statuses
174
https://t.co/fhaBbzvj5W | authored by the amazing auditors of the web3 community | compiled & maintained by @xb0g0
World
Joined December 2024
Click the π to receive your daily dose of AUDITING wisdomπ§ββοΈ
Starting today @ArtOfAuditing has become x10 more valuable. Currently being the only resource to compile the hard acquired ALPHA of many skilled auditors, I felt we need to maximize its value. πͺI finally found the time to do it. Starting today, you'll be receiving your daily
0
1
9
π§ββοΈWise sage @xuwinniexu once sad: π§ CRITICAL THINKING π "Don't read other's reports without independent thinking first."π https://t.co/amlC8f6icF
web3-sec.gitbook.io
0
0
10
π§ββοΈWise sage @J4X_Security once sad: π§ CHECK FOR 3 SIGNS THAT WILL TELL YOU THAT THIS IS A GOOD CONTEST TO DO: π "New language / protocol typeComplex MathGigantic codebase"π https://t.co/nmwlkgUeaO
web3-sec.gitbook.io
0
0
3
π§ββοΈWise sage @windhustler once sad: π§ Breaking Versus Understanding π "Focus on breaking the codebase rather than understanding it. Many bugs are slight logical inconsistencies that donβt even require understand..."π https://t.co/eF2XndJn4d
web3-sec.gitbook.io
0
0
11
π§ββοΈWise sage @zigtur once sad: π§ Setup that feedback loop π "Failing by missing vulnerabilities is normal. You canβt do without it.But failing multiple times on the same issues is not acceptable.Get that feedback loo..."π https://t.co/UcQZ4gseJY
web3-sec.gitbook.io
0
1
9
π§ββοΈWise sage @bobface16 once sad: π§ How to improve your skills π "Theoretical knowledge is important, but nothing trumps practical experience. Develop your own projects and observe areas of security concern, parti..."π https://t.co/XwQivlrdrV
web3-sec.gitbook.io
0
0
14
π§ββοΈWise sage @EgisSec once sad: π§ Don't stop until you have achieved your goal π "If your goal is to uncover a high-severity bug in the X codebase and you're committed to it, your focus will naturally guide you towa..."π https://t.co/x0jfQp37Pc
web3-sec.gitbook.io
0
1
5
π§ββοΈWise sage @0xadrii once sad: π§ Have patience and learn from each contest π "Although it might seem that the auditing part of the contest brings you the most learnings, it is in the escalations and results phase w..."π https://t.co/lNdBKw3X3X
web3-sec.gitbook.io
0
1
14
π§ββοΈWise sage @0xb0g0 once sad: π§ Go deeeeep π "This is where unique and less duplicated findings hide. If you stay on the surface, where everyone else is, you'll uncover the same issues as everyone else.But if you're..."π https://t.co/CO3RTIOkHs
web3-sec.gitbook.io
0
0
4
π§ββοΈWise sage @pks_ once sad: π§ When identifying a potential vulnerability: π "Thoroughly review the attack path firstly.Take a break, then review it again with fresh eyes.If the vulnerability still holds after double r..."π https://t.co/EFaVXQ3w4J
web3-sec.gitbook.io
0
0
3
π§ββοΈWise sage @NonseOdion once sad: π§ Mitigations are a good place to start looking for bugs. π "A mitigation can fix a bug, partially fix a bug, not fix a bug or expose another vulnerability in the code. It can a..."π https://t.co/eWsk2Ilro4
web3-sec.gitbook.io
0
1
3
π§ββοΈWise sage @m4rio_eth once sad: π§ The most complicated bugs are the simplest π "Sometimes we have the urge to try to come up with very complicated/weird edge-cases forgetting to approach everyone from first prin..."π https://t.co/vk7ocYw8IB
web3-sec.gitbook.io
0
0
9
π§ββοΈWise sage @zzykxx once sad: π§ There's always (and I mean always) another bug π "Most of my decisions regarding an audit are based on this one-liner, for instance I never quit before the time is over and I rarely f..."π https://t.co/LT88yIxKRF
web3-sec.gitbook.io
0
0
8
π§ββοΈWise sage @saidamdev once sad: π§ Never accept protocol design decisions without question π "Always ask why they were designed and implemented that way. I have seen unique findings that aren't immediately apparent in..."π https://t.co/B267pKM9MJ
web3-sec.gitbook.io
0
0
1
π§ββοΈWise sage @__nnez once sad: π§ CHOOSE YOUR TARGET WISELY π "It doesn't matter how fancy the bug is - if the project you chose doesn't pay you, nothing matters. Choose wisely where you want to put your effort."π https://t.co/JxY2J7zQOj
web3-sec.gitbook.io
0
0
11
π§ββοΈWise sage @Haxatron1 once sad: π§ Be organized in your approach π "I like to keep track of contracts I have reviewed, so that I don't miss out on anything and it is easier for me to do a systematic review of all..."π https://t.co/syOT2QDOyF
web3-sec.gitbook.io
0
0
14
π§ββοΈWise sage @akshaysrivastv once sad: π§ For newbies: Do shadow audits π "Do shadow audits. Choose any past audit with small codebase and try to find bugs in it, then compare your found bugs with the actual..."π https://t.co/SRR4CcxtmQ
web3-sec.gitbook.io
0
0
5
π§ββοΈWise sage @EgisSec once sad: π§ Focus is your best ally. Make sure you know how to work well with it. π "What sets the best researchers apart from the average ones is their ability to focus and the time they spend..."π https://t.co/x0jfQp2zZE
web3-sec.gitbook.io
0
0
10
π§ββοΈWise sage @0xjuaan once sad: π§ Transact with the protocol in different ways π "A great way to understand a live protocol at a high level is to just transact with it in different ways (via the frontend), and then..."π https://t.co/QmDH8dRv7l
web3-sec.gitbook.io
0
0
11
π§ββοΈWise sage @gjaldon once sad: π§ The larger the audit scope and the more complicated the protocol, the more critical your notes will be. π "Note-taking is a skill that also needs to be developed to be great at audi..."π https://t.co/uIpHNcCOWB
web3-sec.gitbook.io
0
0
12
π§ββοΈWise sage @bahurum once sad: π§ Go for the kill π "For time efficiency while hunting, concentrate on critical paths and assets, while leaving aside secondary assets. Understand the risk model of the project to dec..."π https://t.co/EeiFa1eHD4
web3-sec.gitbook.io
0
0
4