I just found a confirmed bug on @immunefi

impactful work is built on on top of boring work

small win. just gonna flaunt it to improve my chances of getting hired at a firm 😹 much more to do though

Many people would not understand the time, sacrifice and amount of focus it takes to be a good SR

Not that this information is useful in auditing but it really helped me to understand how storage slots work in solidity

- address 0x3B0AAf6e6fCd4a7cEEf8c92C32DFeA9E64dC1862 in the private mapping `members` nested in - the struct `RoleData` which is mapped to default admin role 0x0 in the mapping(bytes32 => RoleData) private _roles within the StakedUSDeV2 contract?

https://t.co/z8pGXkzGU9 Can you use ONLY Foundry’s cast + inspect to read the boolean value of

While preparing for a SR interview, I recently learnt more about storage in EVM. Heres an exercise 👇

Some wins in Jul and Aug~ Still trying to better myself everyday. One thing I learnt from notional comp is that Im not proficient enough to audit two codebases at once 😹.

Stop being on discord frequently and stop checking your phone first thing in the morning Start internalising the code in your head

More practical tips for SRs: “Just read the code” really means read + understand so you can question it. Jot down your takeaways from reading the codebase, then bring in external info (from the same/external codebases or docs) to question them.

Missed a bug? Do this: 1. Study it deeply. 2. Boil it down to a 1 line heuristic. 3. Without reference, reimagine the code in your head + apply heuristic to "find" the bug This form of information retrieval has helped me to lock the heuristic into my long term memory

Every small win should be celebrated 😁 Behind this small amount earned is the immense amount of knowledge you gained from missing bugs the hard way.

Another win~ Thanks to @sherlockdefi and @Allbridge_io for the opportunity 😸

Welcome back to Sherlock's Vulnerability Spotlight, where we highlight an impactful vulnerability uncovered during a Sherlock audit. This week, we have an Unvalidated Cross-Chain token swap. It was uncovered by @0xekkoo, @0xapple_, @elolpuer, @x0sauce, @patitonar, @sepyke,

Theres a lot of AI FUD nowadays in the auditing space. Better to ignore the noise and keep getting better.

3rd Contest win on @sherlockdefi with 100% high coverage Still missed a lot of bugs despite submitting 30+ findings. A lot more work to be done.

forge test —mt test_POCISpendTooLongToWriteBecauseIHaveNo80RepOr0.68Signal .. passes in one try with no reverts 🥜🥜

Audit alpha? Read as many lines of code as you can -> understand the code -> question it 10 times or more (a lot more actually) -> find a lead -> think about an impact -> validate the lead Thats it. Takes me forever to achieve these few steps

Wrote down a lead and pursued it for 2 days but decided against submitting it and it turns out to be a low dupe bug. Painful lesson to learn 😿.