# @krikoeth

### <picture><source srcset="/files/yHQJGsnTKXGol7dGBFIz" media="(prefers-color-scheme: dark)"><img src="/files/iTZa4ulJWBKYtwk4Thdr" alt="" data-size="line"></picture> [@krikoeth](https://x.com/krikoeth)

### Web3 Security SpeedRunner&#x20;

<div align="left"><figure><img src="/files/zxVUVIVD7FhvAYwotzBW" alt="" width="100"><figcaption></figcaption></figure></div>

## Words of Wisdom

***

<table data-card-size="large" data-view="cards" data-full-width="false"><thead><tr><th align="center"></th><th></th><th data-hidden data-card-cover data-type="files"></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td align="center"><h3>"Maintain physical and mental energy<strong>"</strong></h3></td><td><p>It’s better to do less work on 100% than double the work on 50%. My belief is that if you do a 100% job, you get 100% result. </p><p></p><p>But if you do a 50% job, you get 25% result. You work with code every day, you use your brain to uncover sophisticated attacks. You need 100% focus. You need good sleep, good diet and a lot of energy. Take a break sometimes, work out / walk daily, go on a hike</p></td><td><a href="/files/gIxUcxUyUuUwzbJFmp9Z">/files/gIxUcxUyUuUwzbJFmp9Z</a></td><td></td></tr><tr><td align="center"><h3>"Embrace the failure<strong>"</strong></h3></td><td><p>This applies especially to audit contests. You work your ass off on an audit just to find out that you made a few cents in the end. That is the best thing that can happen to you! </p><p></p><p>First you can learn from the findings you did not find and make sure that you will never miss those again. </p><p></p><p>Second you can retrospect on your process and see what should be improved, maybe based on the reasons why you missed some findings. </p><p></p><p>Third this should make you want to compete more and more fiercely with the new knowledge to beat everyone the next time.</p><p></p><p>My biggest achievements started when I changed my approach after I realised I have not reported vulnerabilities worth <strong>~$40k</strong> that I saw during the competitions:)</p></td><td><a href="/files/IBOSGmPKcZ74Z1gnOIKK">/files/IBOSGmPKcZ74Z1gnOIKK</a></td><td></td></tr><tr><td align="center"><h3>"Learn constantly<strong>"</strong></h3></td><td><p>There is a new attack vector everyday. There is a new technology or concept every week. You must still be ahead of the market. </p><p></p><p></p></td><td><a href="/files/3aksLf83uVhuvtJyGSTj">/files/3aksLf83uVhuvtJyGSTj</a></td><td></td></tr><tr><td align="center"><h3>"Hunt in blue oceans🌊"</h3></td><td><p>There is some good in financial success that  might be a good driver forward, that’s why you should hunt in blue oceans - focus where the least focus is to maximise your profit.</p><p></p><p>Why compete with thousands when you can compete with tens?:)<br><br>Compete does not necessarily means audit competitions, businesses are competing for customers etc.</p></td><td><a href="/files/GVrORnCb3zeJojRcdslx">/files/GVrORnCb3zeJojRcdslx</a></td><td></td></tr><tr><td align="center"><h3>"Do not audit"</h3></td><td><p>This means that audit to me signals some guy in suit checking if something is correct. You are not a unit test, you should not check if it is working correctly.</p><p></p><p>You should check how to exploit it for your financial gain! Or how to exploit it to hurt the users, or the protocol itself. You are the attacker! </p><p></p><p>Of course, you are the good guy, so once you uncover the bug, you responsibly report it:)</p></td><td><a href="/files/AN5SyIMH7YatUmphu4IL">/files/AN5SyIMH7YatUmphu4IL</a></td><td></td></tr><tr><td align="center"><h3>"Improve"</h3></td><td><p>I changed my process several times, in the beginning after almost every audit, until I found what suits me the best. </p><p></p><p>Key insights from my process is analyse what you are doing (drawings, use case diagrams, flow charts, state machine), identify attack vectors and create threat models, and then just break the code.</p></td><td><a href="/files/dTlbNwOfZULaZgU0i8Ta">/files/dTlbNwOfZULaZgU0i8Ta</a></td><td></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://web3-sec.gitbook.io/art-of-auditing/audit-sages/krikoeth.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.