It's one of the worst things that can happen. It can occur especially in very large codebases.
Once it made us lose the only spotted High vulnerability in a public C4 contest which awarded the solo spotter a 6 figure prize.
I had the risk in my notes, I highlighted the code snippet with the audit tag before, and failed to validate it as I lost the code logic at the end of the contest.
"Don't force yourself to find the bugs"
It creates unnecessary pressure and a burden when you do it.
I’ve realized that whenever I approach code with this mindset, I often come up empty-handed. However, when I explore codebases out of curiosity and simply for the joy of understanding them, that’s when I find success.
"Don't lose time on codebases you don't like"
While this could be subjective - as many people suggest that it leverages Game Theory by not doing so - I observe that I don't see any flaws in the codebases that I disliked.
This often leads to simply passing time without purpose and can deepen feelings of imposter syndrome once those flaws become apparent.
