Art Of Auditing
  • 👋Preface
  • 🧙Sages
    • @lonelysloth_sec
    • @bobface16
    • @zigtur
    • @J4X_Security
    • @0xEV_om
    • @cergyk
    • @akshaysrivastv
    • @kankodu
    • @gjaldon
    • @riproprip
    • @pkqs90
    • @DadeKuma
    • @EgisSec
    • @BowTiedDravee
    • @Draiakoo
    • @windhustler
    • @santipu_
    • @winnie
    • @Guhu95
    • @_blockian
    • @neumoXX
    • @Alex the Entreprenerd
    • @bahurum
    • @__nnez
    • @0xadrii
    • @deliriusz_eth
    • @el_hajin
    • @rootedrescue
    • @merkle_bonsai
    • @n4nika_
    • @Trungore
    • @m4rio_eth
    • @iamdirky
    • @Czar102
    • @csanuragjain
    • @0xFrankCastle
    • @Al_Qa_qa
    • @Haxatron1
    • @0xMinhT
    • @0xT1MOH
    • @Said
    • @0xSorryNotSorry
    • @NonseOdion
    • @0xArzzz
    • @abarbatei
    • @tpiliposian
    • @0xjuaan
    • @MrPotatoMagic
    • @krikoeth
    • @zzykxx
    • @bauchibred
    • @00xSEV
    • @0xCiphky
    • @peak_bolt
    • @pks_
    • @Stalin_eth
    • @0xb0g0
  • 🧱THE WALL
    • 📖WALL OF WISDOM
Powered by GitBook
  1. Sages

@0xSorryNotSorry

Previous@SaidNext@NonseOdion

Last updated 5 months ago

Member of

Words of Wisdom

🧙
@0xSorryNotSorry
@0xDup1337
Page cover image
Cover

"Don't lose situational awareness"

It's one of the worst things that can happen. It can occur especially in very large codebases.

Once it made us lose the only spotted High vulnerability in a public C4 contest which awarded the solo spotter a 6 figure prize.

I had the risk in my notes, I highlighted the code snippet with the audit tag before, and failed to validate it as I lost the code logic at the end of the contest.

Cover

"Don't force yourself to find the bugs"

It creates unnecessary pressure and a burden when you do it.

I’ve realized that whenever I approach code with this mindset, I often come up empty-handed. However, when I explore codebases out of curiosity and simply for the joy of understanding them, that’s when I find success.

Cover

"Don't lose time on codebases you don't like"

While this could be subjective - as many people suggest that it leverages Game Theory by not doing so - I observe that I don't see any flaws in the codebases that I disliked.

This often leads to simply passing time without purpose and can deepen feelings of imposter syndrome once those flaws become apparent.