Art Of Auditing
  • 👋Preface
  • 🧙Sages
    • @lonelysloth_sec
    • @bobface16
    • @zigtur
    • @J4X_Security
    • @0xEV_om
    • @cergyk
    • @akshaysrivastv
    • @kankodu
    • @gjaldon
    • @riproprip
    • @pkqs90
    • @DadeKuma
    • @EgisSec
    • @BowTiedDravee
    • @Draiakoo
    • @windhustler
    • @santipu_
    • @winnie
    • @Guhu95
    • @_blockian
    • @neumoXX
    • @Alex the Entreprenerd
    • @bahurum
    • @__nnez
    • @0xadrii
    • @deliriusz_eth
    • @el_hajin
    • @rootedrescue
    • @merkle_bonsai
    • @n4nika_
    • @Trungore
    • @m4rio_eth
    • @iamdirky
    • @Czar102
    • @csanuragjain
    • @0xFrankCastle
    • @Al_Qa_qa
    • @Haxatron1
    • @0xMinhT
    • @0xT1MOH
    • @Said
    • @0xSorryNotSorry
    • @NonseOdion
    • @0xArzzz
    • @abarbatei
    • @tpiliposian
    • @0xjuaan
    • @MrPotatoMagic
    • @krikoeth
    • @zzykxx
    • @bauchibred
    • @00xSEV
    • @0xCiphky
    • @peak_bolt
    • @pks_
    • @Stalin_eth
    • @0xb0g0
  • 🧱THE WALL
    • 📖WALL OF WISDOM
Powered by GitBook
  1. Sages

@__nnez

Previous@bahurumNext@0xadrii

Last updated 4 months ago

Top 50 Immunefi Leaderboard

Words of Wisdom

🧙
@__nnez
Page cover image
Cover

"Choose Your Target Wisely"

It doesn't matter how fancy the bug is - if the project you chose doesn't pay you, nothing matters. Choose wisely where you want to put your effort.

Cover

"Don't get tempted by code that smells bad"

It's tempting to pick an easy target with "code smell" because it has a higher chance of being vulnerable. However, remember that such projects might not take security seriously.

Cover

"Checklist on picking BB targets"

  • They project pays in stablecoin or hard assets (ETH, BTC)

  • If they pay with their own token, make sure they have enough liquidity

  • They are active—you're likely to be ghosted on inactive projects

    • Check their Discord, X (formerly Twitter), or other social platforms

    • Check their GitHub

Cover

"Don't Fear the Complexity"

Complexity goes both ways: if it's complex for you, it's also complex for developers. Complexity often leads to mistakes, and mistakes lead to bugs.

Cover

"Don't Skip the Fundamentals, Fill Your Knowledge Gaps"

While it's partly true that you can earn in this space knowing only Solidity, you might not be able to improve without understanding how blockchain works, how EVM operates, or even how Solidity is compiled to bytecodes. Expand your repertoire to other languages.

Cover

"Don't rely on luck"

Bridge your knowledge gaps. You can't expect to compete with knowledgeable security researchers if you couldn’t match their level of expertise. Luck plays a role in winning, but don't let it be your only factor of winning.

Cover

"Persistence is Key"

What you see on the surface of this space is people's success—you don't see failed attempts. Stories of successful white hats often sound like they came from nothing, but that's unrealistic. Everyone faces hardships before becoming successful.

What they have in common though is persistence! They keep going, they keep doing, and that's what actually makes them distinctly successful.

Cover

"Persistence is key... but madness is not"

Don't forget to take a break.

What I also observe in this space is an excess of positivity. The value of your work is often equated with the time and effort you put into it.

It might sound cool to always be working on a target, spending countless nights looking for a bug. However, that's not healthy.

Don't fall into this trap and pressure. Everybody needs breaks. Remember, you'll only get the best results when you're well-rested.