@abarbatei
abarbatei.xyz | Veteran auditor since the time of "approvals can be front-run"โvalid as a medium issue | Working both in EVM-land and in the Stacks ecosystem.
Words of Wisdom
A bit controversial, but also include informational and low issues when possible. The act of putting into writing a potential low issue both solidifies your understanding of the codebase and provides a slight benefit for the protocol. Countless times, while thinking about how to report an informational issue on a part of the code, I realized there were more issues there.
"The Hunter Should Not Be Jealous of the Builder's Hammer, and the Builder Should Not Envy the Hunter's Bow"
What works when hunting on bug bounties may not be as relevant when doing private engagements or contests.
Although similar, different applications of auditing require different approaches. Remember this and do not try to apply a bug bounty hunter mindset to a private engagement, or vice-versa.
Your resource is your brain, but it has its quirks. You may focus for hours on a codebase only to find an issue later while showering. Why? Because you entered a diffuse thinking mode.
Relax your thinking intentionally to allow the pieces to fall into place and the issue to reveal itself to you. Plan walks, long baths, or other such activities in between focus sessions.
Last updated