@abarbatei

abarbatei.xyz | Veteran auditor since the time of "approvals can be front-run"—valid as a medium issue | Working both in EVM-land and in the Stacks ecosystem.

Words of Wisdom

"Do Not Avoid the Cracks While Looking for the Entrance"

A bit controversial, but also include informational and low issues when possible. The act of putting into writing a potential low issue both solidifies your understanding of the codebase and provides a slight benefit for the protocol. Countless times, while thinking about how to report an informational issue on a part of the code, I realized there were more issues there.

"The Hunter Should Not Be Jealous of the Builder's Hammer, and the Builder Should Not Envy the Hunter's Bow"

What works when hunting on bug bounties may not be as relevant when doing private engagements or contests.

Although similar, different applications of auditing require different approaches. Remember this and do not try to apply a bug bounty hunter mindset to a private engagement, or vice-versa.

"Balance Focus With Flow"

Your resource is your brain, but it has its quirks. You may focus for hours on a codebase only to find an issue later while showering. Why? Because you entered a diffuse thinking mode.

Relax your thinking intentionally to allow the pieces to fall into place and the issue to reveal itself to you. Plan walks, long baths, or other such activities in between focus sessions.

Previous@0xArzzz Next@tpiliposian

Last updated 1 year ago

hashtag @abarbateiarrow-up-right

hashtag abarbatei.xyzarrow-up-right | Veteran auditor since the time of "approvals can be front-run"—valid as a medium issue | Working both in EVM-land and in the Stacks ecosystem.

hashtagWords of Wisdom

hashtag"Do Not Avoid the Cracks While Looking for the Entrance"

hashtag"The Hunter Should Not Be Jealous of the Builder's Hammer, and the Builder Should Not Envy the Hunter's Bow"

hashtag"Balance Focus With Flow"