Art Of Auditing
  • 👋Preface
  • 🧙Sages
    • @lonelysloth_sec
    • @bobface16
    • @zigtur
    • @J4X_Security
    • @0xEV_om
    • @cergyk
    • @akshaysrivastv
    • @kankodu
    • @gjaldon
    • @riproprip
    • @pkqs90
    • @DadeKuma
    • @EgisSec
    • @BowTiedDravee
    • @Draiakoo
    • @windhustler
    • @santipu_
    • @winnie
    • @Guhu95
    • @_blockian
    • @neumoXX
    • @Alex the Entreprenerd
    • @bahurum
    • @__nnez
    • @0xadrii
    • @deliriusz_eth
    • @el_hajin
    • @rootedrescue
    • @merkle_bonsai
    • @n4nika_
    • @Trungore
    • @m4rio_eth
    • @iamdirky
    • @Czar102
    • @csanuragjain
    • @0xFrankCastle
    • @Al_Qa_qa
    • @Haxatron1
    • @0xMinhT
    • @0xT1MOH
    • @Said
    • @0xSorryNotSorry
    • @NonseOdion
    • @0xArzzz
    • @abarbatei
    • @tpiliposian
    • @0xjuaan
    • @MrPotatoMagic
    • @krikoeth
    • @zzykxx
    • @bauchibred
    • @00xSEV
    • @0xCiphky
    • @peak_bolt
    • @pks_
    • @Stalin_eth
    • @0xb0g0
  • 🧱THE WALL
    • 📖WALL OF WISDOM
Powered by GitBook
  1. Sages

@akshaysrivastv

Previous@cergykNext@kankodu

Last updated 4 months ago

SR at Spearbit | Top auditor on Code4rena 2023

Words of Wisdom

🧙
@akshaysrivastv
Page cover image
Cover

"For newbies: Learn the basics"

  • Learn the basics of blockchain, ethereum and solidity. You should have a basic idea of how these things work under the hood.

  • Learn about basic smart contract/blochchain bugs

  • Do some CTFs and other available challenges

Cover

"For newbies: Do shadow audits "

Do shadow audits. Choose any past audit with small codebase and try to find bugs in it, then compare your found bugs with the actual audit contest result.

Pay special attention to the bugs you missed as that's the key for improvement.

Cover

"For newbies: Compete in a live contest "

Compete in a live contest - preferably a smaller codebase one. Analyze your findings against the contest top rankers.

Cover

"For the experienced: Choose less crowded contests"

To maximize payouts choose less crowded contests (complex codebases, new languages, new platforms, heavy math codebase, etc).

Cover

"For the experienced: Ask"

Question every business logic. Asking what if ...? is the way to go.

Cover

"For the experienced: Go deep"

Go deep into the codebase that you audit.

Understand the protocol flow & all its state transitions. Diagrams/charts can be helpful here.

Cover

"For the experienced: Understand your top competitors"

Try to understand the mindset of your fellow top competitors in the contest.

Read all their findings to understand how they were seeing and approaching the codebase.