Art Of Auditing
  • 👋Preface
  • 🧙Sages
    • @lonelysloth_sec
    • @bobface16
    • @zigtur
    • @J4X_Security
    • @0xEV_om
    • @cergyk
    • @akshaysrivastv
    • @kankodu
    • @gjaldon
    • @riproprip
    • @pkqs90
    • @DadeKuma
    • @EgisSec
    • @BowTiedDravee
    • @Draiakoo
    • @windhustler
    • @santipu_
    • @winnie
    • @Guhu95
    • @_blockian
    • @neumoXX
    • @Alex the Entreprenerd
    • @bahurum
    • @__nnez
    • @0xadrii
    • @deliriusz_eth
    • @el_hajin
    • @rootedrescue
    • @merkle_bonsai
    • @n4nika_
    • @Trungore
    • @m4rio_eth
    • @iamdirky
    • @Czar102
    • @csanuragjain
    • @0xFrankCastle
    • @Al_Qa_qa
    • @Haxatron1
    • @0xMinhT
    • @0xT1MOH
    • @Said
    • @0xSorryNotSorry
    • @NonseOdion
    • @0xArzzz
    • @abarbatei
    • @tpiliposian
    • @0xjuaan
    • @MrPotatoMagic
    • @krikoeth
    • @zzykxx
    • @bauchibred
    • @00xSEV
    • @0xCiphky
    • @peak_bolt
    • @pks_
    • @Stalin_eth
    • @0xb0g0
  • 🧱THE WALL
    • 📖WALL OF WISDOM
Powered by GitBook
  1. Sages

@bahurum

Previous@Alex the EntreprenerdNext@__nnez

Last updated 4 months ago

Top 100 on Immunefi

Words of Wisdom

🧙
@bahurum
Page cover image
Cover

"Go for the kill"

For time efficiency while hunting, concentrate on critical paths and assets, while leaving aside secondary assets. Understand the risk model of the project to decide where to focus. This will help you find the right attack vectors.

Cover

"Turn copper into gold"

Often the impact of a bug is not immediately identified. Make sure to understand the project in detail before submitting a report. With the right context, or combining the bug found with another bug, the severity level could be raised. Always double check to make sure you are not underestimating a bug's impact, and tune the PoC for maximum impact.

Cover

"Multiply the effect of your efforts"

Sometimes you'll find a bug general enough that it could exist on other projects. Check all other similar projects where you could find it as well. Look through BBPs, repos, onchain contracts. While doing this, think of the possible variants of the bug as well. With some luck you could capitalize on the original bug and get some extra rewards.