Art Of Auditing
  • 👋Preface
  • 🧙Sages
    • @lonelysloth_sec
    • @bobface16
    • @zigtur
    • @J4X_Security
    • @0xEV_om
    • @cergyk
    • @akshaysrivastv
    • @kankodu
    • @gjaldon
    • @riproprip
    • @pkqs90
    • @DadeKuma
    • @EgisSec
    • @BowTiedDravee
    • @Draiakoo
    • @windhustler
    • @santipu_
    • @winnie
    • @Guhu95
    • @_blockian
    • @neumoXX
    • @Alex the Entreprenerd
    • @bahurum
    • @__nnez
    • @0xadrii
    • @deliriusz_eth
    • @el_hajin
    • @rootedrescue
    • @merkle_bonsai
    • @n4nika_
    • @Trungore
    • @m4rio_eth
    • @iamdirky
    • @Czar102
    • @csanuragjain
    • @0xFrankCastle
    • @Al_Qa_qa
    • @Haxatron1
    • @0xMinhT
    • @0xT1MOH
    • @Said
    • @0xSorryNotSorry
    • @NonseOdion
    • @0xArzzz
    • @abarbatei
    • @tpiliposian
    • @0xjuaan
    • @MrPotatoMagic
    • @krikoeth
    • @zzykxx
    • @bauchibred
    • @00xSEV
    • @0xCiphky
    • @peak_bolt
    • @pks_
    • @Stalin_eth
    • @0xb0g0
  • 🧱THE WALL
    • 📖WALL OF WISDOM
Powered by GitBook
  1. Sages

@cergyk

Previous@0xEV_omNext@akshaysrivastv

Last updated 4 months ago

LSW at Sherlock | Top 5 on Cantina | Top 100 Immunefi | Creator of

Words of Wisdom

🧙
@cergyk
https://upgradehub.xyz
Page cover image
Cover

"The end is only the beginning"

Keep pushing after thinking you have found everything.

After some time, you get a good gut feeling for when to stop. This is a reminder to keep pushing even after that feeling still, once in a while

Cover

"See the code through many lens"

Get as many views of the code as possible- (history, coverage, run tests), a contract is never unidimensional The goal of a security review is to get insights overlooked by the developer. Reading the code directly is the most obvious way to do it but is also the way the developer thinks about the code.

Cover

"The power of comparison"

Use the power of comparison, whether inside of a contract, or comparing a protocol design to a similar one.

Even without understanding the purpose of a piece of code, if we know that two different implementations are supposed to do the same thing, we can check for inconsistencies. Also as SRs we see a lot of different implementations for a similar projects so that is an advantage