Art Of Auditing
  • 👋Preface
  • 🧙Sages
    • @lonelysloth_sec
    • @bobface16
    • @zigtur
    • @J4X_Security
    • @0xEV_om
    • @cergyk
    • @akshaysrivastv
    • @kankodu
    • @gjaldon
    • @riproprip
    • @pkqs90
    • @DadeKuma
    • @EgisSec
    • @BowTiedDravee
    • @Draiakoo
    • @windhustler
    • @santipu_
    • @winnie
    • @Guhu95
    • @_blockian
    • @neumoXX
    • @Alex the Entreprenerd
    • @bahurum
    • @__nnez
    • @0xadrii
    • @deliriusz_eth
    • @el_hajin
    • @rootedrescue
    • @merkle_bonsai
    • @n4nika_
    • @Trungore
    • @m4rio_eth
    • @iamdirky
    • @Czar102
    • @csanuragjain
    • @0xFrankCastle
    • @Al_Qa_qa
    • @Haxatron1
    • @0xMinhT
    • @0xT1MOH
    • @Said
    • @0xSorryNotSorry
    • @NonseOdion
    • @0xArzzz
    • @abarbatei
    • @tpiliposian
    • @0xjuaan
    • @MrPotatoMagic
    • @krikoeth
    • @zzykxx
    • @bauchibred
    • @00xSEV
    • @0xCiphky
    • @peak_bolt
    • @pks_
    • @Stalin_eth
    • @0xb0g0
  • 🧱THE WALL
    • 📖WALL OF WISDOM
Powered by GitBook
  1. Sages

@Guhu95

Previous@winnieNext@_blockian

Last updated 4 months ago

Words of Wisdom

🧙
@Guhu95
Page cover image
Cover

"Go slow"

Slower than you feel you need. Slower is better, better is faster.

In auditing, slower also means you'll have observations, questions, and ideas that others reviewers didn't let themselves the time to have - and find missed bugs.

Cover

"Clusters of understanding first"

Understanding the code thoroughly is 90% of the work and the results.

The other 90% (the creative work) depends on the first part fully. Yes, 90-90 applies to auditing as well.

Clusters: try to find the natural division into logical components, or "clusters" of understanding.

Cover

"Go deep"

The better bugs are in the end of the review (or after), if limited in time, focus on fewer areas, but ensure depth.

Cover

"Most deals are bad deals"

Learn to say no to FOMO! Most bounties are marketing scams, most contests aren't worth the time and effort. Crypto has plenty of bad, greedy, scammy actors, and crypto-security is not an exception to this.

Expect and adapt!

Cover

"Motivation is hard, learn yourself"

Expect the first few days on a new codebase to be confused and struggle. Choose easier tasks to break the motivation barrier. Escalations and bounty negotiations are distracting and soul-draining, aim to have fewer by choosing better bounties, platforms, and projects.