@kankodu

Words of Wisdom

Understanding the application logic and being able to read a bit of the specific programming language is sufficient for finding bugs;

Expertise in that language is not mandatory.

You don’t need to stick exclusively to Solidity to hunt for bugs.

Although I lack expertise outside of Solidity, I've successfully reported bugs in Vyper, Rust, Cairo, Move, and other languages.

When evaluating the impact of a bug, keep the Dilution Effect in mind.

Suppose you identify two possible impacts of an exploit: one with high impact and the other with low.

As a bounty hunter, you may feel inclined to mention both, but this can backfire.

The weaker impact can dilute the stronger one, as people tend to average the effects rather than summing them up. You're better off emphasizing the higher impact alone. Source: The Counterintuitive Way to Be More Persuasive by Niro Sivanathan (TED Talk)

Last updated 6 months ago