Art Of Auditing
  • ๐Ÿ‘‹Preface
  • ๐Ÿง™Sages
    • @lonelysloth_sec
    • @bobface16
    • @zigtur
    • @J4X_Security
    • @0xEV_om
    • @cergyk
    • @akshaysrivastv
    • @kankodu
    • @gjaldon
    • @riproprip
    • @pkqs90
    • @DadeKuma
    • @EgisSec
    • @BowTiedDravee
    • @Draiakoo
    • @windhustler
    • @santipu_
    • @winnie
    • @Guhu95
    • @_blockian
    • @neumoXX
    • @Alex the Entreprenerd
    • @bahurum
    • @__nnez
    • @0xadrii
    • @deliriusz_eth
    • @el_hajin
    • @rootedrescue
    • @merkle_bonsai
    • @n4nika_
    • @Trungore
    • @m4rio_eth
    • @iamdirky
    • @Czar102
    • @csanuragjain
    • @0xFrankCastle
    • @Al_Qa_qa
    • @Haxatron1
    • @0xMinhT
    • @0xT1MOH
    • @Said
    • @0xSorryNotSorry
    • @NonseOdion
    • @0xArzzz
    • @abarbatei
    • @tpiliposian
    • @0xjuaan
    • @MrPotatoMagic
    • @krikoeth
    • @zzykxx
    • @bauchibred
    • @00xSEV
    • @0xCiphky
    • @peak_bolt
    • @pks_
    • @Stalin_eth
    • @0xb0g0
  • ๐ŸงฑTHE WALL
    • ๐Ÿ“–WALL OF WISDOM
Powered by GitBook
  1. Sages

@kankodu

Previous@akshaysrivastvNext@gjaldon

Last updated 4 months ago

Whitehat ranked #18 | SR

Words of Wisdom

๐Ÿง™
@kankodu
@immunefi
SpearbitDAO
Page cover image
Cover

"The Programming Language is Not a Blocker"

Understanding the application logic and being able to read a bit of the specific programming language is sufficient for finding bugs;

Expertise in that language is not mandatory.

You donโ€™t need to stick exclusively to Solidity to hunt for bugs.

Although I lack expertise outside of Solidity, I've successfully reported bugs in Vyper, Rust, Cairo, Move, and other languages.

Cover

"Consider the Dilution Effect When Describing Bug Impact"

When evaluating the impact of a bug, keep the Dilution Effect in mind.

Suppose you identify two possible impacts of an exploit: one with high impact and the other with low.

As a bounty hunter, you may feel inclined to mention both, but this can backfire.

The weaker impact can dilute the stronger one, as people tend to average the effects rather than summing them up. You're better off emphasizing the higher impact alone. Source:

The Counterintuitive Way to Be More Persuasive by Niro Sivanathan (TED Talk)