Art Of Auditing
  • đź‘‹Preface
  • 🧙Sages
    • @lonelysloth_sec
    • @bobface16
    • @zigtur
    • @J4X_Security
    • @0xEV_om
    • @cergyk
    • @akshaysrivastv
    • @kankodu
    • @gjaldon
    • @riproprip
    • @pkqs90
    • @DadeKuma
    • @EgisSec
    • @BowTiedDravee
    • @Draiakoo
    • @windhustler
    • @santipu_
    • @winnie
    • @Guhu95
    • @_blockian
    • @neumoXX
    • @Alex the Entreprenerd
    • @bahurum
    • @__nnez
    • @0xadrii
    • @deliriusz_eth
    • @el_hajin
    • @rootedrescue
    • @merkle_bonsai
    • @n4nika_
    • @Trungore
    • @m4rio_eth
    • @iamdirky
    • @Czar102
    • @csanuragjain
    • @0xFrankCastle
    • @Al_Qa_qa
    • @Haxatron1
    • @0xMinhT
    • @0xT1MOH
    • @Said
    • @0xSorryNotSorry
    • @NonseOdion
    • @0xArzzz
    • @abarbatei
    • @tpiliposian
    • @0xjuaan
    • @MrPotatoMagic
    • @krikoeth
    • @zzykxx
    • @bauchibred
    • @00xSEV
    • @0xCiphky
    • @peak_bolt
    • @pks_
    • @Stalin_eth
    • @0xb0g0
  • 🧱THE WALL
    • đź“–WALL OF WISDOM
Powered by GitBook
  1. Sages

@merkle_bonsai

Previous@rootedrescueNext@n4nika_

Last updated 4 months ago

Words of Wisdom

🧙
@merkle_bonsai
Page cover image
Cover

"web3 is a world of white box testing"

This changes a lot - not only about the approach to searching things, but also about what can be considered a vulnerability. For HTTP API you will need to prove that you can access admin dashboard. In web3, you need to explicitly show what you can do when you are this admin - because if worst thing you can do is start a proposal without paying fees, it will not be a high impact bug. White box gives observability, and simulation gives ability to prove things - and this means that meaning of “bug” changes from “something risky” to “something really harmful”

Cover

"Stop following the known path"

There is a certain moment when you should stop following the known path.

“Hacking” is about thinking differently, looking from different perspective - at least not thinking like the developer of this contract, at most thinking not like anyone else at all.

This does not mean you should not study findings of others or read new things - but you should grow your own unique approach.

Try different ideas, mix them, combine, experiment with new things. Only way to find something everyone else didn’t notice is look at it like no one else did before

Cover

"Do not limit yourself"

Do not limit yourself with severity or specific area.

Sometimes it is easier to find a crit than low.

Just don’t limit yourself