@NonseOdion

Words of Wisdom

"You can earn big payouts from contests by simply doing manual analysis."

You don't need to set up tools to run complex tests during a contest as there's barely any time for that. Taking your time to manually review the code is enough.

"Mitigations are a good place to start looking for bugs."

A mitigation can fix a bug, partially fix a bug, not fix a bug or expose another vulnerability in the code. It can also do a combination of these. You can always check if a mitigation does any of these.

I've seen a mitigation to a problem I reported partially fix a problem and allow me still exploit the vulnerability.

"Leverage previous reports"

Reading former audit report also gives you deeper insight about the protocol, allowing you to reason about the code in multiple ways to find bugs somewhat related to the old finding.

"Understand the code deeply before actively searching for bugs"

This might not always be possible, but try to understand the code deeply before trying to exploit it for bugs. In the process of understanding the protocol, you may find bugs, you can filter out genuine findings, and you can transfer your new-found knowledge to other competitions.

"Always review all the valid findings in a competition you participated in"

Reviewing the findings will allow you know how and why you missed these findings during the competitions. This will equip you with the needed knowledge and mindset to ensure you don't miss similar bugs in the future.

Previous@0xSorryNotSorry Next@0xArzzz

Last updated 6 months ago