Art Of Auditing
  • 👋Preface
  • 🧙Sages
    • @lonelysloth_sec
    • @bobface16
    • @zigtur
    • @J4X_Security
    • @0xEV_om
    • @cergyk
    • @akshaysrivastv
    • @kankodu
    • @gjaldon
    • @riproprip
    • @pkqs90
    • @DadeKuma
    • @EgisSec
    • @BowTiedDravee
    • @Draiakoo
    • @windhustler
    • @santipu_
    • @winnie
    • @Guhu95
    • @_blockian
    • @neumoXX
    • @Alex the Entreprenerd
    • @bahurum
    • @__nnez
    • @0xadrii
    • @deliriusz_eth
    • @el_hajin
    • @rootedrescue
    • @merkle_bonsai
    • @n4nika_
    • @Trungore
    • @m4rio_eth
    • @iamdirky
    • @Czar102
    • @csanuragjain
    • @0xFrankCastle
    • @Al_Qa_qa
    • @Haxatron1
    • @0xMinhT
    • @0xT1MOH
    • @Said
    • @0xSorryNotSorry
    • @NonseOdion
    • @0xArzzz
    • @abarbatei
    • @tpiliposian
    • @0xjuaan
    • @MrPotatoMagic
    • @krikoeth
    • @zzykxx
    • @bauchibred
    • @00xSEV
    • @0xCiphky
    • @peak_bolt
    • @pks_
    • @Stalin_eth
    • @0xb0g0
  • 🧱THE WALL
    • 📖WALL OF WISDOM
Powered by GitBook
  1. Sages

@peak_bolt

Previous@0xCiphkyNext@pks_

Last updated 5 months ago

Words of Wisdom

🧙
@peak_bolt
Page cover image
Cover

"Speed is crucial in the initial audit phase"

Build a mental model of the code base quickly by speed-reading the contracts and avoid deep-diving at this point.

You can note down the low hanging bugs and put TODO tags for complex logic to review at the subsequent passes.

Cover

"Maintain the momentum"

Maintain momentum and save time by working on the easy tasks first and not be slowed down by the complex issues that require deep thoughts.

At the same time, you will gain confidence on the code base and not be overwhelmed by the details.

Cover

"Spend bulk of the time on reasoning complex attack vectors"

Allocate as much time as possible to review the complex logic (math, multi-contracts interactions, novel design, etc). You need creativity, knowledge and a good mental model to find the most complex bugs. These are the ones that are not obvious and typically involves multiple step or specific edge case to exploit. With the saved time from the initial phase, you increase your odds of spotting the more complicated issues.