# @pks\_

### <picture><source srcset="https://67142634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVDeQxk13w6LLaqk8VRNs%2Fuploads%2FoexTy0YLirZNUEtBi9hl%2Fimage.png?alt=media&#x26;token=37136669-4ffa-4e5c-8b1b-37ce3a42855c" media="(prefers-color-scheme: dark)"><img src="https://67142634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVDeQxk13w6LLaqk8VRNs%2Fuploads%2F6UuX7506T6D6jWfc9mI0%2Fimage.png?alt=media&#x26;token=07518bf0-fb67-4824-afc5-d83972c322ac" alt="" data-size="line"></picture>[@pks\_](https://x.com/pks_eth)

<div align="left"><figure><img src="https://67142634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVDeQxk13w6LLaqk8VRNs%2Fuploads%2Fb1NsYHc8HBDDTM0UiqQl%2Fimage.png?alt=media&#x26;token=add07d88-fd87-490c-a05f-f40f42b09a27" alt="" width="100"><figcaption></figcaption></figure></div>

## Words of Wisdom

***

<table data-card-size="large" data-view="cards" data-full-width="false"><thead><tr><th align="center"></th><th></th><th data-hidden data-card-cover data-type="files"></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td align="center"><h3>"Thoroughly review related third-party codebases first<strong>"</strong></h3></td><td><p></p><p>When auditing an unfamiliar codebase, it's essential to thoroughly review related third-party codebases first. For instance, when auditing a new chain based on Cosmos SDK and Geth, you should:</p><ul><li>Study key APIs like Cosmos SDK's PrepareProposal/ProcessProposal/FinalizeBlock/ExtendVote/VerifyVoteExtension functions.</li><li>Understand Geth's block generation/verification/processing steps.</li><li>Research known vulnerabilities discovered by other security experts.</li><li></li></ul><p>This approach helps you understand both the complete code flow and potential security risks, providing valuable insights for your audit</p></td><td><a href="https://67142634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVDeQxk13w6LLaqk8VRNs%2Fuploads%2FBBYe9agZ6JGsSwSH4nnc%2Fimage.png?alt=media&#x26;token=73104116-b3e2-4991-97e2-c4ad31c367e8">image.png</a></td><td></td></tr><tr><td align="center"><h3>"When identifying a potential vulnerability:<strong>"</strong></h3></td><td><p></p><ul><li>Thoroughly review the attack path firstly.</li><li>Take a break, then review it again with fresh eyes.</li><li>If the vulnerability still holds after double review, develop a Proof of Concept (PoC).</li></ul><p></p><p>Remember that ideas often rely on assumptions that may be incorrect, especially in complex codebases. Following this systematic approach helps build experience and reduces errors in future audits.</p></td><td><a href="https://67142634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVDeQxk13w6LLaqk8VRNs%2Fuploads%2Ft6dCiKeQgNJLUil8gANs%2Fimage.png?alt=media&#x26;token=75248950-f93b-444b-9cac-96459703eec7">image.png</a></td><td></td></tr></tbody></table>