@pks_

Words of Wisdom

When auditing an unfamiliar codebase, it's essential to thoroughly review related third-party codebases first. For instance, when auditing a new chain based on Cosmos SDK and Geth, you should:

Study key APIs like Cosmos SDK's PrepareProposal/ProcessProposal/FinalizeBlock/ExtendVote/VerifyVoteExtension functions.
Understand Geth's block generation/verification/processing steps.
Research known vulnerabilities discovered by other security experts.

"When identifying a potential vulnerability:"

Thoroughly review the attack path firstly.
Take a break, then review it again with fresh eyes.
If the vulnerability still holds after double review, develop a Proof of Concept (PoC).

Remember that ideas often rely on assumptions that may be incorrect, especially in complex codebases. Following this systematic approach helps build experience and reduces errors in future audits.

Previous@peak_bolt Next@Stalin_eth

Last updated 2 months ago

@pks_

Words of Wisdom

"Thoroughly review related third-party codebases first"

"When identifying a potential vulnerability:"

@pks_

Words of Wisdom

"Thoroughly review related third-party codebases first"

"When identifying a potential vulnerability:"