@Stalin_eth
Helped over 40 protocols to prevent deploying to mainnet 100+ H/M vulnerabilities
Words of Wisdom
Explore the entire codebase before diving into the details of each contract.
Once exploring in-depth the codebase, leave no path unexplored. Explore every path that comes to your mind, and think of sequences that could cause the state of the contracts to fall into an unexpected state.
Take notes about everything, from how a tricky function works, to all the attack vectors I’ve already thought about while exploring the contracts.
Write all the doubts and ideas of potential attack vectors/bugs and always return to them once you’ve understood every detail of the codebase.
Save all the articles (EIPs, deep downs of X protocol) you consulted for future reference.
While auditing, focus your attention on exploring paths that would allow an attacker to steal assets from the contracts. More often than not you’ll get false positives/dead-ends, but, in the process of exploring these paths you’ll end up understanding the codebase from top to bottom and the non-critical bugs will pop up right in front of you.
Last updated