# @Stalin\_eth

### <picture><source srcset="/files/yHQJGsnTKXGol7dGBFIz" media="(prefers-color-scheme: dark)"><img src="/files/iTZa4ulJWBKYtwk4Thdr" alt="" data-size="line"></picture> [@Stalin\_eth](https://x.com/Stalin_eth)

### Helped over 40 protocols to prevent deploying to mainnet 100+ H/M vulnerabilities&#x20;

<div align="left"><figure><img src="/files/HQ2x3Onxa2YfbTEjkqUg" alt="" width="100"><figcaption></figcaption></figure></div>

## Words of Wisdom

***

<table data-card-size="large" data-view="cards" data-full-width="false"><thead><tr><th align="center"></th><th></th><th data-hidden data-card-cover data-type="files"></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td align="center"><h3>"How to tackle a codebase?<strong>"</strong></h3></td><td><ul><li>Explore the entire codebase before diving into the details of each contract.</li><li>Once exploring in-depth the codebase, leave no path unexplored. Explore every path that comes to your mind, and think of sequences that could cause the state of the contracts to fall into an unexpected state.</li></ul></td><td><a href="/files/gIxUcxUyUuUwzbJFmp9Z">/files/gIxUcxUyUuUwzbJFmp9Z</a></td><td></td></tr><tr><td align="center"><h3>"Leverage the test suite"</h3></td><td>Leverage the test suite to explore edge cases not considered on the tests.</td><td><a href="/files/GVrORnCb3zeJojRcdslx">/files/GVrORnCb3zeJojRcdslx</a></td><td></td></tr><tr><td align="center"><h3>"Document everything, even your thoughts<strong>"</strong></h3></td><td><p>Take notes about everything, from how a tricky function works, to all the attack vectors I’ve already thought about while exploring the contracts.</p><p></p><p>Write all the doubts and ideas of potential attack vectors/bugs and always return to them once you’ve understood every detail of the codebase.</p><p></p><p>Save all the articles (EIPs, deep downs of X protocol) you consulted for future reference.</p></td><td><a href="/files/3aksLf83uVhuvtJyGSTj">/files/3aksLf83uVhuvtJyGSTj</a></td><td></td></tr><tr><td align="center"><h3>"Attacker’s mindset first<strong>"</strong></h3></td><td>While auditing, focus your attention on exploring paths that would allow an attacker to steal assets from the contracts. More often than not you’ll get false positives/dead-ends, but, in the process of exploring these paths you’ll end up understanding the codebase from top to bottom and the non-critical bugs will pop up right in front of you.</td><td><a href="/files/IBOSGmPKcZ74Z1gnOIKK">/files/IBOSGmPKcZ74Z1gnOIKK</a></td><td></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://web3-sec.gitbook.io/art-of-auditing/audit-sages/stalin_eth.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.