@@andyli Haha, no worries! I’ve learned so much from your videos, and especially this one. Just wanted to send something your way as appreciation. Thanks for doing these!
Thank you so much for this video Andy ! This helps beginners tremendously! Can you make another video explaining high and medium severity findings from other beginner friendly audit report? Much appreciated 💪
Thanks Andy - been going thru a few of your videos and they’re super interesting. I’m in I.T. So I’m pretty technical and I know blockchain, DeFi, CeFi, etc but I’m not a developer/coder. More product/project mgmt. how did you learn Solidity coding so fast? Thx - Thomas
About the 9:55 finding, honestly I wouldn't even classify it as a finding, maybe a low severity. There is no need to sanitize every parts of the smart contract from bad manipulation, if people didn't read it well nor understood it and tried to interact with it in an exotic way, it's their responsibility.
These edge case/user stupidity type of issues seem to be marked as Medium quite often. Another edge case example here: code4rena.com/reports/2022-04-jpegd/#m-05-rewards-will-be-locked-if-user-transfer-directly-to-pool-without-using-deposit-function-
@@andyli This one is interesting because it affects other users funds. In the case of the finding in your video, it's about somebody trying to send both an ERC20 with ETH in the same tx. Nobody would do that and it's kinda ridiculous
Hey... Bro... M a Blockchain Smart Contract developer... But never done this Auditing part.... Although m new to web3... I have just 6-8 month of experience... Can you make a Roadmap video for Biggners?
Really great content! Wondering if you go through the codebase first before you read the report? I tried to read the code first before reading the report but soon got burnt out. Some codebases are huge and hard to read.
just read the report reading code takes a long time, if you want to read code, then just participate in a real audit contest and you can find out results when the report is released
@@andyli Thank you for the quick reply. I will try only read the report for now. Btw I'm going through all your videos. They are all great!! Nice work!
Hey. So I got a question ? I recently got interested on Bug Bounty Hunting. And I am thinking on what to choose. Either Web2 or Web3 (Smart Contract Hacking). What do you prefer and suggest to me if you were a beginner and you are starting over. Because you got some cyber security certifications and you have experience in the field. Do you think web3 is the future and focusing on pentesting is not needed. What will you suggest me as a beginner ?
Hi, I have a question, I am beginner in this. How to find fixed lines, corrected/missing lines, how they look like? All I can see on these reports is description of solution, but there is no code line. How can I find corrected contracts/lines/..? Is there any way I can find corrected contracts by the name of warden?
@@andyli Very often, by reading report I understand the they want to say, but if I would need to write that as a code, there is good chance that I would make a mistake. Thank you for answer. And one thing, is there any way I can find how some other wardens solved some findings, or we are limited only on what code4rena site shows?
@@andyliThanks sir but what kind of code I am supposed to write in poc, the company smart contract code in which vulnerability is found or my own calling smart contract code.
Andy what do think future of web3 will it be like web2 which is actually hard to find one bug becouse of full of compititors ? Olso do u use softwares to find bugs or u do it manually like reading throughout the code?
Really useful video Andy! Please add more of these!
The video is going out at the perfect time, thanks Andy !
cheers!
Great video as always, thanks andy!
No worries!
Thanks for sharing your journey! Can't wait for the upcoming videos!
Thanks for watching!
Hey Andy , thanks for sharing .
No prob!
Perfect, thanks 😀
👍
Awesome !! thanks Andy :) need more of this :D
will do!
Thanks!
You're welcome!
lol just noticed that was a "Super Thanks". Cheers man! The first I have received on this channel :)
@@andyli Haha, no worries! I’ve learned so much from your videos, and especially this one. Just wanted to send something your way as appreciation. Thanks for doing these!
@@jerod2519 glad you found the videos useful!
Thank you so much for this video Andy ! This helps beginners tremendously! Can you make another video explaining high and medium severity findings from other beginner friendly audit report? Much appreciated 💪
Yeah I can do more videos like this if people find it useful
@@andyli Its indeed helpful.. loving the channel
Thanks bro
👍
Very helpful
cheers
good job bro :)
Thanks :)
:)
Thanks Andy - been going thru a few of your videos and they’re super interesting. I’m in I.T. So I’m pretty technical and I know blockchain, DeFi, CeFi, etc but I’m not a developer/coder. More product/project mgmt. how did you learn Solidity coding so fast? Thx - Thomas
I already knew how to code before this so it was not too hard of a transition. Auditing is mostly reading code.
About the 9:55 finding, honestly I wouldn't even classify it as a finding, maybe a low severity.
There is no need to sanitize every parts of the smart contract from bad manipulation, if people didn't read it well nor understood it and tried to interact with it in an exotic way, it's their responsibility.
These edge case/user stupidity type of issues seem to be marked as Medium quite often.
Another edge case example here:
code4rena.com/reports/2022-04-jpegd/#m-05-rewards-will-be-locked-if-user-transfer-directly-to-pool-without-using-deposit-function-
@@andyli This one is interesting because it affects other users funds.
In the case of the finding in your video, it's about somebody trying to send both an ERC20 with ETH in the same tx. Nobody would do that and it's kinda ridiculous
Hey... Bro... M a Blockchain Smart Contract developer... But never done this Auditing part.... Although m new to web3... I have just 6-8 month of experience...
Can you make a Roadmap video for Biggners?
Yea man I made a beginner road map video already, check the channel
@@andyli yeah just saw that
.. it's awesome... Thanks dude... ❤️
Really great content! Wondering if you go through the codebase first before you read the report? I tried to read the code first before reading the report but soon got burnt out. Some codebases are huge and hard to read.
just read the report
reading code takes a long time, if you want to read code, then just participate in a real audit contest and you can find out results when the report is released
@@andyli Thank you for the quick reply. I will try only read the report for now. Btw I'm going through all your videos. They are all great!! Nice work!
Thank you @@andyli for this answer. This question was circling around in my head from last few days
👍👍
👍
Hi how and where I need to start to become smart auditor
i made a beginner road map video
Hey. So I got a question ? I recently got interested on Bug Bounty Hunting. And I am thinking on what to choose. Either Web2 or Web3 (Smart Contract Hacking). What do you prefer and suggest to me if you were a beginner and you are starting over. Because you got some cyber security certifications and you have experience in the field. Do you think web3 is the future and focusing on pentesting is not needed. What will you suggest me as a beginner ?
Traditional pentesting will always be needed, it just depends on where your interests lie. Try a bit of both and see which you like better
Hi, I have a question, I am beginner in this. How to find fixed lines, corrected/missing lines, how they look like?
All I can see on these reports is description of solution, but there is no code line. How can I find corrected contracts/lines/..?
Is there any way I can find corrected contracts by the name of warden?
There won't always be a fix as part of the report.
@@andyli Very often, by reading report I understand the they want to say, but if I would need to write that as a code, there is good chance that I would make a mistake.
Thank you for answer. And one thing, is there any way I can find how some other wardens solved some findings, or we are limited only on what code4rena site shows?
@@serousetrick you can click into the finding and browse the github repo, you will see all the submissions from other wardens as well
Hey Andy thanks for the video, how to check code before/after implementation?
Sometimes there is a link to the pull request in the findings repo
Sir kindly guide us about POC, what is it? And how to do it on immunefi bug report? Please.
Proof of concept, you need to write code to demonstrate the bug
@@andyliThanks sir but what kind of code I am supposed to write in poc, the company smart contract code in which vulnerability is found or my own calling smart contract code.
@@muhammadhaashir7489 depends on the vulnerability, sometimes you don't need an exploit contract
@@andyli Thank you very much sir for clearing my confusion. From where can I get previous bug reports of immunefi?
immunefi.medium.com
Andy what do think future of web3 will it be like web2 which is actually hard to find one bug becouse of full of compititors ?
Olso do u use softwares to find bugs or u do it manually like reading throughout the code?
Only manual reading through the code
@@andyli what do you think the future of web3 does it be saturated like old web2 which is hard to find bugs
I think it will take some time before it gets saturated
How to find the past "slippage issue" ? Is this a manual method?
Yeah I manually went through the reports
@@andyli You are a hard worker. I noticed behind the smart result, there is always a lot of effort that no one appreciates.
Thanks!
Hi, thanks for your video. Do you have twitter?
Yeah, I have other social links on the channel page