0xleastwood: Spearbit Lead Security Researcher talks Web3 Security and Smart Contract Auditing
HTML-код
- Опубликовано: 4 июл 2024
- Liam Eastwood, Lead Security Researcher at Spearbit and Judge on Code4rena, sits down for an interview to discuss his rapid rise from a student to a top security researcher in just two years. He shares his experiences and provides insights on how to progress from an intermediate to an advanced level in the field of web3 security and smart contract auditing.
Links:
/ 0xleastwood
leastwood.xyz
OUTLINE:
0:00 Intro
6:08 Auditing on code4rena
11:28 Going from Intermediate Level to Advanced
16:20 Independent Researcher vs Working at a Audit Firm
22:23 Joining Sigma Prime
26:35 Liam's Progression in 2021
30:51 Advice for New Auditors
32:19 ZK & Cairo
37:00 Judging on code4rena
41:14 Lead Security Researcher at Spearbit
48:02 Focused Hours
51:48 Work Flexibility
1:00:06 If you started your career all over again
Andy's content is getting better and better, ⚡👏
🫡
i love your content
Awesome to hear :D
Thanks for your efforts, Andy!
No worries!
Keep doing these, super useful!🔥
Thanks! Will do!
Love the content thanks guys
cheers
Nice dude! Thanks!
No problem!
Super Useful content. And I request you to make a separate video on Roadmap to Web3/Smart Contract Security ( I know you did, but we need the updated one) , I just switched from web2 security to Smart Contract security recently
yeah I have been thinking of doing an updated roadmap
@@andyli Bro do this please, I need it badly. Now I'm in confused stage, just doing Ethernaut Challenges after finishing Solidity from Patrick
Yes please make an updated video on this, and include its pros & cons whether it is its job market, its longevity even with the emergence of insane auditing tools and the inevitable AI integration into the auditing processes.
Very relevant blockchain auditor content!
thanks!
Thanks!
No problem!
another banger🐧🐧
🫡
Banger over banger !
When Cmichel sir ?
🤔
Andy, are there any stories in your videos of how to apply to the Spearbit and what skills one needs to have to apply?
Apply on the Spearbit website. You will need to do a technical assessment and interview
Nice content, as always! Do you have any resources to point out to get into zk auditing?
Jackson posts good zk content sjkelleyjr.medium.com/zk-snark-concepts-explained-like-youre-15-54755f87c6d1
Really loved the video. I have few questions. I am college dropout i was previously in web2 security did few training internship and I am very new to web3 Security but I still like the web2 aspects of social engineering how can I bring these 2 things together and get some leverage in web3 Security and also is getting a degree important for getting jobs or grow in web3.
you could consider the infrastructure security side of web3 which is less developed compared to the app sec side
Do you think AI will replace smart contract auditors' jobs? Can you make a video on this topic, please?
Not right now. In the future I don't know
I reckon the thing that helps with the amount of bugs in web3 vs web2 is that the code is always in staging, fresh and fertile grounds for bugs :) Can you still do SpearBit while working at Sigma?
can't do spearbit
@@andyli Is that standard for audit companies?
@@thinkingonyx847 yep I believe so, Spearbit is equivalent to doing private audits, so there will be a conflict of interest. Bug bounties and audit contests are still ok to do though
SIR Do I need to learn Web3.js and Hardhat and libraries like this to become a Smart Contract Security Auditor or Just I need to learn Solidity ?. I knew solidity
Hope you understand what I am trying to ask
Learn Solidity first, then learn a framework like hardhat etc
Andy, hello, have a question. Can c4rena ban you for a bad report?I am just looking at the contests now and all three of them are private. I know that there are contests that limited to specific participants and have special requirements. But, anyway, I have this kind a paranoia
Not that i am aware of, if you are making an effort in your reports, even if they are judged as invalid you won't get banned. The private contests are for people who ranked high in previous contests.
@@andyli thank you for answer!:)
Idk, but i've seen him somewhere :D
maybe TrustX video?
probably C4 Showdown at Secureum TrustX 2022