As far as I understand, you don't just index the errors you find in the reports on Joplin. You also try to understand and learn from mistakes. Joplin actually becomes a checklist for your own audits.
Combine QA/Gas findings into a single report, submit medium and highs individually. There is no set guideline, refer to the previous reports for how other people are formatting it
Hi, sorry for bothering you again, In Contest, under the Attack Surface section they list down a no. Of possible hacks for a .Sol file, Is that means when auditor try to auditing that perticular .Sol file he have to take extra concern about those bugs.
Hi Andy, I'm bigginer to SmartContract Auditing, i have previous experience as a contract developer but not that much, When i try to audit contract especially which are very large where many Sol file interacts with each other, I got more confused, at a point all my energy drain out. At this point of time i only able to find gas optimization and some low level, some or all popular findings that mentioned on secureum, I want to learn how to find vulnerabilities related core functionality of contract, like high and medium findings listed on reports on Codearena, Can you guide me, what should my approch to find those high and medium when i got a large contract ?? Thank you .
I know what code base you are talking about😂 I would recommend some visualization tools to help understand the project. A lot of experienced auditors talk about reading the base contract first then the derived contracts that inherit from it. Sol2uml helps with that: github.com/naddison36/sol2uml Another tool you can use to understand call flows is: github.com/ConsenSys/surya
Hi Andy. Are you still doing traditional penetration testing as your day job? Or have you transitioned towards Web3? Like you’ve mentioned in your previous videos, Web3 security is becoming (just as) saturated as traditional pentesting. I’ve been avoiding Web3 because I’m worried it’s just an industry phase… but now I’m not too sure. What are your thoughts? Perhaps a video on this would be great. Love your videos, thanks very much! :)
Yeah I am still working as a traditional pentester, honestly I am thinking about transitioning though. It is getting saturated in terms of getting a quick buck from these bounties, but long-term it is still going to pay massive dividends. I also used to think web3 it was a fad too due to the scammy nature of the space, but realized there are legit work being done as well.
Great video, your video helped me a lot on my web3 learning journey
Excellent
Thank you. This is what I need. 🙏
You’re welcome 😊
As far as I understand, you don't just index the errors you find in the reports on Joplin. You also try to understand and learn from mistakes. Joplin actually becomes a checklist for your own audits.
Yep that is a good description
Thank brother for your sharing
Welcome
Thank you, that was great and quick advice:)
Glad it was helpful!
Thanks for your video 👍
👍
informative !
cheers!
Thanks! It helped a lot
Awesome!
I recently joined code arena, what is the proper way to right the bugs and submit them.
Combine QA/Gas findings into a single report, submit medium and highs individually. There is no set guideline, refer to the previous reports for how other people are formatting it
Thanks, very helpful
No worries!
Can you repost your Anki Study video? I found that video very helpful when it came to earning my A+.
Hi, sorry for bothering you again,
In Contest, under the Attack Surface section they list down a no. Of possible hacks for a .Sol file,
Is that means when auditor try to auditing that perticular .Sol file he have to take extra concern about those bugs.
Yes, correct
What is the salary range in Perth for a person who has OSWE and has 1.5 years working experience in a company. Asking u coz u work there
I think 100-110k
Next video how do you choose which vulnerability should look for in the project Code
Be focused when studying, but when bug hunting I look for everything 😁
Hi Andy, I'm bigginer to SmartContract Auditing, i have previous experience as a contract developer but not that much,
When i try to audit contract especially which are very large where many Sol file interacts with each other, I got more confused, at a point all my energy drain out.
At this point of time i only able to find gas optimization and some low level, some or all popular findings that mentioned on secureum,
I want to learn how to find vulnerabilities related core functionality of contract, like high and medium findings listed on reports on Codearena,
Can you guide me, what should my approch to find those high and medium when i got a large contract ??
Thank you .
I know what code base you are talking about😂
I would recommend some visualization tools to help understand the project. A lot of experienced auditors talk about reading the base contract first then the derived contracts that inherit from it. Sol2uml helps with that: github.com/naddison36/sol2uml
Another tool you can use to understand call flows is: github.com/ConsenSys/surya
Thanks for reply
Do you have a course on your channel that is on smart contract auditing that would make one get a job from a web3 dev to smart contract auditor
I made a beginner road map video where I basically shared all the resources I used
What is the meaning of context in Scops and their corresponding percentage for .Sol file in CodeArena contents
Test coverage
Will you please make a video on ZIION VM its tools, use, and all other cool stuff as a security testing perspective
I have not tried ZIION VM yet, will check it out
I'll be happy if it just comes with solc-select pre installed
@@andyli yea it's included XD
love it
What do you think about Paradigm CTF? a video will be good.
Paradigm CTF is great, will look into making a video of it
@@andyli I guess we can still enter and see the challenges. it would be really great
Hi Andy. Are you still doing traditional penetration testing as your day job? Or have you transitioned towards Web3?
Like you’ve mentioned in your previous videos, Web3 security is becoming (just as) saturated as traditional pentesting. I’ve been avoiding Web3 because I’m worried it’s just an industry phase… but now I’m not too sure.
What are your thoughts? Perhaps a video on this would be great.
Love your videos, thanks very much! :)
Yeah I am still working as a traditional pentester, honestly I am thinking about transitioning though.
It is getting saturated in terms of getting a quick buck from these bounties, but long-term it is still going to pay massive dividends.
I also used to think web3 it was a fad too due to the scammy nature of the space, but realized there are legit work being done as well.