First Month as a Smart Contract Auditor
HTML-код
- Опубликовано: 1 окт 2024
- What is it like working as a smart contract auditor at an audit firm. What the job is actually like, what I do day to day, pros and cons vs an independent researcher and future goals.
Awesome video Andy, keep it up
Cheers Patrick! Thanks for your Solidity tutorials for on-boarding me :D
@@andyli 🔥🔥🔥🔥
@@andyli Which one you mean? This (16 hrs) one ruclips.net/video/M576WGiDBdQ/видео.html - OR- This (32 hrs) one ruclips.net/video/gyMwXuJrbJQ/видео.html ?
32hr
@@andyli thanks
for anyone who are struggling growing into the field, invest much time in leaning the fundamentals and go through all the bootcamps and free classes out there Just dont lose hope! and never give up~. moreover thanks for awesome people like Andy, Patrick and everyone outthere helping the people in the community, waiting for my turn to give back to the community too i will not stop learning, again Thanks for the motivation and resources Andy
Yep, the learning curve in the beginning is quite steep but it gets easier over time
@@andyli exactly!
You're a great motivator, man!
Wish you all the best!
Thanks, you too!
Andy your awesome and keep up the good work
Thanks! Will do!
I laughed when you piled on those rekt leaderboard stats haha
😂
I am so proud of you
cheers!
Hi, Andy. Great content and thanks for your thoughts on web3 sec. What are the typical questions for someone applying for a junior smart contract auditor on a job interview? Would love to hear you opinion on that one❤
what course do you learn before you became a auditor?
Hello Andy, thanks for the great content!
Just want to know how long it took for you to land a job in the industry.
Wish you all the best!
Web3 security is Goldmine for researchers
💯
Hopefully, someday I will secure a job geek as well
👍
I'm finally learning to code smart contracts now. Good info to keep in mind as I get through the auditing part.
Nice
Hey so I am looking to break into cyber security in 2023, and was pretty convinced that the standard cert road was the way to go. I've passed the Sec+ but after seeing you latest videos I am a bit conflicted as t whether I should go after the OSCP or focus solely on Web3.
OSCP seems like the safe and well tread path but like you've said getting in early on web3 sec could be a gamechanger, especially if it really blows up! I watched your conversation with Tyrese and Amaechi but I am still a bit confused, would you be able give me like 3 or 4 bullet points you would consider as the essential steps to getting a job at an auditor firm?
Yeah you're right, OSCP is still good to get into cyber security. It depends on where your interests lie. Nothing wrong with getting into cyber security first then deciding what to specialise in, because I would consider web3 a niche of cyber security.
Check out the video I made on "Beginner Roadmap", it covers all the steps I took
@@andyli Oh thanks so much for responding! I will absolutely do that!
Iam Really happy for you, man.
I recently got a job offer for a test automation engineer and another offer as devops. Should i take the first offer to be more prepared for a web3 security transition. Or QA is irrelevant to web3 security. Because if that is the case i will take the devops one it pays 1.5x the test automation offer
It is hard to say just from the job titles, since the actual job might be very different from the job description. QA is not irrelevant because we write a lot of tests and PoCs during audits.
Hey Andy, thanks a lot for the update! Did you have to set up a company to be paid like a contractor or something? I know this will vary from country to country, but how do remote workers handle taxes with their local government?
No need, the company is actually based in Australia
@@andyli Oh, that's nice. Thanks!
Hey Andy, I am sydney based and just starting my journey into this field. Would love to connect professionally with you! Great video man and I love your channel, hoping to hear back from you!
Hi Andy, great content! When you get paid from your company do you have to set up your own company and do all the taxes yourself? or do you do it through a platform like deel?
I don't need to setup own company, we just get paid like a normal employee with taxes taken out before getting paid
For Code4rena, would you typically submit PoCs with your medium and high severity findings?
Andy I love your honest upfront style. Am I too late to get in with zero coding experience?
Thanks for the great content!!
No worries!
Hey you are my motivation boy I joined code4rena hardly 1 month ago and my place is 900 all time and top 200 on 60 days
After more learning like you want to join a audit company it's my goal
BTW thank you Andy for this type of motivation
good stuff, keep it up
hi bro., can you send me telegram reddit or linkedin id., wanted to know your approach
@@niyom8866 see the ABOUT section on my channel
Nice work, good to hear the switch is paying off!
Thanks!
is your job completely remote?
yep
can u make a roadmap on how on with zero tech background can get into this step by step
yeah I made a road map video on the channel, have a look in the code4rena playlist
@@andyli this is the video u talking about right?
ruclips.net/video/-469Gcye-ZE/видео.html&ab_channel=AndyLi
@@theybecameus yep
Where can I learn smart contract auditing? And where can I find the bug reports?
Code4rena.com for bug reports, secureum for a free resource to learn
Wow! Any suggestions where to start?? I used to work as auditor in financial firm
Yeah learn from here: github.com/x676f64/secureum-mind_map
I also made a beginner roadmap video last year
will ai replace smart contract auditor in the coming years, the trend seems obvious
I see ai being able in aid in auditing, not replace
Sir how to get started in this field. Any books or resources will be welcome
see the roadmap video
Do we need to write some soliditiy code to exploit the vulnerability? OR to Submit the Vulnerability does we need to write some code to tell them how this could be malicious?
Yes need to write code to show the vulnerability
Hello ANDY, is learning sc testing is worth it(learning javascript)?? you just mentioned about writing uint test scripts.
Mainly you need to learn Solidity
Andy do you use any tools while auditing? Like these ones like hardhat, foundry, slither..
Yep, both slither and foundry
New member here. Loved your content a lot. It's my honor to be a part of the community
cheers!
Sir can you describe the fully roadmap of the Smart contract Auditor? Thanks
I made a roadmap video last year
@@andyli and what's the duration sir?
Nice Content Andy
Just getting my ass into SC auditing now. Learning Solidity atm although I have no prior programming experience though but I have been in web3 for a while and recently decided to pivot to SC auditing. Any recommendations for me?
yep, after learning solidity go through this github.com/x676f64/secureum-mind_map
@@andyli Secureum, yeah sure. Will definitely go through it too. Thank you 🙏🏽
I want to be auditing intern, any recommendations?
Join Secureum and yAcademy. Also reach out to auditing firms to see if there are any internships
Are mentioned salary numbers represent salary before or after tax?
Before tax
Where to look for or what options do you have if you want a rust smart contract audit but can not spend more than 15k?
Your best bet would be an independent auditor
Any recommendations?
@@medvisstre dm me on twitter with some details, I might be able to connect you with one of my contacts
do you get paid in USD or any stable coin?
I think there is the option to be paid in crypto but I get mine in my local currency
I started doing C4 around 3 months ago and I have found quite a lot of bugs so far. Also some unique ones. Do you think it is possible for me to get an auditor job? I am currently enrolled in university so no degree yet. I'd like to have a job not for the money primarily but to get some professional experience and learn from others. Would be really happy if you can answer :)
Some places have internships you can apply for. You can also join secureum or yAcademy to audit with high level people.
Thanks! I assume there are also internships that are remote?
@@drugstorecowboy7569 yeah all remote
gm
Gm
Dope video. Do you plan on introducing a Smart Contract Audit Course in the future ?
Thanks. Not in the near future, I usually just point people towards learning resources made by other people.
Hey Andy, how many hours do you work per day as a auditor (only in audit company)?
Normal hours 38hrs a week