When I first dove into solo audits, I was a hot mess. But then, I made a guide I swear by. Here's the 3-step plan that's nabbed a critical bug in my last 5 audits. 🧵👇

Step 1: I only tackle X nSLOC a day. Some folks scan the whole system first, but I flip that script. I take it slow, focusing on a section daily, like a group of contracts or even a single contract if its big enough.

By doing this, here's what's gonna happen: • You'll dive deep into that chunk of codebase • No more feeling swamped by endless contracts you just scanned • No more bouncing around without really getting the gist of things

Step 2: I don't touch the docs until I've got the codebase down. After Step 1, the next hurdle's likely here. Rather than hitting the docs before the audit, I say do it after you've grasped the codebase. Why, you ask?

Docs need the same "audit" level focus. Doing both at once? You're gonna half-ass both. Instead, review the code line by line, then show the same care to the docs. After, compare to spot any differences.

@bytes032 Curious approach. I read the docs first until I understand how the system works. Then I read the code, and in my head I try to match what I've read in the docs with the code.