Mr Strange

@ParlayItGG send it here ser

BETA STARTING NOW! Reply to be among the first to get access

Discipline is 10x more important than everything else in this sphere! Being consistent and efficient with your time will take you much farther than simply being "smart". So next time when you see someone earn a big bounty/reward ask yourself whether you do as much as them. 🤔

The more context you have on a codebase, the more potential vectors and scenarios pop up in your head.

"The important details you haven’t noticed are invisible to you, and the details you have noticed seem completely obvious... This all makes makes it difficult to imagine how you could be missing something important." Surprisingly relevant for auditors: johnsalvatier.org/blog/2017/real…

Every successful auditor I know believes in themselves Every unsuccessful auditor I know fears assuming that he could know better than the protocol team It's cliché as hell, but mindset matters.

To those seeking roadmaps: In security research, if you can't teach yourself, you're a liability. If you are asking somebody on the internet to spend their time teaching you simple things that you can learn with an easy search... You'll always be considered a liability

prioritizing your mental health is how you achieve long term consistency. startup culture is "hustle no matter what" but if you're not there mentally you'll be incapable of facing the daily struggles to progress. the mind is the determining factor for everything, take care of it.

Critical bugs can be found in 1 or 2 ways: 1. Follow the money flow. 2. Identify potential system-halting DoS attacks. Yet, most people get caught up in pattern matching with Solodit.

Understanding a codebase > pattern matching with @SoloditOfficial

How to determine all the invariants of the function you're examining: ☒ Take into account all possible execution paths. ☒ Consider which state leads to specific paths. ☒ Define nodes for "when state is x". All the statements starting with "it should" are your invariants.

Don't buy into the excuse smart contract security space is saturated and makes it harder to succeed. In fact, having big competitors makes it easier to thrive as a solo auditor. No need to validate, just: - Deliver top-notch reports - Shout from the rooftops about your quality work - Make every audit experience unforgettable for the protocols you work with - Embrace and learn from all feedback you receive Make a difference

Proper time allocation is the best skill a security researcher can possess.

@WangAudit It's the knowledge that gets the good bugs and creativity that gets the unique bugs.

@HollaWaldfee100 Auditing requires you to be extremely creative. And moreover, when you research contract A interactions with others, you may find both problems in incorrect interactions and the contract alone. In other words, it is more efficient especially in contests.

Auditing alpha: Don't get fixated on a single contract A. Ask yourself what issues could arise from the interaction of contract A with contract B? Or even with a contract C that's not directly interfacing with A? You might stumble across a High. Maybe you can squeeze out a decent Medium. The point is to make connections that others won't or can't make.

@0xriptide "Out of scope"

Reporting an RPC spoofing attack to Layerzero would net you a max critical bounty

@elliotarledge what camera are u using ser

timelapse #11 > 80% of c/c++ examples and lecture notes preped > finished cuda setup recordings (windows & linux) > didn't push hard enough today so ill have to make it up tomorrow

@WakeFramework @MOHDDANISH798 @immunefi some one please ban this account

@MOHDDANISH798 @immunefi Brilliant work! If you need any tooling to accelerate your work and your learning, feel free to explore Wake's VS Code extension for safer building and the framework for fuzz testing.

My Motivation @immunefi

@KannAudits @MSTBlockchain Indian chain ? like what ?

We are now partners with @MSTBlockchain 🤝 We’ll use our expertise at KannAudits to help secure projects building on MST and make them safer. 🔐 Let’s go. 🫡

@pranaykargam @CyfrinUpdraft

completed this advanced Foundry course from @CyfrinUpdraft. In this track, I went beyond basics and worked hands-on with Foundry for smart contract development, testing, and security-focused workflows.