Ujjwal Thakur

TLDR; How I got into RareSkills and ended up co-authoring a book on formal verification. On June 10, 2024, I got an unexpected call and was laid off due to restructuring. Within minutes, life went from feeling stable to full of uncertainty. I still remember having tears in my eyes while telling my mother about this. From the very first day, I knew the traditional job hunt wasn't going to work for me. I needed to do something different. At the time, the audit space was booming and there was a lot of buzz around formal verification. Out of curiosity, I started learning it using the Certora Prover. Instead of just learning quietly, I began documenting everything I understood. A few months later, I messaged @Jeyffre on Twitter and asked if @RareSkills_io planning to publish formal verification content and whether I could contribute. I was honest. I was still learning, but I loved teaching and was willing to put in the work. That conversation turned into a call, then an opportunity to join RareSkills, and eventually into working on this book.

The term Lutyens Media was coined by @ravish_journo during the UPA years to describe journalists who thought the world of news existed only within the corridors of power in Lutyens Delhi. It was a prehistoric form of Godi Media. The only difference back then was that there was space for those who habitually criticised those in power. And the reason they could do that was because the UPA was a coalition, where there were contradictory interests within the govt. The idea that all journalists spoke truth to power is highly exaggerated. Only a few did.

🏆 Want to win? 👨‍🔬 Prove you can become an expert in a subject... ✅ Be capable of being number 1-5 in a niche ✅ Navigate uncertainty ✅ Go broad, then go deep 🤔 If you want to learn how to build on @ethereum 👉 Lock in with RareSkills:

This whole "stay up to date with AI advances/tools" is a load of engagement-farming nonsense to me (as an AI believer). Thought experiment: you go head-to-head with an experienced lawyer who is semi-decent at using AI himself. You are an AI pro but know nothing about practicing law. Who is going to win in a head-to-head court case? Not you. Thought experiment: you and an experienced contractor are tasked with building the same apartment building. You are an AI pro and the experience contractor is semi-decent at AI. Who will get the house done faster and cheaper? Not you. I think you get the point. The number one driver of success with AI is not "AI Skills" but domain expertise. A lot of software engineers nowadays got into a panic after they experienced coding with Opus 4.5. Think about it -- engineers who are good at code but not necessarily AI suddenly 10x-ed overnight. They think "this software is so powerful, now I'm useless." But this fear is misplaced -- *you* are the one who became powerful -- the tool wasn't the powerful one. Can a non-techie build an app on their own now? Yes. But could they build a *better* app than an experienced software engineer who is also using AI tools? That's extremely doubtful, especially as the code turns into slow spaghetti. Think about the Iron Man (Tony Stark) character. Without the suit, he doesn't stand a chance against the enemies he normally fights. But if someone other than Tony Stark wears the Iron Man suit, they aren't as effective as Tony Stark wearing the suit. People think "learning how to use AI" is like "learning how to operate an Iron Man suit" which is wrong. No, what makes Iron Man Iron Man is his rapid tactical thinking, fearless risk taking, and advanced engineering chops. These are not "Iron Man Skills" but rather "Tony Stark Skills." In his own words "If you're nothing without the suit, then you're nothing at all" applies to AI. If you're nothing without AI, then you are nothing with AI. The number #1 skill to for AI is domain knowledge. There is no substitute for lessons learned from getting figuratively punched in the face in the real world as you deal with real world problems. Only by actually working with subcontractors can you get a 6th sense for when projects will get delayed. Only by regularly talking to vendors can you start getting a sense that certain materials will not be available in time. AI cannot shortcut this process and generally cannot anticipate issues like this. The #2 skill is clear communication. I'd say if your communication skills are top notch and you compete with a domain expert whose communications skills suck, you might actually stand a chance against him if both of you use AI. AI can only do what you tell it to. If you can't articulate your complex goals as actionable steps, AI can't help you. Finally, #3 is the actual AI skills. Stuff like how to set up agents, prevent context from rotting, planning before acting, knowing what tools to use, managing knowledge cutoff dates, benchmarking, etc. That stuff is not hard to learn. But learning those skills without domain expertise will not help you compete against a domain expert. Some people post things like "look! I had AI run my ads and I made $50,000 in 30 days." Buddy, $50,000 is chump change. That's not enough to hire a domain expert. What you really discovered is "competing in a niche that AI unlocked for you." Once you get into the bigger leagues, good luck going head to head in ad campaigns against someone who knows what they are doing (and using AI). Same thing applies to these mostly fake posts about using AI to make profit on Polymarket. Polymarket doesn't do enough volume to get the attention of serious quant firms and there enough degenerate gamblers distorting prices to make easy profits. Again, AI isn't giving you superpowers here, you just aren't competing against that many domain experts. Try vibecoding a trading bot for US treasury interest rates (one of the most competitive financial markets out there) and let me know how that goes. What AI did is help non-techies gain "baseline competence" in a field they aren't trained in. They make a huge leap from incompetent to semi-competent. Then they think that they can extrapolate the curve -- they'll be even better in that domain if they study AI as opposed to the domain itself. That's not how it works. You can't extrapolate small-scale wins with AI when you have no competition to a larger scale. What really happened is that AI unlocked value that was previously too costly to unlock, which is great! But "learning how to use AI" can only get you relatively small wins like that. So yes. If you are a domain expert, you'd be crazy to not use/learn AI. But you'd be even crazier to try to do competitive domain specific work beyond a small scale without domain specific expertise.

Honestly, I'm a fan of vibecoding as a former tech lead/eng manager. I don't want to spend the equivalent of 1 year of my life debugging stupid stuff or digging through a codebase to figure out something that is missing in the docs. However -- you do need to know what good software looks like. Here's some stuff issues I've encountered while vibecoding production software: 1) The AI has no context on whether data will be updated frequently or rarely. It stores some stuff in DB, which would be better kept on disk or in a CDN. 2) It doesn't optimize its SQL queries by default. 3) Sometimes it serves information to the frontend that absolutely does not belong there (security issues). 4) Trying to optimize pageload speeds requires a lot of domain knowledge about what goes into making a page load quickly. You can't just tell the AI "make the page faster" because it doesn't know what assumptions can be made about what can be optimized or not. It can actually come up with good ideas, but it needs steering. 5) By default, AI writes tests that are easy to pass. You actually have to read the tests it creates; you can't trust them without looking. 6) Typescript Any type must be forbidden by the linting, AI likes to be lazy and use it (like most human programmers would be). 7) You do have to be careful that your codebases doesn't devolve into a pile of garbage, but this is basically a skill issue. AI lets you take on tech debt at a catastrophic rate, but it also lets you pay back tech debt quickly. You just need a good sense for how much debt you have and whether you should repay or borrow. If you are only shipping features all the time you are doing it wrong. 8) As much as possible, try to make the codebase modular/isolated. That lets you run multiple AI instances simultaneously that don't need full context on the entire database. 9) AI doesn't know what is important to you. It doesn't know if you are an L9 chad or a non-techie who doesn't know what they are doing. If you care about readable code, you actually need to tell the AI you care about that. Otherwise, it just optimizes for getting the current task done. But I really LOVE that features which used to take 1 day to write can be done in 1 hour. Bad design decisions are also easy to recover from.

The RareSkills community is a community of high achievers. Congratulations @0xhgrano!

When you're deciding what to study in college, don't try to predict what will be valuable in the future, because that's so hard that you'll probably get it wrong. Instead focus on what you personally find most exciting. You can't get that wrong.

"The title software engineer is going to go away. It'll be replaced by builder. Everyone codes now - PMs, designers, data scientists, finance." - @bcherny, creator of Claude Code

Last time itself, US and Israel wanted regime change in Iran. This time they may make it happen. The reality is no country would help another, if the attacker is US. Be it middle east, China or Russia. We are able to stand on our own not because Russia is our friend. Nuclear weapons make all the difference. No one is able to defend Ukraine as well. It gave up all it's nuclear weapons post break up of USSR. Kim Jong Un seems to understand global politics better than any other leader.

Two years ago, we began work on the tutorial series known as 60 Days of Solana. As of today, the series is completed. We just published new sections on 1) writing Solana without frameworks 2) writing Solana programs in raw assembly (sBPF) and 3) how compute units work. Remember the gas optimization course we published in 2022? It was a first of its kind back then. We've done the same for Solana now. 60 days of Solana is now over 130,000 words in the final form. It certainly turned into a much larger scope than we originally anticipated! Resource in reply

It took us a year to compress all the knowledge in the Certora book down to something that is consumable in 10 days. That's literally a 36.5x speedup. I think we could have pushed it even further, but we don't have infinite money like OpenAI does. At some point you have to say "good enough." Something I've become convinced of: Almost everything that is "hard to understand" is simply not explained well. Newton/Leibniz was a genius for discovering calculus, but any mediocre high school student can learn it today, and with moderate effort, score well on a test. That's because after 4 centuries of iteration, we've discover the optimal (or near optimal) way to explain it. Calculus is not intrinsically difficult. ZK was like that too. Everyone thought it was moon math until we published the ZK book and showed that you can tactically isolate a few tough theorems, and then the rest is intuitive. So if you want developers to understand your complex system fast -- (and that's really the only metric that matters in this industry) -- hit me up. I can give you some pointers nobody else can.

Let me add some color to this spicy tweet because I suspect some folks have interpreted this as "leave Web3." In 2020-2022 (before FTX crash), Solidity was legitimately easy money. Deploy a few "advanced" contracts, get a six-figure remote job. Report "function is reentrant" on code4rena and make $3,000. There was also an insane amount of money flying around due to the money printer working overtime and almost nobody knowing about Web3 dev. People were paying hundreds of thousands of dollars for monkey jpegs in case you forgot your history. It's no secret that 80% of the industry is essentially a casino -- and people only go the casino when they have extra money to gamble, and numbers are generally up only. That's been less and less the case as we move away from the pandemic years. Since then, the Web3 industry has been steadily contracting, while the supply of engineering talent has steadily increased to arbitrage the relatively easy money that Web3 offers. So, there is no more easy money career-wise in Web3. -- Now let me offer some nuance: 1) If you are born in a country with unfair advantages, and you think $1,000 / mo for a remote job is a great salary, then there are still opportunities for you -- if you can think on your feet. The market is too harsh to just follow a roadmap and get a steady job, but the opportunities are there. However, it won't be a "sip cocktails on the beach" kind of job. Even companies that are "doing okay" now have all the cards when it comes to job negotiation. 2) If your benchmark for a good salary is $100,000 per year ($8,333 / mo) remote, then you are smoking crack if you think that salary is achievable within a year of grinding, given the current conditions. It used to be. It's not anymore. If you have an exceptional background (i.e., you won math or programming competitions), then Web3 might have some advantages for you relative to other industries, as web3 is still somewhat merit-based. If you have a cryptography or distributed systems background, then you have the necessary edge. You can make $100k in Web3, but not if you are starting fresh. You need some kind of an advantage going into it. I personally had a huge advantage -- I already had decades of technical writing experience + leadership experience at big tech. RareSkills didn't succeed only because I tried hard. There is no such thing as a junior solidity dev or junior auditor anymore. What anyone calls a "junior" today would have been "senior" two years ago. -- Keep in mind, I actually have a financial incentive to tell you "OMG YOU CAN MAKE $100,000 IN WEB3 DEV/AUDITING" -- I run a web3-oriented bootcamp and recruitment company for crying out loud. In fact, even if you don't take our bootcamps or use @RareTalent_xyz, the more people who are (at least attempting) to do something related to Web3 dev/auditing benefits me because I can show more numbers on the RareSkills website and cut bigger deals with other companies. So no, I still want you in this industry -- if anything -- for selfish reasons. So am I just trying to scare people away? Well, I am trying to scare away the people who ought to be scared away. And I'm doing them a favor. They'll be disillusioned when they find out that the messaging they repeatedly got that "entry-level jobs pay well and are relatively easy to obtain" isn't true. Those are the sort of people who will leave crypto and never come back. We don't want that. -- Now let's zoom out. In most countries, it requires at least six years of schooling to get "six-figure jobs" like accounting, medicine, law, architecture, etc. Six years to six figures. Has a nice ring to it, and it's what most industries seem to converge to. If you can grind in Web3 for six years, I guarantee you will succeed. RareSkills hasn't even been around that long. Heck, Solana is barely six years old. But if you're willing to grind for six years, why not just do one of those traditional jobs? One valid answer is that you live in a country that doesn't offer them. Fair. But can you sustain grinding for six years, let alone three? Objectively -- most people cannot, whether due to personality traits or circumstances. Your decision should be conditioned on those time horizons. In fact, there was once a time I made the RareSkills Solidity bootcamp 5-6 months long. The very long duration was to scare away people who weren't willing to invest in self-development for long periods. I saw many disciplined people join with the right intentions, but life still got in their way. So if someone I judge to be disciplined commits to a five-month program and pays several thousand dollars to join, but life still gets in the way, what does that tell you about how tough the journey into web3 is? It says most are not going to complete the journey even if the stars aligned at one point. So I shortened the bootcamps to a max of 1-3 months because life can be unpredictable for most people on longer time horizons. This has nothing to do with "lack of discipline" or "not sticking to goals." Life happens. -- Here's my advice: Only do Web3 because you honest-to-goodness love it. That's the only way you can grind for so long. I've mentored hundreds of people. The ones that made it 1) genuinely enjoyed the subject and 2) came in with at least some kind of an edge. If you "enjoy" web3 because you think it will get you a good salary someday, you are in for a rude awakening. I've seen this play out several times. Even if you get lucky and land a job, you'll not genuinely enjoy what you do. Then you will coast, then the job market goes south, then you are toast. Opportunism either makes it out early or gets washed out eventually. I've seen that play out over and over. If you know deep down inside you are opportunistic, then I suggest making a quick buck on AI agents while you still can. The attitude of "making a quick/easy buck" actually keeps you poor. The "easy money attitude" keeps you staring at charts, hoping for the lucky trade that never comes. The "easy money attitude" keeps you passively consuming technical content like a dummy thinking that doing so brings you closer to your dream job. The "easy money attitude" keeps you spending more energy thinking about the future than making the future happen. Have an edge. Choose long-term. Choose fun.

Just finished RareSkills Proxy Patterns book! From storage slots to Diamond proxies , insane depth. Thanks @RareSkills_io 🙌 rareskills.io/tutorials/prox…

Your understanding of rules is correct. However, the part about invariants needs a small clarification. Invariants are not just properties about a “single fixed state.” Instead, they are properties that must hold in every reachable state of the contract — before and after any function call. So while an invariant is evaluated on a single state at a time, the Prover checks that it holds across all possible state transitions. In other words, the Prover ensures that no function execution can ever lead to a state where the invariant is violated.

Thank you for the reply. Yeah I am learning Certora through this guide you wrote, and I saw this. However I was asking if my observation was correct; as you said, rules are for verifying function state level transitions which means that we're comparing a before and after state in a contract. However for invariants we are not comparing any before and after state, rather verifying the relation between variables or their values in one fixed state only. Is this observation correct?

After reading about rules and invariants in Certora CVL, I think its safe to say that rule blocks should be used to compare two different states of a contract while invariants should be used to compare variables in the same state. Certora experts, can you confirm this please?

On the Implication Operator section of the @RareSkills_io @Certora book and this sample makes more sense now

Understanding Invariants in Certora Formal Verification One of the most powerful ideas in formal verification is the concept of an invariant a property that must always stay true, no matter how the contract is used. Certora proves invariants using induction: # Initial state check (Base case) The Prover first checks that the invariant is true right after the constructor finishes. If it fails here, the property is already broken before any user interaction. # Inductive step Then Certora verifies that every public/external function keeps the invariant true. So if the rule holds before a function call, it must still hold after. If both steps pass the invariant is mathematically proven for all reachable states. Example: Voting contract (from Certora docs) We have three counters votesInFavor votesAgainst totalVotes Logically, this must always be true: totalVotes = votesInFavor + votesAgainst That is the invariant we want to prove. CVL specification methods { function totalVotes() external returns(uint256); function votesInFavor() external returns(uint256); function votesAgainst() external returns(uint256); } invariant totalVotesMatch(env e) to_mathint(totalVotes(e)) == votesInFavor(e) + votesAgainst(e); What’s happening here? methods {} exposes Solidity functions to the prover invariant totalVotesMatch defines the rule that must always hold env e represents any possible blockchain environment to_mathint(uint) converts Solidity integers into mathematical integers this avoids overflow reasoning and lets Certora prove the equation with pure math If Certora proves this invariant, we gain strong assurance that the vote accounting can never become inconsistent no matter how users interact with the contract. Contract source: Certora documentation docs.certora.com

I just completed Module 1 of the @Certora book by @RareSkills_io I learnt so much about Certora Prover in the last few days. Moving on to module 2 and doing a "shadow formal verification" by myself. Mad respect to the authors of the blogs who explained everything so well 🫡

A tip to all the people learning formal verification with the @RareSkills_io book: The best way to learn fv is to complete one proof and then insert bugs into your code and see if the Certora Prover catches them.

So excited this is finally out! 🎉 Can’t wait for folks to dig into it

Interesting, I did not know you could store a @Certora "lastReverted" check from a "withRevert" call into multiple bools for checking later. Even these early @RareSkills_io lessons have been incredibly informative.