@Smacaud1@code4rena@trust__90 I think @trust__90 advise means that studying what you already know is less valuable than "diving deep". i.e. If you're comfortable in shallow waters, don't stay there! More "juicy" issues lie in deeper waters, not yet ventured by others.
@Smacaud1@code4rena@trust__90 4. If you took part in a contest and did not find certain issues, I think its beneficial to study those you did not find. Especially solo findings.
In other words: Study what you don't know - this will be different for everyone.
@Smacaud1@code4rena 3. Reading new articles to stay current - people share them in Discord channels like Immunefi, Blockchain PenTesting, C4... Also this newsletter: https://t.co/qRw0TmMGNf
improving skills would just be to do more contests xD
@Smacaud1@code4rena 1. https://t.co/UvDJh6XHQ6
2. Understand the purpose of the protocol first. Then, understand the code at a design level - know which contract(s) does what and how each piece is put together to form the entire system. Don't just read line-by-line.
@aviggiano@code4rena Once you've understood the project and code well enough. Take a break. The best ideas come when you're not looking at the screen.
This is an iterative process. Idea comes -> try it out -> fail/pass -> better understanding of code -> New ideas
Warden spotlight: @SooshS2 π
Quality > quantity is demonstrated by Soosh, who, in the last 90 days, found 3 medium-sev vulnerabilities. One of these earned them $70k+ USD in rewards, due to the uniqueness of the finding πΈ
Got any questions you want to ask them? β¬οΈ
@CatellaTech @code4rena Important thing is to understand the protocol and to have solid fundamentals - Solidity, common weaknesses, the entire ecosystem...π
@CatellaTech @code4rena I found 4 high risk issues on my first audit. Finding the first issue gave me confidence to continue looking.
Most people look for Low/QA issues when first starting, but severity and difficulty in finding are uncorrelated.