A Solidity smart contract auditor that doesn’t know how the EVM works makes for a weak auditor.
Here are 3 resources to get up to speed ↓
Pro-tip: Start high-level and then go deeper
In #Web3Gaming news: #SEGA teams up with @finschia Foundation! They plan on using Sega's iconic game IPs to create new web3 games! 🎮🌐🤝
We're almost there. folks! 🚀˚。⁺🪐༘⋆ ✩°。🌕
Infinite approvals… the ultimate leap of faith.
Users of @SocketDotTech's Bungee bridge lost a total of $3.3M yesterday thanks to a known vector.
Have you checked your approvals lately?
https://t.co/R1SZZ5GXEj
Tomorrow I am going to interview the @code4rena OG Warden and Lookout @0xSorryNotSorry.
It's going to be an inspiring interview full of insights, especially because he doesn't come from a tech-heavy background!
What would you like me to ask him?
Looking for new Ethereum items to learn?
Here are some ideas:
• Latest Ethereum EIPs: EIP-6541, EIP-6963
• New Ethereum opcodes: CREATE
ABL - Always Be Learning
Secret weapon Web3 devs have over Web2 devs:
Open source codebases
This means that whenever a Web3 dev is building a project, they can find an open source codebase to either fork or get inspiration from.
Web2 devs do not have this luxury, so don’t squander it as a Web3 dev.
Base Layer 2 launched by Coinbase has overtaken Optimism in daily active users
Definitely keep an eye on it 👀
But most importantly, be aware of scams and rugpulls
We’ve been seeing a lot of those
Web2 engineers looking to get into Web3 engineering must first understand the architectural differences
This figure shows the difference between centralized architecture (Web2) and decentralized architecture (Web3)
The crazy thing is that if a security auditor does not understand your protocol
Their recommendations can actually introduce new bugs into the codebase
This is why you must do your research on the auditors and consider getting multiple audits
Always opt for more eyes on code👀
Be careful with the Twitter X rebrand
Social media scams have been growing in popularity.
These days, hackers are exploiting the Twitter rebrand, using fake emails and too-good-to-be-true deals to lure projects into clicking their phishing links.
Keep your social medias safe
@NFT_GOD This here is quite valuable advice:
Want to get way more reach on your posts?
Retweet your own content 9 hours after you post
This is the sweet spot in the algorithm where your reach is just dying down, plus the other timezones are waking up
There's no shame in RTing yourself
What powers my solo smart contract security audits:
- Github
- VS Code
- Manual reading through code
- Blackhat mindset
- Communication with devs
What doesn't:
- Complex processes
- Systems & code tools
- Artificial Intelligence
Start simple. Add complexity later (maybe).