hey im a 14 year old that is in tutorial hell right now, ive learned solidity + react js for 8 months now so after learning security (which I already know the basics of - e.g. reentrancy), I can make money :) Thank you so much for inspiring me, I really appreciate the work your put into these videos
Hello Andy, I am 2nd year computer science student and learning solidity was a hobby for me that evolved into deep interest. Thank you for really educational videos they are helping me a lot to break into auditing.
I'm so glad I decided to learn SM development & auditing! Currently learning via's Patrick's course. These kinds of rewards/payouts are very encouraging, lol.
such a banger video! so fun to watch the success from learning a new thing i wonder if the hassle of traditional bug bounty led you to crypto auditing or was it general interest. im still on my oscp journey so i hope this space isnt too crowded by the time i jump in. cheers!
please keep going with the channel u are helping me build my journey so much. If karma exists this shit will go back twice to you Much love from Brasil!
Hey Andy, is there a specific reason why you recommend doing CTF before learning solidity tutorial? Right now Im doing Solidity tutorial first, but it's not sticking very well and am confused by all the different little rules. Thinking about just jumping into CTF based on this video. Thanks
2 หลายเดือนก่อน
Hey, how about you now? I learned solidity a few days ago and have the same question.
Thank you so much for creating this video.Really helpful. May God bless you. Also, Can you pls make a video on how to submit the findings? I actually didn't understood how submitting works. Do I need to make pull request or just copy and paste the part of the code before and after?One video on that would be really helpful. Thanks again
ABout to start an auditing fellowship, this is fantastic. Rally good specific resources and general commentary on the learning process in auditing--because security is a really complex and technical field in tech, let alone crypto.
Oh man, i read the article of legendary auditor C.Michel, he says it will take years before reviews will become useful for newbies in coding. Ouch that hurts! Im currently on 3rd month of javascript study coming from accounting background. Somehow i touch the finance concepts of derivatives during college years, this might help me to shift to smart contract auditor. Wish me luck!
I took about a year off from bug bounties after multiple dups @.@ or nothing for days like a big noob. Time really became precious after my former employer reduced by seniority & Tbh i was discoraged but knew that i just needed to improve so i began to study for htb's cpts. I will sit the exam soon and pass :D. After that my plan is to spam my application again.However, In the mean time , i wanted to reenter the bug bounty space. T.t i just miss "researching" lol and immunifi was an option. This is my first time hearing about code4rena and im excired to befome a warden. Lol sorry for the dump..mainly this is a thankyou for sharing
Hi Andy, your video pique my interest to learn about smart contract hacking /auditing. Do you think a total beginner in coding can follow through your guide and be good at this? Would it be possible?
@@andyli thanks a lot for your feedback Andy. Yeah, thinking of being good at understanding Solidity basics first before going further. My goal is to start as a smart contract developer and then gradually learning to be a smart contract auditor. I see many possibilities in Web3 and I hope to be ready to capilitalize once the bulls take over from the bear market.
May i ask you that im on my journey for the oscp in 2023 is it worth it or should i focus on web3 security and start learning the fundamentals ? and What kinda job can i work after that .I watched some videos and it looks very interesting
This video couldn't come at a better time! Documentation is so limited in the auditing space, you are the goat Andy 🐐
thanks mate, appreciate it! 🐐
Yes, I agree with you. There is limited resources in the auditing space. Thanks Andy, will be looking forward to more crumbs from you.
Been searching high and low for the info you've shared here! Thank you so much!!!
Glad it was helpful!
This is the video I'm awaiting for.Thanks Andy ,Great video .
Cheers!
Always wanted to find a way to link my cyberspace career and my cryptospace hobby, glad the algorithm made me pass through your channel.
hail to the algorithm
hey im a 14 year old that is in tutorial hell right now, ive learned solidity + react js for 8 months now so after learning security (which I already know the basics of - e.g. reentrancy), I can make money :)
Thank you so much for inspiring me, I really appreciate the work your put into these videos
It is amazing you are getting into this at 14 years old, THAT is inspiring
follow up, I've completed ethernaut and damn vulnerable defi and I'm just about to finish off completing secureum and then I'm gonna jump into it
Awesome, see you in the arena 🚀
@@danielcawley1051 Thats awesome man!
@@luigixb1 something even more awesome is that ive recently got my first payout and ive earned 91$, i just need to keep this up
5k bounty and 2 high severity on first 2 months, awesome!
Thanks!
@laiyintam6349 Could u share ur discord ?
@laiyintam6349 Could u share ur discord ?
Been waiting on a video like this, it's fairly new so not many people talk about it
True
selamlar sizin bu videonuz olmasaydı ilerlemem daha zor olacaktı herşey için teşekkürler.
your video is gold! keep up the good work!
Thank you, appreciate it!
@@andyli I might kickstart bug bounty career bcoz of u. Thanks!!
Nice, good luck!
Hello Andy, I am 2nd year computer science student and learning solidity was a hobby for me that evolved into deep interest. Thank you for really educational videos they are helping me a lot to break into auditing.
awesome, glad to hear!
This is so amazingly put together will study your advice + opinions to gain better understanding solidity security audits grinding my way thanks Andy
Glad it was helpful!
thank you so much, awesome 👍👍
👍👍
I'm so glad I decided to learn SM development & auditing! Currently learning via's Patrick's course. These kinds of rewards/payouts are very encouraging, lol.
Nice! Rewards did go down a by recently though
@@andyli Good to know. Only makes me want to learn faster, lol.
Thanks for taking time to make this feedback!
no prob!
Great video thanks😇
🙌
This is the exact thing I was looking for.
Thank you so much Andy👍
Glad it was helpful!
Keep it up Andy !
🙌
such a banger video! so fun to watch the success from learning a new thing
i wonder if the hassle of traditional bug bounty led you to crypto auditing or was it general interest.
im still on my oscp journey so i hope this space isnt too crowded by the time i jump in. cheers!
Thanks! I stumbled onto this randomly when I saw a someone post about the Damn Vulnerable Defi CTF on twitter. I doubt it will be crowded anytime soon
This is very helpful video, as this field are very limited of resources.
Awesome, thanks!
👍
What a beautiful detailed roadmap! Thanks so much for sharing Andy 👌
Glad you enjoyed!
I hope it gets crowded! We need more security!
this is great andy! thanks alot
🙏
That's what I wanted for 2023 :D
😀
Fool, now I will be able to audit smart contracts too!
Yeah? But I have a 2 month head start 😈
@@andyli im gonna borrow the time stone
Best roadmap. Subscribed
please keep going with the channel u are helping me build my journey so much. If karma exists this shit will go back twice to you
Much love from Brasil!
💯 more to come!
You have awesome content!
Keep up the good work
Thanks!
Thank u man been waiting this video alot but i wanna ask what kind of laptop do i need to participate the bugs is it ok 4GB ram
4GB is fine, you only need to browse GitHub and a text editor
Thank You, amazing video !
Thanks!
Once I finish Ethernaut do you think that’s enough info to get started on Code 4 Rena ?
@@marquisebrown2397 also read the secureum findings
@@andyli Thank you, do you know where I could get more than 1 Rinkeby test network ETH ?
incredible video i like it
hope u create more on methodology
Thanks! I will think about how to create a video on methodology
@@andyli waiting
create live auditing video also
Thanks in advance
u done great job
How to actually write reports of low risk issues in code4rena submissions ?
have a look at the previous audit reports to get some ideas
Thanks for sharing! Since this space is so fast-paced, is there anything you would change for 2023?
Not really, the learning resources are the same. Perhaps learn Foundry instead of Hardhat
Many thanks for the video, I like your process 👍
Thank you! Cheers!
Hey Andy, is there a specific reason why you recommend doing CTF before learning solidity tutorial? Right now Im doing Solidity tutorial first, but it's not sticking very well and am confused by all the different little rules. Thinking about just jumping into CTF based on this video. Thanks
Hey, how about you now? I learned solidity a few days ago and have the same question.
Thank you so much for creating this video.Really helpful. May God bless you.
Also, Can you pls make a video on how to submit the findings? I actually didn't understood how submitting works. Do I need to make pull request or just copy and paste the part of the code before and after?One video on that would be really helpful. Thanks again
Have you registered to become a Warden yet? Once you get confirmed, you submit findings directly on the code4rena website.
Thanks for this amazing video! Both useful and inspiring!
Glad it was helpful!
ABout to start an auditing fellowship, this is fantastic. Rally good specific resources and general commentary on the learning process in auditing--because security is a really complex and technical field in tech, let alone crypto.
Nice one, getting into a auditing fellowship. Which company was it?
Very cool - how did you find the fellowship?
It might be this yacademy.dev
Amazing content
Thanks!
Oh man, i read the article of legendary auditor C.Michel, he says it will take years before reviews will become useful for newbies in coding. Ouch that hurts! Im currently on 3rd month of javascript study coming from accounting background. Somehow i touch the finance concepts of derivatives during college years, this might help me to shift to smart contract auditor. Wish me luck!
Yeah, finance concepts will help a lot. Good luck!
I took about a year off from bug bounties after multiple dups @.@ or nothing for days like a big noob. Time really became precious after my former employer reduced by seniority & Tbh i was discoraged but knew that i just needed to improve so i began to study for htb's cpts. I will sit the exam soon and pass :D. After that my plan is to spam my application again.However, In the mean time , i wanted to reenter the bug bounty space. T.t i just miss "researching" lol and immunifi was an option. This is my first time hearing about code4rena and im excired to befome a warden. Lol sorry for the dump..mainly this is a thankyou for sharing
Nice, good luck hunting!
if i have no cyber security experience and i have little knowledge on solidity . is there any chance me finding bugs on code arena ?
it will just take you a bit longer to start finding bugs, start with the solidity tutorial
@@andyli how much solidity is need to find bugs
Im a web developer tryna break into security. would you suggest knowing about traditional pentesting before moving on to web3 security?
I don't think it is necessary, there are some concepts that help but I wouldn't consider them prerequisites
Thanks bro! Really thorough video. I appreciate your comment. Are you still working on traditional pentesting?
Yep, I only do bug bounties part time
Awesome 🤩
Thanks 🤗
Great video
ty!
yay ! another video :D
:D
Hey Andy, Can we get the notes of your secureum findings' classification. It will help us a lot.
github.com/andyfeili/SecureumFindings
This is gold
thanks!
Ty for the video, is this still up to date?
Finally!
First comment 😊
Hello Andy, thank you for sharing this! Super helpful!! Do you currently provide any 1:1 consulting service on security contract audit?
Do you mean teaching or private audits?
@@andyli teaching. I am currently looking for help to break into web3 security space. Please let me know if you are available. Thanks!
Yeah can do. Feel free to reach out on twitter or any of the other social links on the channel
🐐 video
🙌
Thank you so much!
No problem!
Hi, is this roadmap still relevant now at 2024?.
Thank u😍
No problem!
Is it best to go the developers route or cybersecurity for this? This is all a bit of everything.
You can learn this directly if it is what you want to do
I’m learning ethical hacking can I combine with this?
thank you so much
👍
Can i ask how do you join code4rena as a bug hunter?
fill out this form and join the Discord channel
code4rena.com/warden-registration/
Do you have link of this slide?
found it!
docs.google.com/presentation/d/1Zx9DoS4wTAfu7d2WSSQHuVp3c1hwO3mOS3K76EbhIAE
@@andyli coool! You should add to description.Thanks!
Hi Andy, your video pique my interest to learn about smart contract hacking /auditing. Do you think a total beginner in coding can follow through your guide and be good at this? Would it be possible?
Yeah it is possible. You will just need to spend more time on the Solidity tutorial - it is 32 hours long and assumes no prior knowledge.
@@andyli thanks a lot for your feedback Andy. Yeah, thinking of being good at understanding Solidity basics first before going further. My goal is to start as a smart contract developer and then gradually learning to be a smart contract auditor. I see many possibilities in Web3 and I hope to be ready to capilitalize once the bulls take over from the bear market.
hi andy is thier a way to remove swepper bot
Not sure what you mean by swepper bot
will u create video how to perform auditing new in this field
go through the learning resources listed here and read past audit reports
May i ask you that im on my journey for the oscp in 2023 is it worth it or should i focus on web3 security and start learning the fundamentals ? and What kinda job can i work after that .I watched some videos and it looks very interesting
You can work as a security engineer in web3, try some CFTs and see if you like this type of work.
Do you need a computer science knowledge and be really good at math
Programming knowledge and math helps.
Did you have to become a Solidity developer first, in order to be able to find bugs?
not necessarily, I am not a Solidity developer
@@andyli Thanks Andy. This actually gives me hope.
Hey Andy, do you take students or are you open to mentoring?
Open to exploring taking students or mentoring. Reach out on discord or twitter
hey Andy! I am just starting. Is this Roadmap relevant for now or any updates?
Yep still relevant, thinking of doing an updated version though
@@andyli Do it please
How much time it takes to complete all the topics
took me about 5-6 months
What is QA?
Quality assurance or low severity issues
I think it's extremely hard to get a job as an entry level smart contract auditor, they all go for seniors.
Some firms are hiring juniors, but you're right it is generally harder to get junior positions in any industry due to more competition
Is this still effective in 2024? 😢
+1
capture the ether is not working anymore
ah might be because Rinkeby testnet is deprecated
nice
Cheers
smart contract Auditor is hard job in the world and very very difficult
yeah difficult but worth it
Hey buddy, do u have a discord or telegram group ?
There is a discord link on the channel description
Great video! Thank you man
thanks!