How To Find SO Many Criticals You Get Bored Of Auditing
ฝัง
- เผยแพร่เมื่อ 4 ส.ค. 2024
- Are you a security researcher looking to join a world-class team? Apply to open positions at Guardian here: guardianaudits.notion.site/Gu...
Want to become an expert security researcher in a matter of months?
Get the guide to becoming a senior auditor in 6 months here: www.intogateway.com/guide
Looking for a Smart Contract Audit? Apply to work with the Guardian team on our website: guardianaudits.com
Join our community aimed at building and sharing a wealth of blockchain and solidity knowledge to help developers/auditors of all levels transform the web3 ecosystem.
lab.guardianaudits.com/
![[ไฮไลต์] แบดมินตันชาย วิว กุลวุฒิ (ไทย) vs LEE Zii Jia (มาเลเซีย) รอบรองชนะเลิศ | โอลิมปิก 2024](http://i.ytimg.com/vi/mvBiEAqlssw/mqdefault.jpg)
![NONT TANONT - ดอกไม้ที่รอฝน (spring) - Reimagined [Live Session]](http://i.ytimg.com/vi/nY2PsFZFEOg/mqdefault.jpg)
Hello Sir, I am trying to follow the GTDA methodology, I really like the way of following the codepath instead of just going through all the functions without context. Here the only problem I have is in drawing the diagrams, off course it is giving me more context, but taking so much time. Is it really worth it to draw? I mean in the context of Audit Contests, I mean almost 2k sloc 1 week. you know what I mean sir. I have also shared the diagram that I drew using whimsical, please have a look at that.
As always, thank you Owen for the great work you do.
I find that the most challenge thing about applying this strategy (particularly the goals mapping) in audit contests is the time constraint. Do you have any strategy for dealing with that?
In contests if you're constrained on time, focus in on the most complex area of the codebase -- it's where the highest bug density is likely to be, and where most will shy away.
Really cool video Owen, thank you !
Do you try to determine goals for each contracts or in general for the protocol ?
Gem of a video because right now im in the phase where its hard to understand what codebases do and how they work. Thank you!
Amazing hope this can help you get over that hump!! It's all downhill from there 🙏
Update ?
I am in the same place you were 3 months ago any update?
Please give your tips on how to audit large code base protocol like 3000 nSloc
H oven i understand code very well but attack ideas does not come in my mind what do you recommend to build attacker mind
First you have to build your toolbox of attack vectors (great way to do this is with the full course on my channel), then go through functions and force yourself to simply spend 5 minutes coming up with ideas of how things can go wrong with the attack vectors you know.
This will be hard at first but you will get better at it over time. Before long you will start to actually uncover findings this way, which will create a feedback loop, and that's how you train yourself to become an attacker.
@@0xOwenThurm 🙏
please provide us these notes 🙏
You are great, thanks man.
Glad it could help!!
Which web app you used for diagrams , can you please tell?
Whimsical!
Just a hint: it’s on ChatGPT4 as one of the GPT’s 😉
Thanks for sharing these videos, really helpful.
Glad they could be useful! More on the way for you 🫡
Great video Owen was really helpful
15:00
💜
❤️
I'm one hour late but lets fkn go!
Lfg glad you watched ser 🫡
Owen , Are you auditing ARCADIA protocol ?
I am not!
6:36 what happened with certik?
They are popular among the industry to give poor quality audits, but they are doing so many audits that their image is good among their potentials clients.
@@GRIMxJOKE haha! 😂
the audio is crisp and try to zoom in the video as it is not clear to see
Will do, have been focusing on zooming in more now haha
@@0xOwenThurm im not trying to compare but recently i have been watched patrick collins videos he take care of these minute things.. and he speaks very clearly .
you are prodcuing great content though
Please give your tips on how to audit large code base protocol like 3000 nSloc
Added to the backlog!