I am a senior software engineer with over 5 years of experience, focusing on backend development and e-commerce. I am interested in web3, blockchain, and smart contract security and looking to shift to web3 as a security researcher and solidity auditor in 2023. more

January 2023 recap on my progress to becoming a solidity auditor

Balancing Work and Contests

Hey folks! I’m back with an update on my journey to becoming a solidity auditor. January was a busy month and I wanted to share my progress and challenges with you all.

I participated in 4 code4rena contests and my first Sherlock contest. I spent an average of 10-12 hours per contest, totaling around 50 hours. I found 8 high and 11 medium vulnerabilities and improved my QA reports a lot, still it was very challenging to balance this all with my job.

Lessons Learned from a Low Severity Finding on immunify

Submitted one low severity finding to immunify, but unfortunately, it was closed with a “we know and don’t care” response. While it was a bit of a bummer, I took it as a learning opportunity and have since prioritized my research to focus on larger codebases.

The Challenges of Auditing Large Codebases

One thing I learned in January was that larger codebases are super challenging to audit in the limited time I spent per audit. I think I could do better if I had more time per contest, especially when dealing with codebases larger than 500 SLOC.

Goals for February

For February, I’ve set some new goals for myself:

  • Participate in fewer contests, but allocate more time to each one
  • Dedicate at least 10 hours to one immunify project to get my first bounty
  • Go through all of the audit reports I’ve accumulated to continue sharpening my skills
  • Take more time for leaning and research and go through all audit reports I have on my list
  • Be more active on Twitter and connect with more security researchers
  • Make a post about my MEV journey and open source my first bot
  • Submit a CTF to QuillAudits showcasing a real attack that my MEV bot suffered from, or share a post about what I learned from the experience.

That’s it for now!

I’m excited to continue my journey in the security and auditing space, and I hope you’ll join me for the ride. If you’re interested in following my progress, connecting with me, or just want to chat, feel free to reach out to me on Twitter or Discord (zaskoh#2073 in Code4rena).

See you in the next post!

all tags