January 2023 recap on my progress to becoming a solidity auditor
Balancing Work and Contests
Hey folks! I’m back with an update on my journey to becoming a solidity auditor. January was a busy month and I wanted to share my progress and challenges with you all.
I participated in 4 code4rena contests and my first Sherlock contest. I spent an average of 10-12 hours per contest, totaling around 50 hours. I found 8 high and 11 medium vulnerabilities and improved my QA reports a lot, still it was very challenging to balance this all with my job.
Lessons Learned from a Low Severity Finding on immunify
Submitted one low severity finding to immunify, but unfortunately, it was closed with a “we know and don’t care” response. While it was a bit of a bummer, I took it as a learning opportunity and have since prioritized my research to focus on larger codebases.
The Challenges of Auditing Large Codebases
One thing I learned in January was that larger codebases are super challenging to audit in the limited time I spent per audit. I think I could do better if I had more time per contest, especially when dealing with codebases larger than 500 SLOC.
Goals for February
For February, I’ve set some new goals for myself:
- Participate in fewer contests, but allocate more time to each one
- Dedicate at least 10 hours to one immunify project to get my first bounty
- Go through all of the audit reports I’ve accumulated to continue sharpening my skills
- Take more time for leaning and research and go through all audit reports I have on my list
- Be more active on Twitter and connect with more security researchers
- Make a post about my MEV journey and open source my first bot
- Submit a CTF to QuillAudits showcasing a real attack that my MEV bot suffered from, or share a post about what I learned from the experience.
That’s it for now!
I’m excited to continue my journey in the security and auditing space, and I hope you’ll join me for the ride. If you’re interested in following my progress, connecting with me, or just want to chat, feel free to reach out to me on Twitter or Discord (zaskoh#2073 in Code4rena).
See you in the next post!