eBTC Internal Security Practices
Full Interview: https://www.youtube.com/watch?v=q9PgvDVNIn0
Links:
Andy - https://twitter.com/andyfeili
Alex - https://twitter.com/GalloDaSballo
3
views
A Bug Worth 150k - 100proof's bounty from Notional Finance Smart Contracts (audio only reupload)
100proof tells the story of how he received a 150k bug bounty from finding a big in Notional Finance Smart Contracts.
(This is an audio only reupload of the original podcast episode)
Bounty Acknowledgement:
https://twitter.com/NotionalFinance/status/1566089211068948480
Post Mortem:
https://blog.notional.finance/ntoken-redemption-bug-post-mortem/
PoC Code:
https://github.com/one-hundred-proof/notional-flash-attack
Links:
Andy: https://twitter.com/andyfeili
100proof: https://twitter.com/1_00_proof
18
views
Joe: Audit Wizard Founder, ex-FAANG Security Engineer on Threat Modeling, AI, Security Tooling
Joe shares his experience working as a security engineer at Apple and Amazon, performing freelance web3 audits and creating the all-in-one web3 security platform Audit Wizard.
Links:
https://twitter.com/andyfeili
https://twitter.com/joe_vanloon
https://www.auditwizard.io/
14
views
1M Bug Bounty From Saving $100M at risk in KyberSwap Elastic
Interview with 100proof who received a 1M+ bug bounty from a very unique bug in a concentrated liquidity AMM protocol.
100proof quit his full time job last year to peruse web3 bug bounties full time. Since then he has landed two large bounties totaling over $1M. He talks about the experience here in this podcast episode on how he gained the expertise in this field, bug bounty methodology and war room experience where over 100m funds were at risk.
Links:
https://twitter.com/1_00_proof
https://100proof.org/kyberswap-post-mortem.html
45
views
Moise: Transitioning from Big4 to Web3 Security
Moise shares his transition from a traditional Big4 consultancy role to the Web3 security realm. We talk about transferable skills, learning resources and his advice for people who are considering a career in web3 security.
Links:
https://twitter.com/moise__
https://spearbit.com/
0:00 Family and Background
2:52 College, Working at Federal Reserve and Big4 Consultancy
9:00 Transition into Web3
13:17 Music & other passions
15:31 Transferable Skills Web2 vs Web3
24:49 Audit Firms vs Solo Auditors vs Decentralized Audit competitions
28:04 Web3 Security Impact
30:54 Imposter Syndrome
34:15 Open Sharing of Knowledge vs Paid Courses and Certifications
39:33 Learning Resources
44:54 Spearbit
53:02 Where is this Industry Headed
56:48 Advice for People Transitioning into this Space
11
views
Web3 Security Hangout: Hake, Pashov & Andy
0:00 Audit Workflow
18:56 ChatGPT
23:40 Immunefi
30:10 Work Life Balance
33:45 Yearn Finance 10m Hack
40:34 Audit Process
46:57 Pattern Matching Bugs
57:32 Operational Security
59:40 Goals For 2023
1:12:05 Becoming an Auditor vs Developer
Links:
https://twitter.com/hake_stake
https://twitter.com/pashovkrum
9
views
Zach Obront: Winning Audit Contests & Crushing Bug Bounties
I talk to Zach Obront about his audit process, how he collaborates with other top auditors and his recent wins on Sherlock and Immunefi.
Links:
https://twitter.com/zachobront/status/1633130401043546118
https://github.com/zobront/tla-specs/
0:00 Intro
3:32 Learning Smart Contract Auditing
7:44 Progress on Code4rena
10:30 Collaboration with other Auditors
14:33 Zach's Audit Process
27:53 Motivation
29:36 Sherlock & $700,000 Optimism Audit Contest
34:40 Finding Critical Vulnerabilities
36:15 Spearbit and Private Audits
41:43 Finding a Critical on Optimism
47:51 Finding a Critical on Immunefi
49:21 Zach's day-to-day
53:34 Goals
8
views
0xleastwood: Spearbit Lead Security Researcher talks Web3 Security and Smart Contract Auditing
Liam Eastwood, Lead Security Researcher at Spearbit and Judge on Code4rena, sits down for an interview to discuss his rapid rise from a student to a top security researcher in just two years. He shares his experiences and provides insights on how to progress from an intermediate to an advanced level in the field of web3 security and smart contract auditing.
Links:
https://twitter.com/0xleastwood
https://leastwood.xyz
OUTLINE:
0:00 Intro
6:08 Auditing on code4rena
11:28 Going from Intermediate Level to Advanced
16:20 Independent Researcher vs Working at a Audit Firm
22:23 Joining Sigma Prime
26:35 Liam's Progression in 2021
30:51 Advice for New Auditors
32:19 ZK & Cairo
37:00 Judging on code4rena
41:14 Lead Security Researcher at Spearbit
48:02 Focused Hours
51:48 Work Flexibility
1:00:06 If you started your career all over again
17
views
How to Get a Job in Web3
Patrick shares advice on how to get a job as a dev or auditor in web3
Full Interview: https://www.youtube.com/watch?v=9bu9pJICxiw
14
views
Learning Resources for Web3 Devs and Auditors
Patrick shares his recommendations for learning resources to get into web3
Full Interview: https://www.youtube.com/watch?v=9bu9pJICxiw
16
views
@PatrickAlphaC Web3 Education, Auditing and Advice for New Engineers in Web3
Interview with Patrick Collins - the 👑 of web3 education. Patrick talks about his background, how he got into web3, working at Chainlink and his switch to focus on Security.
Patrick is hiring auditors! Reach out to him below.
Links:
https://twitter.com/PatrickAlphaC
https://www.cyfrin.io/
OUTLINE:
0:00 Intro
3:38 Learning Traditional Financial Concepts
6:37 Working at Chainlink
8:22 Patrick's 32hr Solidity Tutorial
11:05 Web3 Security vs Web2 Security
15:11 Transition from Finance to Web3
18:59 Foundry vs Hardhat
21:41 Patrick switching to Security
26:02 Developer vs Auditor
29:43 Learning Resources for Web3
34:51 Prior Knowledge Required for Auditing
40:56 Patrick's Audit Process
46:11 Andy's Audit Process
50:57 Leaving Chainlink to Focus on Security
53:24 cyfrin.io
55:11 How to Get a Job in Web3
57:50 Making YouTube Content
1:05:05 Advice for People Joining this Industry
26
views
Day in the Life of a Web3 Security Researcher
Pashov talks about what his day to day is like as an independent security researcher in the web3 space.
Full Interview: https://www.youtube.com/watch?v=KONVlS7azMQ
7
views
Tips for Learning Smart Contract Auditing
Pashov shares advice on how to get started with smart contract auditing.
Full Interview: https://www.youtube.com/watch?v=KONVlS7azMQ
6
views
How to Read Audit Reports
Pashov shares his approach of learning from audit reports on code4rena.
Full Interview: https://www.youtube.com/watch?v=KONVlS7azMQ
3
views
Working as a Web3 Security Researcher
Pashov talks about working as an independent security researcher
Full Interview: https://www.youtube.com/watch?v=KONVlS7azMQ
3
views
Private Audits, Obtaining Clients and Navigating the World of Independent Security Research
We sit down with Pashov and discuss his decision to all in on web3 security as an independent security researcher. Pashov shares alpha on auditing, obtaining clients and building industry connections.
Links:
https://twitter.com/pashovkrum
OUTLINE:
0:00 Intro
3:52 Going Independent
5:47 First High Severity Bug
10:45 Learning Mindset
14:06 Reading code4rena Reports
20:23 Building Intuition for Vulnerabilities
22:46 Focused Hours
24:55 Spearbit
28:49 Understanding Code in Depth
31:34 How Beginners Should Approach code4rena
36:38 First Solo Audit
41:26 Getting Clients
45:52 Solo Auditing and Auditing Partnerships
55:30 Day in the Life of Pashov
59:22 How to Study
1:09:02 Independent Security Researcher vs Auditor Job
1:13:07 Experience Auditing with Spearbit
1:16:28 Deep Understanding of Code
1:20:02 Small vs Large Codebases
1:24:38 Immunefi
1:30:21 Building a Business
1:35:25 Making Industry Connections
1:40:30 Setting a Good Example for Others
1:46:43 Tips for Newbies
11
views
My First Month as a Smart Contract Auditor
What is it like working as a smart contract auditor at an audit firm. What the job is actually like, what I do day to day, pros and cons vs an independent researcher and future goals.
3
views
Breaking Out of a Learning Plateau
Dravee talks how he was able to break out of his learning plateau as a smart contract auditor.
In this conversation we talk about Dravee’s background as a DevOps engineer and how he learned smart contract auditing from scratch. We discuss how he was able to break through learning plateaus, his auditing strategy and his report automation setup.
Full Podcast: https://www.youtube.com/watch?v=gd5z2AKbvHk
3
views
Code4rena Automation, Breaking Through Plateaus and Auditing Advice for Beginners/Intermediates
Interview with Dravee who is a top gas reporter on code4rena, taking first place for gas optimisations on the $1Million OpenSea contest in May and reaching top 20 on the leaderboard for 2022.
In this conversation we talk about Dravee’s background and how he learned smart contract auditing from scratch. We discuss how he was able to break through learning plateaus, his auditing strategy and his report automation setup.
Contact Dravee:
https://twitter.com/BowTiedDravee
Links:
https://github.com/x676f64/secureum-mind_map
OUTLINE:
0:00 - Introduction
0:49 - Learning Smart Contract auditing
8:15 - Secureum Bootcamp
14:20 - Connecting the dots
16:23 - The steep learning curve
20:20 - How has code4rena changed
23:10 - How should a newcomer approach code4rena?
24:45 - code4rena's value for getting hired
26:08 - The rising quality of code4rena's reports
27:35 - Why web3 security
36:04 - DeFi
38:25 - Learning resources
39:43 - Meeting top auditors IRL
42:36 - Being early
45:28 - Confidence to go fulltime
48:18 - Additional learning resources from Secureum
49:43 - Starting with the basics
50:38 - Approach auditing as a beginner
57:48 - Semi-Automated report generation process
1:05:38 - Being 1st in 2022 on the Leaderboard for Gas Optimisation
1:07:37 - Breaking through plateaus
1:27:14 - Inspiration from yAcademy
1:29:05 - Audits at Spearbit
1:35:00 - Preparing for the next Bull market
1:38:47 - Future Goals
1:47:05 - Final Advice
16
views
Smart Contract Auditor Learning Resources 2023
Learning resources to get into web3 security in 2023
Full podcast: https://www.youtube.com/watch?v=g79DFfBaTew
4
views