afeli

Full Interview: https://www.youtube.com/watch?v=q9PgvDVNIn0 Links: Andy - https://twitter.com/andyfeili Alex - https://twitter.com/GalloDaSballo

100proof tells the story of how he received a 150k bug bounty from finding a big in Notional Finance Smart Contracts. (This is an audio only reupload of the original podcast episode) Bounty Acknowledgement: https://twitter.com/NotionalFinance/status/1566089211068948480 Post Mortem: https://blog.notional.finance/ntoken-redemption-bug-post-mortem/ PoC Code: https://github.com/one-hundred-proof/notional-flash-attack Links: Andy: https://twitter.com/andyfeili 100proof: https://twitter.com/1_00_proof

Joe shares his experience working as a security engineer at Apple and Amazon, performing freelance web3 audits and creating the all-in-one web3 security platform Audit Wizard. Links: https://twitter.com/andyfeili https://twitter.com/joe_vanloon https://www.auditwizard.io/

Interview with 100proof who received a 1M+ bug bounty from a very unique bug in a concentrated liquidity AMM protocol. 100proof quit his full time job last year to peruse web3 bug bounties full time. Since then he has landed two large bounties totaling over $1M. He talks about the experience here in this podcast episode on how he gained the expertise in this field, bug bounty methodology and war room experience where over 100m funds were at risk. Links: https://twitter.com/1_00_proof https://100proof.org/kyberswap-post-mortem.html

Moise shares his transition from a traditional Big4 consultancy role to the Web3 security realm. We talk about transferable skills, learning resources and his advice for people who are considering a career in web3 security. Links: https://twitter.com/moise__ https://spearbit.com/ 0:00 Family and Background 2:52 College, Working at Federal Reserve and Big4 Consultancy 9:00 Transition into Web3 13:17 Music & other passions 15:31 Transferable Skills Web2 vs Web3 24:49 Audit Firms vs Solo Auditors vs Decentralized Audit competitions 28:04 Web3 Security Impact 30:54 Imposter Syndrome 34:15 Open Sharing of Knowledge vs Paid Courses and Certifications 39:33 Learning Resources 44:54 Spearbit 53:02 Where is this Industry Headed 56:48 Advice for People Transitioning into this Space

0:00 Audit Workflow 18:56 ChatGPT 23:40 Immunefi 30:10 Work Life Balance 33:45 Yearn Finance 10m Hack 40:34 Audit Process 46:57 Pattern Matching Bugs 57:32 Operational Security 59:40 Goals For 2023 1:12:05 Becoming an Auditor vs Developer Links: https://twitter.com/hake_stake https://twitter.com/pashovkrum

https://www.youtube.com/watch?v=57V-57ZXmfA

https://www.youtube.com/watch?v=57V-57ZXmfA

https://www.youtube.com/watch?v=57V-57ZXmfA

I talk to Zach Obront about his audit process, how he collaborates with other top auditors and his recent wins on Sherlock and Immunefi. Links: https://twitter.com/zachobront/status/1633130401043546118 https://github.com/zobront/tla-specs/ 0:00 Intro 3:32 Learning Smart Contract Auditing 7:44 Progress on Code4rena 10:30 Collaboration with other Auditors 14:33 Zach's Audit Process 27:53 Motivation 29:36 Sherlock & $700,000 Optimism Audit Contest 34:40 Finding Critical Vulnerabilities 36:15 Spearbit and Private Audits 41:43 Finding a Critical on Optimism 47:51 Finding a Critical on Immunefi 49:21 Zach's day-to-day 53:34 Goals

Liam Eastwood, Lead Security Researcher at Spearbit and Judge on Code4rena, sits down for an interview to discuss his rapid rise from a student to a top security researcher in just two years. He shares his experiences and provides insights on how to progress from an intermediate to an advanced level in the field of web3 security and smart contract auditing. Links: https://twitter.com/0xleastwood https://leastwood.xyz OUTLINE: 0:00 Intro 6:08 Auditing on code4rena 11:28 Going from Intermediate Level to Advanced 16:20 Independent Researcher vs Working at a Audit Firm 22:23 Joining Sigma Prime 26:35 Liam's Progression in 2021 30:51 Advice for New Auditors 32:19 ZK & Cairo 37:00 Judging on code4rena 41:14 Lead Security Researcher at Spearbit 48:02 Focused Hours 51:48 Work Flexibility 1:00:06 If you started your career all over again

Patrick shares advice on how to get a job as a dev or auditor in web3 Full Interview: https://www.youtube.com/watch?v=9bu9pJICxiw

Patrick shares his recommendations for learning resources to get into web3 Full Interview: https://www.youtube.com/watch?v=9bu9pJICxiw

Interview with Patrick Collins - the 👑 of web3 education. Patrick talks about his background, how he got into web3, working at Chainlink and his switch to focus on Security. Patrick is hiring auditors! Reach out to him below. Links: https://twitter.com/PatrickAlphaC https://www.cyfrin.io/ OUTLINE: 0:00 Intro 3:38 Learning Traditional Financial Concepts 6:37 Working at Chainlink 8:22 Patrick's 32hr Solidity Tutorial 11:05 Web3 Security vs Web2 Security 15:11 Transition from Finance to Web3 18:59 Foundry vs Hardhat 21:41 Patrick switching to Security 26:02 Developer vs Auditor 29:43 Learning Resources for Web3 34:51 Prior Knowledge Required for Auditing 40:56 Patrick's Audit Process 46:11 Andy's Audit Process 50:57 Leaving Chainlink to Focus on Security 53:24 cyfrin.io 55:11 How to Get a Job in Web3 57:50 Making YouTube Content 1:05:05 Advice for People Joining this Industry

Pashov talks about what his day to day is like as an independent security researcher in the web3 space. Full Interview: https://www.youtube.com/watch?v=KONVlS7azMQ

Pashov shares advice on how to get started with smart contract auditing. Full Interview: https://www.youtube.com/watch?v=KONVlS7azMQ

Pashov shares his approach of learning from audit reports on code4rena. Full Interview: https://www.youtube.com/watch?v=KONVlS7azMQ

Pashov talks about working as an independent security researcher Full Interview: https://www.youtube.com/watch?v=KONVlS7azMQ

We sit down with Pashov and discuss his decision to all in on web3 security as an independent security researcher. Pashov shares alpha on auditing, obtaining clients and building industry connections. Links: https://twitter.com/pashovkrum OUTLINE: 0:00 Intro 3:52 Going Independent 5:47 First High Severity Bug 10:45 Learning Mindset 14:06 Reading code4rena Reports 20:23 Building Intuition for Vulnerabilities 22:46 Focused Hours 24:55 Spearbit 28:49 Understanding Code in Depth 31:34 How Beginners Should Approach code4rena 36:38 First Solo Audit 41:26 Getting Clients 45:52 Solo Auditing and Auditing Partnerships 55:30 Day in the Life of Pashov 59:22 How to Study 1:09:02 Independent Security Researcher vs Auditor Job 1:13:07 Experience Auditing with Spearbit 1:16:28 Deep Understanding of Code 1:20:02 Small vs Large Codebases 1:24:38 Immunefi 1:30:21 Building a Business 1:35:25 Making Industry Connections 1:40:30 Setting a Good Example for Others 1:46:43 Tips for Newbies

What is it like working as a smart contract auditor at an audit firm. What the job is actually like, what I do day to day, pros and cons vs an independent researcher and future goals.

Dravee talks how he was able to break out of his learning plateau as a smart contract auditor. In this conversation we talk about Dravee’s background as a DevOps engineer and how he learned smart contract auditing from scratch. We discuss how he was able to break through learning plateaus, his auditing strategy and his report automation setup. Full Podcast: https://www.youtube.com/watch?v=gd5z2AKbvHk

Interview with Dravee who is a top gas reporter on code4rena, taking first place for gas optimisations on the $1Million OpenSea contest in May and reaching top 20 on the leaderboard for 2022. In this conversation we talk about Dravee’s background and how he learned smart contract auditing from scratch. We discuss how he was able to break through learning plateaus, his auditing strategy and his report automation setup. Contact Dravee: https://twitter.com/BowTiedDravee Links: https://github.com/x676f64/secureum-mind_map OUTLINE: 0:00 - Introduction 0:49 - Learning Smart Contract auditing 8:15 - Secureum Bootcamp 14:20 - Connecting the dots 16:23 - The steep learning curve 20:20 - How has code4rena changed 23:10 - How should a newcomer approach code4rena? 24:45 - code4rena's value for getting hired 26:08 - The rising quality of code4rena's reports 27:35 - Why web3 security 36:04 - DeFi 38:25 - Learning resources 39:43 - Meeting top auditors IRL 42:36 - Being early 45:28 - Confidence to go fulltime 48:18 - Additional learning resources from Secureum 49:43 - Starting with the basics 50:38 - Approach auditing as a beginner 57:48 - Semi-Automated report generation process 1:05:38 - Being 1st in 2022 on the Leaderboard for Gas Optimisation 1:07:37 - Breaking through plateaus 1:27:14 - Inspiration from yAcademy 1:29:05 - Audits at Spearbit 1:35:00 - Preparing for the next Bull market 1:38:47 - Future Goals 1:47:05 - Final Advice

Learning resources to get into web3 security in 2023 Full podcast: https://www.youtube.com/watch?v=g79DFfBaTew