Andy Li (@andyli) • Hey
Security Engineer @ Sigma Prime | SpearbitDAO code4rena | prev: pentester - web2 & networks
https://youtube.com/andyli
Publications
- An interview with Trust, ex-NSO Group hacker turned web3 bounty hunter and independent security researcher. Trust discusses his work performing audits on code4rena, participating in bug bounties on Immunefi, and shares with us his methodology and mindset around bounty hunting and security research.
https://www.youtube.com/watch?v=NC4uzV-syIw
- gm and happy holidays
- Interview with independent security researcher 0xDjango, on how he transitioned from data engineer to full time bounty hunter, earning over 400k this year on code4rena and Immunefi combined.
https://www.youtube.com/watch?v=R2BAgbn2Um8
- Very helpful for people getting into smart contract auditing
https://twitter.com/zachobront/status/1606132664422891520
- we will be doing a database migration moving to aurora to allow our pings worldwide to be faster, general speed up of all queries, having many read databases with auto-scale, alongside having read and write separate databases for memory reasons. This will mean on 08:15AM GMT Thursday 22nd December write actions will be down for 20 minutes.
- indexer will not index any new publications, profiles etc
- reactions and other parts will not be able to be actioned
once the migration is complete the indexer will catch up with anything it missed of course anything on-chain will still go on-chain but not be shown in the API if done in that period until it is back.
Reads will continue working as normal throughout the migration process.
Happy building all!
- Gerard Persoon talks about 8 high severity findings he encountered during smart contract auditing. Love how he explains everything in a very simple way.
https://www.youtube.com/watch?v=p4ho0GQc4es
- Great resources to learn about smart contract hacks using Foundry.
https://github.com/SunWeb3Sec/DeFiVulnLabs
- Smart contract auditor salaries are pretty insane
https://www.youtube.com/shorts/jNEZRHuI-1o
- My CV - Getting a JOB as a Smart Contract Auditor
This was the resume that I used to land a job as a smart contract auditor in the web3 security space. Got good response rates with top auditing firms.
- Recreate past web3 hacks using Foundry. This is a great resources to learn about smart contract auditing. Constantly updated with the latest hacks.
https://github.com/SunWeb3Sec/DeFiHackLabs
- What are the most popular platforms built on Lens at the moment? I know lenster and lenstube, what else?
- This was the article that inspired me to learn smart contract auditing.
See if it inspires you 🙂
https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b
- Web3 Bounty Hunter's 150k Payday
Story of how a smart contract bug earned him a bounty of 150k.
Full Podcast: https://www.youtube.com/watch?v=NEmwfl-zLuw
Bounty Acknowledgement:
https://twitter.com/NotionalFinance/status/1566089211068948480
Post Mortem:
https://blog.notional.finance/ntoken-redemption-bug-post-mortem/
PoC Code:
https://github.com/one-hundred-proof/notional-flash-attack
Follow 100proof on Twitter:
https://twitter.com/1_00_proof
- Wowo
- Clip from the interview I did with 100proof where he tells the story of how he earned a 150k bounty on Immunefi
https://www.youtube.com/watch?v=MDIM0geNsN4
- Learn how to hack smart contracts, here are the learning resources I used:
1. cmichel is ranked 1st on code4rena with more than 1 million in awards - start by reading his blog to get the big picture https://cmichel.io/how-to-become-a-smart-contract-auditor/
2. Learn solidity with Patrick Collins' 32 hour solidity course https://youtube.com/watch?v=gyMwXuJrbJQ you don't need to go through everything, just pick up on the basics of solidity and web3
3. Go through the Secureum resources https://secureum.substack.com it can be a little dry to go through, but it is the quickest way to get up to speed on common vulnerabilities.
4. Time to start bug hunting by participating in audit contests on code4rena start with the simple QA findings to build confidence (it is very easy to find low hanging fruit bugs) read past audit reports to improve. https://code4rena.com
5. I made a beginner roadmap video providing more information on code4rena audit contests and my progress on the platform. https://www.youtube.com/watch?v=-469Gcye-ZE
6. Updated video where I recently landed a job as a smart contract auditor using the resources above. Sharing the CV and talking about how I was able to transition into the industry with a traditional cyber security background. https://www.youtube.com/watch?v=OFyB6BdTC8g
Follow for more web3 hacking content.
- gm