The video is going out at the perfect time, thanks Andy !
@andyli2 жыл бұрын
cheers!
@harshitsharma94742 жыл бұрын
Hey... Bro... M a Blockchain Smart Contract developer... But never done this Auditing part.... Although m new to web3... I have just 6-8 month of experience... Can you make a Roadmap video for Biggners?
@andyli2 жыл бұрын
Yea man I made a beginner road map video already, check the channel
@harshitsharma94742 жыл бұрын
@@andyli yeah just saw that .. it's awesome... Thanks dude... ❤️
@ayushmanthapa_onion2 жыл бұрын
Great video as always, thanks andy!
@andyli2 жыл бұрын
No worries!
@ouailtayarth40122 жыл бұрын
Thanks for sharing your journey! Can't wait for the upcoming videos!
@andyli2 жыл бұрын
Thanks for watching!
@codenerd83962 жыл бұрын
Thank you so much for this video Andy ! This helps beginners tremendously! Can you make another video explaining high and medium severity findings from other beginner friendly audit report? Much appreciated 💪
@andyli2 жыл бұрын
Yeah I can do more videos like this if people find it useful
@leisureclub_2 жыл бұрын
@@andyli Its indeed helpful.. loving the channel
@SathishKumar-ys2xm Жыл бұрын
Hi how and where I need to start to become smart auditor
@andyli Жыл бұрын
i made a beginner road map video
@yourdailyblockchain2 жыл бұрын
Thanks Andy - been going thru a few of your videos and they’re super interesting. I’m in I.T. So I’m pretty technical and I know blockchain, DeFi, CeFi, etc but I’m not a developer/coder. More product/project mgmt. how did you learn Solidity coding so fast? Thx - Thomas
@andyli2 жыл бұрын
I already knew how to code before this so it was not too hard of a transition. Auditing is mostly reading code.
@jerod25192 жыл бұрын
Thanks!
@andyli2 жыл бұрын
You're welcome!
@andyli2 жыл бұрын
lol just noticed that was a "Super Thanks". Cheers man! The first I have received on this channel :)
@jerod25192 жыл бұрын
@@andyli Haha, no worries! I’ve learned so much from your videos, and especially this one. Just wanted to send something your way as appreciation. Thanks for doing these!
@andyli2 жыл бұрын
@@jerod2519 glad you found the videos useful!
@lacag-lacag2 жыл бұрын
Thanks bro
@andyli2 жыл бұрын
👍
@wafflemakr605 Жыл бұрын
Really useful video Andy! Please add more of these!
@yufang1732 жыл бұрын
Perfect, thanks 😀
@andyli2 жыл бұрын
👍
@ercanak225411 ай бұрын
good job bro :)
@apostle51352 жыл бұрын
Awesome !! thanks Andy :) need more of this :D
@andyli2 жыл бұрын
will do!
@serousetrick Жыл бұрын
Hi, I have a question, I am beginner in this. How to find fixed lines, corrected/missing lines, how they look like? All I can see on these reports is description of solution, but there is no code line. How can I find corrected contracts/lines/..? Is there any way I can find corrected contracts by the name of warden?
@andyli Жыл бұрын
There won't always be a fix as part of the report.
@serousetrick Жыл бұрын
@@andyli Very often, by reading report I understand the they want to say, but if I would need to write that as a code, there is good chance that I would make a mistake. Thank you for answer. And one thing, is there any way I can find how some other wardens solved some findings, or we are limited only on what code4rena site shows?
@andyli Жыл бұрын
@@serousetrick you can click into the finding and browse the github repo, you will see all the submissions from other wardens as well
@blockchaintech9242 Жыл бұрын
Hey Andy , thanks for sharing .
@andyli Жыл бұрын
No prob!
@chibatomosuke50802 жыл бұрын
How to find the past "slippage issue" ? Is this a manual method?
@andyli2 жыл бұрын
Yeah I manually went through the reports
@chibatomosuke50802 жыл бұрын
@@andyli You are a hard worker. I noticed behind the smart result, there is always a lot of effort that no one appreciates. Thanks!
@aizhetengFred Жыл бұрын
Really great content! Wondering if you go through the codebase first before you read the report? I tried to read the code first before reading the report but soon got burnt out. Some codebases are huge and hard to read.
@andyli Жыл бұрын
just read the report reading code takes a long time, if you want to read code, then just participate in a real audit contest and you can find out results when the report is released
@aizhetengFred Жыл бұрын
@@andyli Thank you for the quick reply. I will try only read the report for now. Btw I'm going through all your videos. They are all great!! Nice work!
@Ashish939300866 ай бұрын
Thank you @@andyli for this answer. This question was circling around in my head from last few days
@liyinz2 жыл бұрын
👍👍
@andyli2 жыл бұрын
👍
@MoCrits Жыл бұрын
Very helpful
@andyli Жыл бұрын
cheers
@raqeeb_ameen2 жыл бұрын
Hey. So I got a question ? I recently got interested on Bug Bounty Hunting. And I am thinking on what to choose. Either Web2 or Web3 (Smart Contract Hacking). What do you prefer and suggest to me if you were a beginner and you are starting over. Because you got some cyber security certifications and you have experience in the field. Do you think web3 is the future and focusing on pentesting is not needed. What will you suggest me as a beginner ?
@andyli2 жыл бұрын
Traditional pentesting will always be needed, it just depends on where your interests lie. Try a bit of both and see which you like better
@muhammadhaashir74892 жыл бұрын
Sir kindly guide us about POC, what is it? And how to do it on immunefi bug report? Please.
@andyli2 жыл бұрын
Proof of concept, you need to write code to demonstrate the bug
@muhammadhaashir74892 жыл бұрын
@@andyliThanks sir but what kind of code I am supposed to write in poc, the company smart contract code in which vulnerability is found or my own calling smart contract code.
@andyli2 жыл бұрын
@@muhammadhaashir7489 depends on the vulnerability, sometimes you don't need an exploit contract
@muhammadhaashir74892 жыл бұрын
@@andyli Thank you very much sir for clearing my confusion. From where can I get previous bug reports of immunefi?
@andyli2 жыл бұрын
immunefi.medium.com
@LukaS-oi1tk2 жыл бұрын
Hey Andy thanks for the video, how to check code before/after implementation?
@andyli2 жыл бұрын
Sometimes there is a link to the pull request in the findings repo
@so3litude_2 жыл бұрын
Thanks :)
@andyli2 жыл бұрын
:)
@francoisguyot7892 жыл бұрын
About the 9:55 finding, honestly I wouldn't even classify it as a finding, maybe a low severity. There is no need to sanitize every parts of the smart contract from bad manipulation, if people didn't read it well nor understood it and tried to interact with it in an exotic way, it's their responsibility.
@andyli2 жыл бұрын
These edge case/user stupidity type of issues seem to be marked as Medium quite often. Another edge case example here: code4rena.com/reports/2022-04-jpegd/#m-05-rewards-will-be-locked-if-user-transfer-directly-to-pool-without-using-deposit-function-
@francoisguyot7892 жыл бұрын
@@andyli This one is interesting because it affects other users funds. In the case of the finding in your video, it's about somebody trying to send both an ERC20 with ETH in the same tx. Nobody would do that and it's kinda ridiculous
@lacag-lacag2 жыл бұрын
Andy what do think future of web3 will it be like web2 which is actually hard to find one bug becouse of full of compititors ? Olso do u use softwares to find bugs or u do it manually like reading throughout the code?
@andyli2 жыл бұрын
Only manual reading through the code
@lacag-lacag2 жыл бұрын
@@andyli what do you think the future of web3 does it be saturated like old web2 which is hard to find bugs
@andyli2 жыл бұрын
I think it will take some time before it gets saturated
@viktorcortez5706 Жыл бұрын
Hi, thanks for your video. Do you have twitter?
@andyli Жыл бұрын
Yeah, I have other social links on the channel page