How I audit Integrations? > Go into GitHub > Take screenshot’s of relevant code > Paste it into Miro > Explore the code of integrations > Ask GitHub Copilot Heavily > Make a notes > Read the docs precisely > Read "Solodit", discover common issues Integrations are out of scope —

The best advice for auditors > Read "Test Coverage" as part of the audit scope Most important thing during an audit — Ideas More Ideas - More findings The goal is to fuel a high level of creativity entire audit.

Here's the best advice I ever got — from a Top Korean hacker "Work with people who are better than you as much possible" This year, I work with Auditors, who are better than me • I fail • I feel dumb • I miss bugs But after each audit, I become stronger. It's hard path in

I am not a Go auditor I am not a Rust auditor I am not a TON auditor I am not a Cairo auditor I am not a Move auditor I am not a Solidity auditor I am a Web3 Security Auditor

LayerZero codebase is the tightest I’ve ever seen.

The most efficient way to search the data Binary Search. Huge projects implement it. • Uniswap • Polygon • Ethereum • OpenZeppelin Main idea is: Finds a value in a sorted list by always checking the middle — then cutting the search space in half each time.

Top 4 Lessons from last audit with Guardian • Grind till the last minute Tried to catch missed bug at 23:45 PM • Fuel your brain constantly Walk, train, but don't let ideas leave you • Document all invariants If you don’t keep them in sight, you’ll miss the bug. •

You must read this. Simple question. > What happens if call is made to address(0)? Ended up with $250K bounty. Tiny change in a safeLibrary allows to call safeTransferFrom on non-existing ERC20 Recording infinite amount as balance forum.balancer.fi/t/balancer-v2-…

I've failed. Hundred of times. But I never stop knocking the doors Today, I join Adevar Labs - Security Audits as a Full-Time Security Engineer New chapter with a new challenges. I love it.