After almost a year of intensive Solana auditing, examining codebases written without Anchor requires a distinct approach compared to Anchor-based programs. Anchor consistently handles validation automatically behind the scenes, which developers might overlook during the coding

The worst when you don't receive feedback, you kill your business

Recently in private audits, I started writing coded PoCs when the test suite is setup already (I don't mind spending from 4 to 8 hours to make the setup work on my device). This saves everyone time. However, I do it only for issues that are not obvious and a bit complex or

Auditing any Solana program is at least 30-40% Anchor auditing without reporting to Anchor's (excluding Vanilla programs).

Ranked 2nd on this, still great ✨️ Bring more Solana progs. Our job is to break it before blackhats do. Drop a DM if you want me to do the job

In Solana, typically, if you add the highest priority fee, your transaction will be favored and picked first. However, this mechanism is changeable as the leader validator (a validator processing the current slot) can select transactions based on criteria other than the offered

The process of auditing is much more fun than finding that bug

Auditing becoming addiction, but you can't stay on the same level. Up up Up

Every time you go a level up, you look at the code in front of you as if it was a "Hello World" program. If you had this observation, welcome to the club

Here's a trick I used to sharpen my auditing skills and deep thinking around it. Pick a codebase that's very small, really too small. Now start auditing it. You'd be amazed how it would shift your mindset. This breaks the pattern of how your brain becomes lazy, relying on

A great business engagement is to not take things personally. 99%, people don't know you, and you don't know them. Actions based on speculation don't bring you forward (put aside trading). That's not easy to do, but if you do, you keep the long-term road up. Remember that

Got an offer from a big firm to join as SR, but I couldn't continue the process. They don't provide part-time option. Sad, but can't trade off freedom/flexibility

It pains me to see code4rena and Sherlock having no active web3 security contests. These two platforms have given so much value to the whole ecosystem. My wish is for their comeback as once upon a time, competition between contest platforms is badly needed for all of us here🙏

A bold and unprecedented move 🫡

Calling all Wardens for the first ever audit competition for the Solana Foundation! Solana Foundation is launching a competitive audit with a $203,500 prize pool for its Token-2022 Confidential Transfer Extension! The audit will run for 26 days, stay tuned for more info. Let's

I still don't understand how homomorphic is guaranteed in encryption. Might be a basic question, It's just that math is fascinating.

Coming Soon: the LARGEST unconditional prize pool in the history of audit competitions! Get ready Wardens, Category Labs is launching an audit competition for Monad with a $500,000 unconditional prize pool. The audit will run for 28 days, stay tuned for more. Welcome, @Monad.