Recreating a 1.7M smart contract hack with the Reaper challenge from Unhacked CTF - based on the Reaper Farm hack that occurred in Aug 2022. Links: unhackedctf.su... github.com/and...
i've joined code arena as a warden , still havent found any issue yet, I'm trying to use code arena to get some money to buy a decent laptop (current one is just 2011 trash) so i thought it would be easy money in auditing. but ive been proven wrong still havent found any bug so far . I wont give up tho. Great videos!!!
You are making a great content. Hope the more people would get involved into web3 and smart contract security in particular the more subscribers your channel will get
Andy, I love your content which I consider as being a public good for the whole blockchain ecosystem! To get the current list of all holders of a given token (here the rfDAI), I use python, fetch the api of Covalent and parse the result. I've learned the theory from almost all available resources online but now I want to start practicing. If I should select only one option, what would you recommend to focus on between Truffle, Hardhat, Brownie and Foundry? The language doesn't matter, but I want something practical. Thank you!
Thanks, good idea using python. I was hoping there was a way in the block explorer itself ☹️ I would recommend Foundry, a lot of security folks seem to be moving to it. Writing tests in Solidity is the best part. Also, I hate JavaScript
Hey Andy, you're content is awesome! I want to start doing code4rena audit contests, I've gone through all of d-squared's ethernaut videos and a couple months ago I completed the python full stack solidity course on freecodecamp by patrick collins. Would it be worth it to complete some damn vulnerable defi or should I get some experience by participating in the contests?
Hey Andy, could you make a Video or just give a quick overview on how you start your contests? You said in one of your videos that you usually spend 3h per content, but I'm taking this time just to get the context of the contest. I don't know if you already talked about it, sorry if you did, but I'm worried about my performance at c4. I'm taking several hours just to take notes on every function of the contest's contracts. Could you talk a little bit about how you start every challenge? If you take notes about everything or just read, and stuff like that. I know it depends on how you work, but it could help me find a way out of it. However, thanks for your content. I started now into c4. You helped me a lot =)
Understanding the code base fully is an area I also still find challenging, perhaps due to time constraints? I have heard a few top auditors talk about reading code from the top down (cmichel, gpersoon), ie read the base class contract first before reading the derived class contract, so that is what I have been doing as well. A few tools that help in that regard: UML tool for Solidity contracts: github.com/naddison36/sol2uml Visualize function call graphs: github.com/ConsenSys/surya I think speed will come in time as you get familiar with the different types of code bases and read more audit reports. Hope that helps =)
@@andyli Thanks for the answer! I checked the links and they seem awesome! I will read more reports and maybe do a checklist with common bugs to speed up my reading skills. Thanks for your support, your videos helped me a lot, mainly when you give an overview of past reports, they are fantastic =)
