3 strategies to get into hunting bugs in smart contracts
You've probably read about one of these million-dollar bounties handed out to white-hat hackers, and you probably wouldn't mind becoming one of them!
Here are three strategies that you can follow to become a (better) bug hunter.
🧱 Build a foundation
You can do many things to become a better smart contract bug hunter, but none will help if you don't know the basics!
Are you looking to hunt bugs in Ethereum smart contracts? Then make sure you understand solidity and at least a basic grasp of the EVM.
🎓 Learn from the best
There is a treasure trove of good information out there!
audit reports - Audit reports are perfect resources for learning to hunt for bugs! They not only provide great write-ups of all kinds of vulnerabilities, but they also offer a lot of info on best practices.
vulnerability disclosures and post-mortems - Similar to audit reports, vulnerability disclosures are great resources! They explain (often novel) ways to exploit smart contracts. Furthermore, you quickly glean how to structure vulnerability reports effectively!
write-ups of recent hacks - Unfortunately, some projects end up getting hacked. Often there will be security researchers that post Twitter threads or articles explaining what and how things went wrong. Read all of these!
Studying and researching is essential, but don't let it keep you from putting it into practice!
CTF - Capture the flag competitions are the perfect playing ground. CTFs often provide increasingly difficult puzzles that allow you to test and improve your skill!
bug hunting - Hunting for bugs is probably one of the best ways to get better at hunting for bugs. Though, take care not to burn out! A break now and then or a simpler target (your friends' hackathon project) can get you that dopamine hit you need to stay motivated!