Hello Sir, I am trying to follow the GTDA methodology, I really like the way of following the codepath instead of just going through all the functions without context. Here the only problem I have is in drawing the diagrams, off course it is giving me more context, but taking so much time. Is it really worth it to draw? I mean in the context of Audit Contests, I mean almost 2k sloc 1 week. you know what I mean sir. I have also shared the diagram that I drew using whimsical, please have a look at that.
First you have to build your toolbox of attack vectors (great way to do this is with the full course on my channel), then go through functions and force yourself to simply spend 5 minutes coming up with ideas of how things can go wrong with the attack vectors you know. This will be hard at first but you will get better at it over time. Before long you will start to actually uncover findings this way, which will create a feedback loop, and that's how you train yourself to become an attacker.
As always, thank you Owen for the great work you do. I find that the most challenge thing about applying this strategy (particularly the goals mapping) in audit contests is the time constraint. Do you have any strategy for dealing with that?
In contests if you're constrained on time, focus in on the most complex area of the codebase -- it's where the highest bug density is likely to be, and where most will shy away.
They are popular among the industry to give poor quality audits, but they are doing so many audits that their image is good among their potentials clients.
@@0xOwenThurm im not trying to compare but recently i have been watched patrick collins videos he take care of these minute things.. and he speaks very clearly . you are prodcuing great content though
Gem of a video because right now im in the phase where its hard to understand what codebases do and how they work. Thank you!
Amazing hope this can help you get over that hump!! It's all downhill from there 🙏
Update ?
I am in the same place you were 3 months ago any update?
Hello Sir, I am trying to follow the GTDA methodology, I really like the way of following the codepath instead of just going through all the functions without context. Here the only problem I have is in drawing the diagrams, off course it is giving me more context, but taking so much time. Is it really worth it to draw? I mean in the context of Audit Contests, I mean almost 2k sloc 1 week. you know what I mean sir. I have also shared the diagram that I drew using whimsical, please have a look at that.
15:00
Which web app you used for diagrams , can you please tell?
Whimsical!
Just a hint: it’s on ChatGPT4 as one of the GPT’s 😉
Really cool video Owen, thank you !
Do you try to determine goals for each contracts or in general for the protocol ?
H oven i understand code very well but attack ideas does not come in my mind what do you recommend to build attacker mind
First you have to build your toolbox of attack vectors (great way to do this is with the full course on my channel), then go through functions and force yourself to simply spend 5 minutes coming up with ideas of how things can go wrong with the attack vectors you know.
This will be hard at first but you will get better at it over time. Before long you will start to actually uncover findings this way, which will create a feedback loop, and that's how you train yourself to become an attacker.
@@0xOwenThurm 🙏
The url of the free course doesnt work for me ???
Please give your tips on how to audit large code base protocol like 3000 nSloc
Added to the backlog!
Thanks from your work sir. It will be great if upload some new videos on some new exploits
As always, thank you Owen for the great work you do.
I find that the most challenge thing about applying this strategy (particularly the goals mapping) in audit contests is the time constraint. Do you have any strategy for dealing with that?
In contests if you're constrained on time, focus in on the most complex area of the codebase -- it's where the highest bug density is likely to be, and where most will shy away.
6:36 what happened with certik?
They are popular among the industry to give poor quality audits, but they are doing so many audits that their image is good among their potentials clients.
@@GRIMxJOKE haha! 😂
Owen , Are you auditing ARCADIA protocol ?
I am not!
please provide us these notes 🙏
the audio is crisp and try to zoom in the video as it is not clear to see
Will do, have been focusing on zooming in more now haha
@@0xOwenThurm im not trying to compare but recently i have been watched patrick collins videos he take care of these minute things.. and he speaks very clearly .
you are prodcuing great content though
Great video Owen was really helpful
I'm one hour late but lets fkn go!
Lfg glad you watched ser 🫡
You are great, thanks man.
Glad it could help!!
Thanks for sharing these videos, really helpful.
Glad they could be useful! More on the way for you 🫡
💜
❤️
Please give your tips on how to audit large code base protocol like 3000 nSloc