bug hunting smart contracts tl; dr initial questions list external and public functions. when and where external call happens and what changes. check payable functions. how functions are accessed (permissions by who). follow the flow for transfers. look for common vulnerabilities reentrancy with flashloans, fallbacks, payables. access control. arithmetic errors. create an enviroment for testing static analysis fuzzing and poc exploits (use foundry) cool resources solidity bugs by version cool bug bounty platforms immunefi hackenproof bountycaster certik remedy cool communities eth rangers security alliance the red guild