README.md

bug hunting smart contracts

tl; dr

initial questions

• list external and public functions.
• when and where external call happens and what changes.
• check payable functions.
• how functions are accessed (permissions by who).
• follow the flow for transfers.

look for common vulnerabilities

• reentrancy with flashloans, fallbacks, payables.
• access control.
• arithmetic errors.

create an enviroment for testing

• static analysis
• fuzzing and poc exploits (use foundry)

---

cool resources

• solidity bugs by version

cool bug bounty platforms

• immunefi
• hackenproof
• bountycaster
• certik
• remedy

cool communities

• eth rangers
• security alliance
• the red guild