How to become a web3 bug bounty hunter

Alex Horlan
Head of Triage, HackenProof
3 Minutes Read

New crisis – new opportunities

Recently, the situation in the crypto industry has not been encouraging with its incidents. Only in the last six months have there been 2 major incidents.

The collapse of the FTX exchange and the LUNA token caused huge losses for their investors.

But despite the weak activity in the crypto sector lately, this industry has tremendous prospects for the future. It’s the ideal time to purchase new skills. So, we’d like to present you with a learning path to start your education as a smart contract auditor.

Get experienced in coding

The first point you need to understand is that you need to have some experience with coding. It does not mean that you should be a senior developer, but you’d need to know how to read the code and understand some features.

Start with JavaScript. It’s one of the most beginner-friendly coding languages and it shares many features with Solidity, a blockchain coding language.

Learn about Ethereum

The second step is to learn about Ethereum basics.

A good way to do it is to read “Mastering Ethereum” by Andreas Antonopoulos. It covers all the required subjects for beginners.

If you want to go deep down the rabbit hole from the beginning, you can simply read Ethereum documentation for the developers https://ethereum.org/en/developers/docs/intro-to-ethereum/

Go deep on Solidity

Step three is to figure out the Solidity specification and its syntax:

CryptoZombies https://cryptozombies.io/en/course is an excellent choice to learn the basics of variables, types, functions, and other significant stuff.

Hack the smart contracts

Now you are ready to proceed with smart contract hacking:

That is the hardest step in our learning path – oddly enough ? isn’t it?…

Let’s begin with CTFs:

They will give you a huge boost for your skills because it covers the most common vulnerabilities. But it’s not enough, and you’ll need to read the most basic smart contracts such as token standards EIP20 and EIP721.

Additionally, a good opportunity for education is to learn with audited smart contracts. In this case, we can recommend our audits which you can check out here or another good platform is consensys .

After all of this, get a real experience on our bug bounty platform HackenProof or using audit contests on Code4rena. That’s an excellent opportunity to increase your level of qualification, even if you cannot find high-severity bugs.

What is next?

Keep honing your skills, learn the finance basics for smart contract logic, figure out EVM, and learn from past exploits.

Start your education, and you may prevent the next huge hack, which leads to tremendous losses.

Read more on HackenProof Blog