00:00:00
hello hello welcome to my smart contract
00:00:03
auditing beginner roadmap video where
00:00:06
i'll be going over some of the learning
00:00:08
resources i used and i'll talk about
00:00:11
some of my experiences as well in the
00:00:14
web3 bug bounty space
00:00:16
now i am pretty new to web3 security but
00:00:19
i have recently made some good progress
00:00:22
from participating in order contests on
00:00:25
code arena so i thought it would be a
00:00:28
good time to share some of that
00:00:29
experience and i think it'll be valuable
00:00:32
for those who are new to the space to
00:00:35
hear this from someone who's also
00:00:37
relatively new just to give that
00:00:40
perspective and more importantly give
00:00:42
hope to those people
00:00:44
who want to
00:00:45
start participating in this i let them
00:00:47
know that this is possible to make
00:00:49
progress there is a lot of opportunity
00:00:51
here
00:00:52
and
00:00:53
i think it'll become obvious as i go
00:00:56
over some of the various opportunities
00:00:59
and
00:01:00
the things that are available for you if
00:01:03
you want to get into web3 security
00:01:06
just a bit of background about myself i
00:01:09
am a penetration tester in traditional
00:01:11
cyber security so my day-to-day is
00:01:13
performing network and web application
00:01:16
penetration tests and writing reports
00:01:20
so internal external network penetration
00:01:23
tests a web application penetration
00:01:26
tests those are sort of the bread and
00:01:29
butter of what i do day to day
00:01:32
i do understand
00:01:34
a little bit about the crypto space but
00:01:36
nothing substantial before this and i
00:01:39
have not looked into web3 security
00:01:42
before starting this
00:01:45
i did get my oscp last year in case
00:01:47
someone asks if the oscp was helpful
00:01:51
now the most helpful thing was probably
00:01:53
the try harder mentality
00:01:56
i hate to say it but being comfortable
00:01:58
with feeling dumb is
00:02:01
probably something that
00:02:03
is very helpful when learning something
00:02:05
new
00:02:07
and that mindset did help
00:02:09
for me when going through some of the
00:02:11
learning resources and reading reports
00:02:14
that i didn't quite understand yet
00:02:17
so i've been on code arena for two
00:02:19
months and recently got my biggest
00:02:21
payout on the platform for a high
00:02:23
severity finding which was worth 3k
00:02:26
and i'm currently ranked 36 on the 60
00:02:30
day leaderboard with in total
00:02:33
two high severity findings and one
00:02:36
medium severity finding
00:02:38
now before i talk about the coder in the
00:02:40
stuff i'll just quickly mention there is
00:02:43
also another bug bounty platform in web
00:02:45
3 which is a munifi and they are
00:02:48
offering some very massive bounties up
00:02:51
to the 10 million for
00:02:53
wormhole and maker dow
00:02:56
and some of these bounties have actually
00:02:58
been paid out recently so just a couple
00:03:02
of months ago the wormhole
00:03:04
bug bounty paid out for 10 million
00:03:06
dollars based on an uninitialized proxy
00:03:09
issue i mean if you read this report
00:03:12
it's just like are you serious 10
00:03:14
million for this i mean
00:03:16
this is pretty much straight out of a
00:03:18
ctf and
00:03:20
this is as bad as leaving default creds
00:03:25
on something exposed to the internet
00:03:27
like it's just that bad and
00:03:29
relatively simple to find
00:03:32
something like this paying out 10
00:03:34
million
00:03:35
it kind of goes to show that there's
00:03:37
just not that many eyeballs in this
00:03:39
space and there's a lot of opportunity
00:03:41
to be had right
00:03:43
and also this one which happened just
00:03:45
two weeks ago
00:03:47
which is aurora labs paying out 6
00:03:49
million these are some record-breaking
00:03:52
bug bounty rewards and there's no way
00:03:55
that you'll be able to find these type
00:03:57
of rewards in the traditional bug bounty
00:04:00
space where even places like zorodium if
00:04:03
you want to go gray hat and you sell
00:04:05
zero days from microsoft you only get
00:04:08
around 1 million for those zero days
00:04:11
which i'm pretty sure is way harder to
00:04:14
find compared to bugs in the web 3 space
00:04:17
so code arena is a pretty unique way to
00:04:21
do bug bounties where it's not strictly
00:04:24
a bug bounty platform they call it an
00:04:27
audit contest so how that works is a
00:04:30
contest will run between three to seven
00:04:33
days for example and there will be a
00:04:36
fixed price
00:04:37
usually the prices are between 30k to
00:04:40
around 100k and by the end of that one
00:04:43
week period the full prize is guaranteed
00:04:46
to be paid out
00:04:48
to all the participants who submitted
00:04:51
findings during that
00:04:53
order contest
00:04:55
now the prizes are
00:04:57
shared between the findings that you
00:04:59
submit so if you submitted high severity
00:05:02
findings you get a bigger share of the
00:05:04
prize pool
00:05:05
compared to mediums and lows
00:05:08
and you also get payouts
00:05:10
if your submission is a duplicate so
00:05:14
essentially when a duplicate happens you
00:05:17
just get a share of the price that is
00:05:20
allocated to that particular finding
00:05:23
overall there is less competition on
00:05:26
code arena
00:05:27
i mean honestly it feels like almost
00:05:30
every round is like a very lucrative
00:05:32
private bug bounty program there are
00:05:34
only about 200 participants on code
00:05:37
arena who have ever received the prize
00:05:39
off it and every competition usually we
00:05:43
get about 30 to 60 participants at the
00:05:46
moment now last year it was even less
00:05:48
people usually around 10 people per
00:05:51
contest so last year people were really
00:05:53
raking it in
00:05:54
on code arena
00:05:56
every competition is mostly based on a
00:05:59
new project so you're pretty much
00:06:01
looking at a fresh code base so you're
00:06:04
almost guaranteed to find something on
00:06:07
every competition which is great for
00:06:09
people who are new into the space where
00:06:11
if you're looking at a traditional bug
00:06:13
bounty it's extremely hard to find
00:06:15
anything and when you actually find
00:06:17
something it's probably a duplicate
00:06:19
finding so fresh code base every
00:06:22
competition is really great for people
00:06:25
who are new in the space and i mean you
00:06:27
get paid for duplicates so you're almost
00:06:29
guaranteed to get paid out even if you
00:06:32
are new
00:06:34
and the final good thing about code
00:06:35
arena is all reports are public so you
00:06:38
get that feedback loop where you can see
00:06:42
all the findings that other people
00:06:43
submitted once the report is published
00:06:46
you can review those reports and
00:06:49
continuously improve your process
00:06:53
so you can start finding those bugs that
00:06:55
you missed as well
00:06:57
so it kind of looks like this
00:06:59
currently there are two competitions
00:07:01
running at this time both of those were
00:07:03
i think three-day competitions
00:07:06
and paying around 50 000
00:07:09
recently the amount of contests have
00:07:12
been going up on kotorina as well
00:07:14
sometimes the most i've seen is five
00:07:17
contests running at the same time with
00:07:19
hundreds of thousands of dollars in each
00:07:21
of these contests
00:07:23
so for me the learning resources i used
00:07:26
were based on this a very good blog post
00:07:29
by c michelle on his blog how to become
00:07:33
a smart contract auditor he published
00:07:36
this post sometime last year and based
00:07:39
on that there was a big influx of people
00:07:42
who came to code arena so this is sort
00:07:45
of the
00:07:46
rough guideline of how i
00:07:49
approached uh learning this material
00:07:52
he's currently ranked one on the
00:07:54
all-time leader board with 1.1 million
00:07:56
in awards and he's been doing this for
00:07:59
about just over a year full time
00:08:02
i did see he made another blog post
00:08:04
recently where he documented the hourly
00:08:07
rate he was getting on code arena when
00:08:10
he first started last year when there
00:08:13
was less competition even less than now
00:08:15
he was getting about three thousand
00:08:17
dollars an hour and currently
00:08:19
it's hovering around five hundred
00:08:21
dollars an hour so based on that blog
00:08:24
post the main areas of focus for
00:08:26
auditing smart contracts is learning
00:08:29
about the solidity language learning
00:08:31
about d5 basics and also traditional
00:08:34
finance basics so i'll go over some of
00:08:38
the learning resources for each
00:08:40
for solidity i would recommend people
00:08:43
who are familiar with ctfs to go through
00:08:46
these ctfs first to learn about the
00:08:49
language and get your feet wet in this
00:08:52
space so there are essentially three
00:08:54
main ctfs available they are damn
00:08:57
vulnerable defy the etho naught
00:09:00
challenges and also capture the ether
00:09:03
for me i looked at damn vulnerable d5
00:09:06
first because that was just the first
00:09:08
one i saw someone post on twitter which
00:09:10
got me interested in the space
00:09:12
but i would actually recommend people do
00:09:16
the ethernet challenges first because
00:09:19
that's probably the easier of the three
00:09:22
to get started with and there are plenty
00:09:25
of video walkthroughs of the ethernet
00:09:28
challenges
00:09:29
one i would recommend is a d squared so
00:09:33
he has all the ethernet challenge levels
00:09:36
1 to 26 on his youtube channel they're
00:09:39
all about 20 to 30 minutes long so very
00:09:42
detailed walkthroughs he also talks
00:09:44
about his learning process as he does
00:09:47
the challenges as well so that's really
00:09:49
great for the beginner
00:09:51
capture the ether is around the same
00:09:53
level of difficulty as the ethernet
00:09:56
challenges i actually haven't done
00:09:57
capture the ether i just briefly looked
00:10:00
at it and saw that it did have a lot of
00:10:02
overlap between ethernet challenges so i
00:10:05
didn't actually go through capture the
00:10:06
ether challenges but that's definitely
00:10:08
one you can look into as well and
00:10:10
finally there's the damn vulnerable d5
00:10:13
challenge
00:10:14
which is probably the hardest of the
00:10:16
three i did most of the challenges and
00:10:19
damn vulnerable d5 but i didn't finish
00:10:22
them i don't think it's necessary for
00:10:24
you to do all the challenges but just
00:10:26
enough to
00:10:28
get your feet wet and
00:10:30
start to understand some of the
00:10:33
vulnerabilities in solidity
00:10:36
so the next thing i would recommend is
00:10:38
going through a solidity tutorial if
00:10:41
you're not very familiar with the
00:10:42
language i actually switched back and
00:10:44
forth between doing the tutorial and
00:10:47
also doing the ctf challenges because i
00:10:50
found that was very helpful in
00:10:53
first understanding something and then
00:10:55
applying it in the ctf so a great
00:10:58
solidity tutorial you can go through is
00:11:00
the one by patrick collins on free code
00:11:03
camp you can find the full videos on
00:11:05
youtube
00:11:06
he released a python version earlier
00:11:10
this year based on the brownie framework
00:11:13
and recently he just uploaded a
00:11:15
javascript framework version of that as
00:11:18
well using hard hat and that one is over
00:11:22
30 hours long so plenty of material to
00:11:25
go through
00:11:26
now you don't need to go through
00:11:29
all of the course if you are just
00:11:32
interested in the security aspects i
00:11:34
think it's best for you to
00:11:37
just get enough to understand the
00:11:39
language
00:11:41
to finish the ctf challenges
00:11:44
and then after that you can always refer
00:11:46
back to
00:11:48
the tutorial if you don't understand
00:11:50
something you don't want to be trapped
00:11:52
in tutorial hell here just
00:11:54
go through
00:11:56
obtain the various pieces of information
00:11:58
you need to complete your challenges and
00:12:00
then move on and then use this as a
00:12:02
reference point later on when you find
00:12:05
you don't understand a particular
00:12:06
concept
00:12:08
so for d5 basics a link that i saw
00:12:11
shared around a lot is teach yourself
00:12:14
crypto dot com
00:12:16
the blog post from c michelle mentions
00:12:18
these five points to understand from d5
00:12:22
which are token contracts proxies master
00:12:26
chef a compound and uni swap version two
00:12:30
so teach yourself crypto pretty much
00:12:32
covers these topics
00:12:34
not to a very high
00:12:36
technical detail but to the level where
00:12:39
if you're not familiar with d5
00:12:42
and then it'll pretty much get you up to
00:12:44
speed on what the use case is what is it
00:12:47
actually trying to do
00:12:49
how the system is designed and so forth
00:12:51
because previously when i first got into
00:12:54
code arena and i was looking at
00:12:57
the solidity code sometimes i just
00:12:59
didn't even know what the hell i was
00:13:01
looking at because i didn't understand
00:13:03
the d5 basics of what the code was
00:13:05
actually trying to do so at least get
00:13:08
yourself familiar with these
00:13:11
five main points of d5 for token
00:13:14
contracts you would also
00:13:16
encounter them during ctfs and the free
00:13:19
code camp
00:13:21
solidity
00:13:22
tutorial for proxies you will also
00:13:25
encounter them in ctfs for the
00:13:28
masterchef algorithm i would recommend
00:13:30
you watching the synthetic staking
00:13:33
rewards contract explain video on
00:13:35
youtube this video is made by the smart
00:13:38
contract programmer you can just search
00:13:40
that title on youtube and you'll find
00:13:42
that video series that'll pretty much
00:13:44
explain the math behind
00:13:47
the master chef contract and staking
00:13:49
rewards which is pretty hard to
00:13:51
understand if you
00:13:53
are not
00:13:54
that into math anymore which probably
00:13:58
most of us aren't
00:13:59
and finally for the finance basics the
00:14:03
khan academy course is a good option to
00:14:06
learn about traditional finance concepts
00:14:09
now for me i won't be able to give too
00:14:12
much of a perspective on this because i
00:14:14
actually came from a finance background
00:14:16
before i moved to it so i don't know how
00:14:19
much of that experience has actually
00:14:21
helped me in the course of auditing
00:14:24
solidity and smart contracts but i did
00:14:26
briefly look at this course and it does
00:14:28
seem like a good course that's gonna
00:14:30
pretty much cover most of the points
00:14:32
that you need to understand now the
00:14:35
course is pretty long so i wouldn't
00:14:37
recommend just
00:14:39
doing all this in one go again same as
00:14:43
the solidity tutorial use this as a
00:14:46
reference point to
00:14:48
reference back to it rather than just
00:14:50
viewing it all in one setting and then
00:14:52
pretty much forgetting about it once
00:14:53
you're done with the course
00:14:55
so after that your training is done and
00:14:58
you'll want to start to apply what you
00:15:01
have learned in actual audit contests
00:15:05
and reading previous audit reports to
00:15:08
understand the findings that other
00:15:09
people have found and just slowly build
00:15:12
up that mental mind map of the various
00:15:16
vulnerabilities that you may encounter
00:15:19
a great resource for actually getting
00:15:21
into order findings is securium so
00:15:24
securium has a website where they have
00:15:28
various blog posts where they talk about
00:15:30
ethereum 101 solidity 101 security
00:15:33
pitfalls and best practices all the
00:15:36
techniques and audit findings the most
00:15:39
useful material i found on securium was
00:15:43
the audit findings 101 and 102 which got
00:15:46
me used to starting to read and
00:15:49
understand past audit reports and start
00:15:53
to digest some of this
00:15:56
knowledge that
00:15:57
was from the previous learning resources
00:16:01
again shout out to d squared here where
00:16:03
he documented his journey going through
00:16:06
the securium material if you find the
00:16:08
securing materials a bit dry to read
00:16:11
through i would definitely recommend
00:16:13
watching these squares videos and then
00:16:15
going back to reading the securium
00:16:17
findings
00:16:19
and finally after you've gone through
00:16:21
all that you can start reading the
00:16:23
previous audit reports on code arena so
00:16:27
a couple of tricks i used to understand
00:16:30
these previous audit reports when i
00:16:31
first started reading them is go through
00:16:34
the low risk and non-critical issues
00:16:37
findings first on those reports because
00:16:39
those are very easy to understand even
00:16:42
if you are very new and starting to
00:16:45
understand those findings first will get
00:16:48
you into
00:16:50
participating in contests and start that
00:16:53
positive feedback loop where you are
00:16:55
continuously reading reports and
00:16:58
applying what you learned in order
00:17:00
contests
00:17:02
the next thing you want to do is try to
00:17:04
understand the high and medium severity
00:17:07
findings that are duplicate reports so
00:17:10
essentially what that means is find
00:17:12
those findings where you see a bunch of
00:17:16
different wardens have also found them
00:17:18
then go to that
00:17:20
particular github repo and pull out the
00:17:23
other wardens findings and start to
00:17:26
review those
00:17:28
findings from multiple wardens point of
00:17:30
view because sometimes if you read a
00:17:32
finding if you don't quite understand it
00:17:34
that warden probably didn't describe it
00:17:37
in a way that resonated with you so
00:17:39
viewing the findings from different
00:17:41
writers really helped to paint a clearer
00:17:43
picture to
00:17:45
what that finding actually is and i
00:17:47
found it really helped when
00:17:49
the
00:17:50
finding that was in the final report
00:17:52
didn't make sense but other wardens
00:17:54
provided a better explanation for that
00:17:57
particular finding
00:17:59
and finally you will go to the high and
00:18:02
medium findings that are unique findings
00:18:05
so this is pretty much the ultimate goal
00:18:07
when you're participating in code arena
00:18:09
is start to find unique high and medium
00:18:12
findings yourself and the first step in
00:18:15
doing that is understanding all those
00:18:18
unique findings in the previous order
00:18:21
reports now this is pretty much still an
00:18:23
ongoing process for me in my last video
00:18:26
i mentioned
00:18:27
i pretty much understood all the reports
00:18:30
now which is actually not true that i
00:18:33
came to find out recently because i did
00:18:35
encounter some findings where i just
00:18:37
really couldn't get my head around so
00:18:39
this is still an ongoing process for me
00:18:42
to understand these high and medium
00:18:44
unique findings so this is sort of my
00:18:47
progress on code arena so far for the
00:18:50
first two months
00:18:52
when i first started on code arena i was
00:18:55
only submitting qa and gas optimization
00:18:58
reports for my first five to ten order
00:19:00
contest
00:19:01
during this time i was going through
00:19:04
some of the learning resources i
00:19:07
mentioned previously reading past audit
00:19:09
reports
00:19:11
and slowly building up that
00:19:13
knowledge of previous
00:19:16
findings and after two to three weeks of
00:19:19
this i started to notice
00:19:22
some medium severity issues when i am
00:19:24
just looking through the code now i
00:19:27
would just mention that
00:19:28
for submitting qa and gas optimization
00:19:31
reports you may be tempted to run an
00:19:34
automated tool such as slither or just
00:19:37
grab out the various points of interest
00:19:40
and only submitting those for the qa and
00:19:43
gas optimizations but
00:19:45
i would recommend against it so i
00:19:48
started off by doing that running
00:19:49
automated tools and then just submitting
00:19:52
those as my findings for the order
00:19:54
competitions but i found that it was
00:19:57
more helpful to actually read the code
00:20:00
manually yourself
00:20:02
not because that is actually going to be
00:20:04
better for you to find more
00:20:06
qa or gas optimization findings but
00:20:09
reading more code and just literally
00:20:11
like parsing it with your eyes is very
00:20:15
good in terms of getting more used to
00:20:18
reading solidity and the various
00:20:20
patterns it uses
00:20:22
so you
00:20:23
once you start to read more previous
00:20:26
audit reports you'll literally start to
00:20:28
pick up on these patterns during
00:20:31
reading through the code so the purpose
00:20:34
of reading through the code is one to
00:20:36
find these qa and gas optimization
00:20:39
issues and second of all once you are
00:20:42
more familiar with the previous
00:20:45
audit findings you'll be able to pick up
00:20:47
on these patterns and actually slowly
00:20:51
see where these potential medium
00:20:53
severity findings are which is what i
00:20:56
found
00:20:57
happened after about two to three weeks
00:20:59
i started to see some of these potential
00:21:02
medium severity issues as i was looking
00:21:04
for qa issues and that was when i
00:21:08
started submitting medium severity
00:21:10
issues
00:21:11
and after one month i got my first
00:21:13
medium severity issue confirmed and that
00:21:16
was for a payout of 290 or so dollars
00:21:20
so i pretty much just repeated that
00:21:22
process
00:21:24
kept reading more audit reports and
00:21:27
participating in
00:21:29
order contests until about 1.5 months i
00:21:34
started to see some potential pathways
00:21:36
for high severity findings
00:21:39
and i got my high severity finding
00:21:42
confirmed recently
00:21:44
and that was amazingly a 3k payout so
00:21:49
super happy with the progress that i've
00:21:51
made in just two months on this platform
00:21:54
i'm honestly pretty surprised
00:21:57
you know for someone who is
00:22:00
pretty new to this uh to be able to
00:22:04
get on the leaderboard and get a high
00:22:07
severity finding payout for this much
00:22:09
just in two months so it kind of goes to
00:22:13
show that the level of competition in
00:22:15
web 3 bounties is not as high as a
00:22:19
traditional bug bounty platforms because
00:22:23
in terms of skill
00:22:25
i mean i would probably rate my
00:22:28
web app and network penetration skills
00:22:31
higher than my solidity auditing skills
00:22:34
at the moment because just from the
00:22:37
amount of time that i spent
00:22:39
in traditional penetration tests right
00:22:42
but however i think if i tried my hand
00:22:45
at a traditional bug bounty platform i
00:22:49
doubt i would be able to get the kind of
00:22:52
payouts that i am getting now um in web
00:22:55
3 instead
00:22:57
so my future goals on code arena i want
00:23:00
to read all the past audit reports from
00:23:03
code arena so they have about a hundred
00:23:06
reports and i've gone through about 30
00:23:08
to 40 of those reports already so i want
00:23:12
to finish reading all of those reports
00:23:14
in the next couple of months
00:23:17
i want to understand and categorize all
00:23:20
the findings so in a previous video i
00:23:22
showed how i categorized the securium
00:23:26
findings they had 200 of them
00:23:29
categorizing them into your
00:23:31
notes
00:23:32
to into buckets that are similar
00:23:35
sort of groupings of vulnerabilities
00:23:38
that really helped me understand
00:23:40
the securium findings and also for these
00:23:43
code arena findings i've started to
00:23:46
notice patterns like i'll go over some
00:23:48
findings in previous videos and once my
00:23:53
high level severity finding report
00:23:54
actually gets published i'll talk more
00:23:56
findings then but
00:23:58
pretty much i have started to see
00:24:01
patterns where a similar findings happen
00:24:04
very frequently in code arena contest so
00:24:08
those are the findings that i am
00:24:10
more focused on because you're more
00:24:12
likely to find them and they're easier
00:24:14
to spot based on all the previous
00:24:17
examples of vulnerable code that you can
00:24:20
see in the previous order reports
00:24:23
and
00:24:24
i also want to spend more time per audit
00:24:27
contest right so at the moment i am
00:24:31
devoting more time in reading these
00:24:34
audit reports and learning rather than
00:24:37
spending time per order contest so i'm
00:24:40
potentially still leaving a lot of money
00:24:43
on the table at this point
00:24:45
just in terms of
00:24:47
i'm not spending that much time on the
00:24:49
contest itself i'm trying to sort of
00:24:51
blitz through the contest just to snipe
00:24:54
all the low-hanging fruit issues that i
00:24:57
can find
00:24:58
very quickly and i want to spend more
00:25:01
time that i can devote into this
00:25:04
on reading previous order reports which
00:25:06
i feel that is going to be
00:25:09
providing me more value down the road
00:25:12
and finding more unique high severity
00:25:15
and medium findings
00:25:17
and also keep climbing the leaderboard
00:25:20
currently i am about 5k and rewards and
00:25:23
30-something on the 60-day leaderboard i
00:25:26
want to keep climbing the leaderboard
00:25:28
and see how far i can push this
00:25:31
it's a pretty fun side project that i'm
00:25:33
doing and yeah it's interesting and
00:25:36
pretty motivating to be
00:25:38
getting these payouts and finally i want
00:25:41
to share all my findings and experience
00:25:44
on this youtube channel of my progress
00:25:47
on code arena
00:25:49
i think it's going to really help a lot
00:25:51
of people um get into the space and just
00:25:54
leave a trail of breadcrumbs for people
00:25:58
who
00:25:59
want to up their skills in the web3
00:26:03
security space and
00:26:05
yeah get a share of
00:26:07
the opportunity that is out there
00:26:11
now to close this off a bit of
00:26:12
motivation so this is a shout out to dr
00:26:15
v who is relatively new into this field
00:26:19
and he has been making some massive
00:26:21
progress and really props to him to
00:26:24
getting where he is today
00:26:26
so you can see he posted this on the
00:26:29
code arena discord in february 2022.
00:26:33
he's been in kodarina for one month and
00:26:36
he's already on the leaderboard with 4.5
00:26:39
k
00:26:40
and just four months previous to that he
00:26:43
was pretty much zero knowledge in
00:26:46
smart contracts and a solidity so this
00:26:49
is to show that it is possible to make a
00:26:53
really quick progress in this field it's
00:26:55
not just me i'm pretty surprised at how
00:26:58
fast i've been able to climb the
00:27:00
leaderboard on code arena and
00:27:02
you know other people are doing it too
00:27:04
so this is just a bit of motivation for
00:27:07
people who
00:27:09
want to get in and
00:27:11
unsure
00:27:12
of whether they can so you can see the
00:27:15
potential opportunity here to
00:27:17
climb the leaderboard pretty quickly and
00:27:20
sort of make a name for yourself in web3
00:27:22
security
00:27:23
and where is drivi now he is 10th on the
00:27:28
leaderboard with 69k paid out this year
00:27:31
so big props to him and hope this is a
00:27:35
motivation for people who are new to the
00:27:38
space it definitely motivated me as well
00:27:41
just to see someone has done it in the
00:27:44
past and they've done it with a relative
00:27:47
quickness so there it is examples of
00:27:50
people being pretty successful in this
00:27:53
field in a relatively short period of
00:27:55
time
00:27:57
so to close this off i am happy to
00:28:00
answer any questions in the comments
00:28:02
down below
00:28:03
i do look forward to providing you guys
00:28:06
with more update on my progress on code
00:28:08
arena on this channel so subscribe if
00:28:11
you want to see more videos on this
00:28:14
so yeah that's it hope to see you guys
00:28:17
in the arena
00:28:18
reach out if you have any questions when
00:28:21
you're going through any of the learning
00:28:23
resources i mentioned do share your own
00:28:25
experience as well
00:28:27
and i'll see you in the next video
![The Other Side of Immigration [FULL MOVIE]](https://ruhnrawpgxrzdrgaohnf.supabase.co/storage/v1/object/public/images/video/uavX9fP9j_U/thumbnail.jpg)
