“All our dreams can come true, if we have the courage to pursue them!" Walt Disney
Bube is a Bulgarian smart contract auditor with a PhD in Informatics and Computer Science. Her journey to security research began in 2023, when she decided to transition out of academics and learn Solidity. On CodeHawks, she’s progressed from learner to auditor to First Flight lead judge.
I’m very curious, with a deep desire to learn new things. After completing my PhD defense in June 2023, I made the decision to change my career path and transition out of academics.
Pashov’s video discussing smart contract security got me interested and more research led to Solidity. So, I started learning it in July 2023.
Looking for challenges, I began with CryptoZombies and continued with Ethernaut CTF (Capture The Flag). Then, Updraft released their Foundry course. "Mastering Ethereum" by Andreas M. Antonopoulos and Dr. Gavin Wood (highly recommend!) was also very influential.
A month later, I started reading contest reports to try and understand. This led to my first contest, and when CodeHawks First Flights (discovered on Twitter/X) launched, I started participating. First Flights are the perfect way to improve auditing skills, learn new techniques, and write better reports.
In December, I completed Cyfrin Updraft’s security course, and since the beginning of 2024, I have been active in CodeHawks audit contests.
What began out of curiosity and a desire to learn new things has now become my main occupation. Dedication and hard work definitely pay off. My goal now is to be better every day than the last and help protocols to be more secure.
The most important aspects of becoming a smart contract auditor are being motivated, disciplined, and having a desire to work in security. It is not easy, but it's worth it.
For those curious about becoming a smart contract auditor, my advice is to start with Cyfrin Updraft’s basic courses then move to their advanced security courses.
Once you feel comfortable with the basics, subscribe to CodeHawks First Flights and start practicing. And when you’re ready, try creating them yourself. Read Cyfrin Solodit every day for the latest vulnerability findings and reports. And, of course, don’t be afraid to ask questions on Discord.
Participate in auditing contests even if you don’t feel ready. The sooner you start participating in competitive audits, the faster you’ll progress. Learning from your own mistakes is a better education than learning from mistakes others made.
The Walt Disney quote at the top of this piece is one of my favorites and I truly believe all our dreams can come true if we have the courage to pursue them. Becoming a smart contract auditor is no different. So, take the leap and try it out!
Smart contracts are the core component of the blockchain ecosystem and play а critical role in its development. Therefore, smart contract security is crucial. Smart contracts also handle substantial amounts of cryptocurrency, and potential vulnerabilities can lead to the loss of millions of dollars. Security affects both individuals and companies.There is a big need for security auditors.
It's an amazing feeling when you read about a vulnerability you didn't know about before, and after a few hours you see that vulnerability in the code you're auditing.
Anyone can succeed in web3 security because now there are incredible resources. Learn to code with Cyfrin Updraft, practice your skills in CodeHawks First Flights, and extend yourself and earn rewards in competitive audits. All you need is desire and persistence!