Introducing Code4rena Pro League: The elite tier of professional security researchers.Learn more →

blog home

News

Monthly Warden Spotlight: Dirk_y

For our first long-form edition of the Monthly Warden Spotlight, please welcome Dirk_y. His performance over the past 90 days has been immense, with 20 highs, 1 solo high, and 5 solo mediums.

You can see his awarding journey here:

filler alt text (replace with real alt text)

Hard work and patience pay off, right? Enough from us though, let’s hear from the auditor himself.

Introduce yourself! What’s your background and experience?

I’m a software engineer by training, spending my first year out of uni as an embedded software engineer before moving to an AI hardware company for the next ~3 years. I also founded a web3 security startup over the last year (which clearly didn’t work out!).

How did you get started in auditing, and what motivated you to pursue it?

I first started auditing in my spare time at the start of 2022, but after leaving my startup around a year later I jumped back into C4 in June 2023. I love the fact that auditing is like solving complex coding puzzles, and I get to solve a new one every few days!

Can you share an example of a particularly challenging audit you worked on through Code4rena and how you overcame the challenges?

The most challenging audit for me was the Tapioca DAO audit, which also happens to be my worst result in recent times. I struggled to keep track of all the moving parts in the large codebase and I ended up in a state of tunnel vision where I couldn’t find new angles of attack.

For me, it helped a little to take a day away from looking at the code and then I came back and found a couple more interesting things. I still found 15 H/M valid issues, but I missed a lot of great highs.

What skills do you believe are essential for a high-performing auditor, and how have you honed these skills throughout your career?

Absorbing details/learning quickly is the most important skill imo for timeboxed audits like on C4. The faster you can understand how all the code is supposed to work, the more time you have left to find bugs. For me university cultivated this skill but it can be practiced.

Are there specific training programs, workshops, or resources that you found particularly valuable?

When I started there was way less material out there than there is now. I’m not up to date with all the best resources right now, but I’m sure your favorite web3 security researcher that’s active on Twitter/X has shared a list at some point recently!

What opportunities do you see for auditors in web3?

Competitive audit platforms are still one of the best ways to make a name for yourself in web3 security. Or, if you enjoy marketing yourself on X and working directly with clients then there’s still room for more solo auditors. Specializing in tech like ZKPs is also starting to make sense.

How do you think Code4rena is contributing to the growth and development of auditors in the blockchain industry?

Imo C4 is the best place to practice and level up auditing skills. No other platform has the consistent volume of contests that C4 offers. I massively appreciate the culture that C4 is trying to cultivate amongst web3 security professionals (thanks sockdrawermoney!).

Looking ahead, what are your aspirations and goals as an auditor?

I’m keen to level up my Rust and Go skills and jump outside of the EVM world; most bugs are probably where people aren’t looking! I also want to spend more time on gas optimisation techniques and explore Huff some more. TLDR: I want to keep challenging myself.

Based on your journey and experiences, what advice would you give to individuals aspiring to pursue a career in auditing in web3?

Don’t expect instant results. Succeeding usually takes months of dedicated work and practice; if you’re passionate about web3 security you’ll be happy to learn for little financial reward at first. Also, spend more time practicing with real audits and less time on CTFs.

Are there any specific qualities or habits that you believe are crucial for success in this field, and if so, how can aspiring auditors cultivate these qualities?

Having focus time is crucial for succeeding in web3 security imo. Google “Pomodoro” for an example (I don’t use this fyi). Also, don’t feel pressured by the hustle culture you see everywhere on X. I take breaks all the time and almost never work on weekends…stay healthy!

A huge thanks to Dirk_y for chatting with us! You can get a quote for a solo audit with Dirk_y here.

Related Posts