A good Smart contract auditor has to have a hacker mindset. Without the right mindset, you can miss out on bugs, get stuck on a roadblock or run out of time to audit the project. These are the 5 key Mindsets of a white hat, which you must develop in yourself:
Mindset Number 1:
Hack or get hacked.
If you don’t hack the project properly that was brought to you for auditing, then obviously the black hat will hack your project. It is just a matter of time. This not only results in loss of funds but also results in the loss of reputation for the project team and the auditing firm. Well its a different case when your project turns out to be a Rug pull XD
Mindset Number 2:
Go slow
When you hurry through the code, you miss critical security pitfalls. Have patience. The more time you take, the more you dive deeper in the project’s business logic, their dev’s logic and the different perspectives of all the actors in the protocol’s ecosystem. This makes it easier to break the code.
Mindset Number 3:
Ask the right questions
Even if you are not understanding a thing about the messy code written at the start, keep asking questions. And better that you note them down. The more questions you ask, the more are your chances to get closer to the truth. Ask these questions to the team’s dev to get more clarity but its better if you figure it first all by yourself. Asking the right questions will make it even more easier to break the code sooner or later.
Mindset Number 4:
Do not give up
A hacker never gives up. Unless he runs out of time or he faces some exceptional problems. Your perseverance could result in saving the project from a Million dollar hack.
Mindset Number 5:
Assume everyone is a thief
Contrary to the courtroom quote that everyone is presumed innocent until proven guilty, you have to assume that everyone is guilty. Because due to the nature of crypto anonymity and blockchain, there are very high chances that anyone can be a bad actor including the project team that had come to you for auditing.
When you assume that even they are a bad actor, you start seeing all the ways in which these projects can hack the project and run away with the funds.
A key difference between the court trials and your hack work is that, for a court the crime has already occurred. In your case, it could happen anytime. So the difference in the mindset of both the settings is inevitable.
Key Takeaway
Morality is at the heart of a true white hat hacker. He gives his best. He does not hide any discovered bugs. He always helps in fixing bugs. In some cases it can be seen that a white hat carries an exploit if the project does not fix a critical bug in their project.
If that’s the measure you have to take to teach them a lesson or if you suspect bad actors among them, make sure that you responsibly return all the funds in due time. And help them fix it asap along with a responsible bug disclosure.
Break the code, before it breaks you.