Web3 Bounty Hunting, Smart Contract Auditing, Computer Science and the Future of DeFi - 100proof

Receiving a 150k Bug Bounty.

100proof is a bounty hunter and independent security researcher working in the web3 security space.

In this conversation we explore decentralized finance, bounty hunting, smart contract auditing and the story of how he found a $1.5M bug on Notional, which earned him a bounty payout of 150k USD.

Bounty Acknowledgement:
https://twitter.com/NotionalFinance/status/1566089211068948480

Post Mortem:
https://blog.notional.finance/ntoken-redemption-bug-post-mortem/

PoC Code:
https://github.com/one-hundred-proof/notional-flash-attack

Follow 100proof on Twitter:
https://twitter.com/1_00_proof

Contact 100proof:
one.hundred.proof@proton.me

OUTLINE:
00:00 - Introduction
1:36 - Bitcoin
6:16 - Ethereum
7:58 - Blockchain
11:54 - PhD - Computer Science
15:58 - Developer Experience
19:09 - Mindset of a Hacker
22:26 - Formal Verification
34:13 - Code4rena
41:09 - How to Study
43:22 - Auditing Approach
48:01 - Learning Resources & Learning Approach
56:54 - Teaming up on Code4rena
1:03:43 - Bug Bounty Life
1:07:45 - Self Learning vs Learning on the Job
1:13:08 - CTFs
1:14:43 - Advice for New Wardens on Code4rena
1:18:01 - 150k Bug Bounty Payout
1:38:08 - Technical Details of the Bug
1:43:45 - Negotiating Bounty Payment
1:47:27 - Previous Bug Hunting Experience
1:52:02 - Million Dollar Bounties in Web3
1:54:28 - Hunting Bugs Full Time
1:59:54 - Web3 Salaries
2:03:52 - Bounty Hunting vs Full Time Job
2:06:50 - Web3 Job Interviews
2:11:46 - Advice for Students
2:16:04 - Balancing Family vs Work
2:22:09 - Hobbies
2:24:20 - Jujitsu/MMA
2:27:02 - $100M Mango Hack
2:31:25 - Future of Web3 Security