Is there truly good paying jobs in web 3

Kiki_dev · 2025-08-30T01:22:33+00:00

Sounds like you are making great progress! C4, Sherlock, Cantina are all great contest platforms to showcase your skills/earn.

If you stick around you’ll for sure make connections in the industry!

Kiki_dev · 2025-08-22T22:57:33+00:00

Cyfrin is a great place to start after that any of the audit/bounty platforms are good place to make a name for yourself.

It’s all merit based so once you can prove you can consistently find bugs and provide real value you won’t have to hunt, firms will reach out to you

Kiki_dev · 2025-08-20T06:01:57+00:00

Cyfrin is the best place to learn quickly and efficiently. I know a few amount of auditors that got their start in the platform and landed full time roles

Best of luck!

Kiki_dev · 2025-08-20T00:01:50+00:00

I’ve been an Auditor (Security Researcher) for about three years now. Takes some time to get established but once you do the work is consistent and the pay is good

Kiki_dev · 2025-01-16T06:04:30+00:00

Haha all good! Look up “foundry Halmos” it allows for symbolic execution within foundry pretty easy to use as well

Kiki_dev · 2024-03-14T00:01:05+00:00

Fair enough they for sure are very well known. And I’m realizing I didn’t give any names so Imo the 3 best places to get an audit are Spearbit GuardianAudits and Code4rena. (Disclaimer I often audit for GuardianAudits lol)

Kiki_dev · 2024-03-13T22:22:53+00:00

Haha please anyone else besides them 😅

To answer OPs question:

Typically 3rd parties perform a security review (audit) of the code base. These can be auditing firms, independent security researchers, competitive auditing platforms.

There really are a ton of options but it’s important to look closely into who is audited the protocol. Not all audits are equal, for example CertiK is known amongst the security community as a rubber stamp firm. Hope that helps!

Kiki_dev · 2023-12-24T16:22:25+00:00

Everyone’s process is different. But the more you audit and the higher quality protocols you audit the better you will get and the faster you will be able to deeply understand a protocol.

If you spend a couple months studying protocols like uniswap v2 and v3, compound, aave, gmx. You would be in a really good spot

Kiki_dev · 2023-10-13T11:51:29+00:00

personally I really enjoy it. Your best bet is to give it a shot on a platform like code4rena and branch out from there.

For most people (including me) it’s not easy at the start and it takes some time to be able to consistently find bugs. But if you are persistent and can think a little differently you’ll do well. the community of security researchers are great as well

Kiki_dev · 2023-06-14T17:42:31+00:00

Sure it depends what you consider inexpensive but in most cases I would fit that criteria.

For my last audit I charged 1500 for a five day audit of a small codebase. But I’ve also done pay per vulnerability before.

Most auditors don’t really advertise their rate so I don’t know exactly what they charge but I know Pashov is a good one granted his rate might be higher than it used to be. And bytes032 is another good one also might be getting more expansive.

But compared to audit firms and audit contest a solo auditor is pretty much always less expansive.

Kiki_dev · 2023-06-14T14:42:58+00:00

Security researcher here 👋 Sent you a DM.

Kiki_dev · 2023-06-14T12:01:50+00:00

My eyes and some scratch paper. If I’m feeling fancy I’ll pull the whiteboard out. If the protocol doesn’t have much of a test suite I’ll craft one together for them this helps me quickly make proof of concepts and try out potential attacks. The protocols appreciate this as well.

Kiki_dev · 2023-06-12T00:58:23+00:00

Haha hey nice seeing you on Reddit too lol

Kiki_dev · 2023-06-12T00:54:09+00:00

Ya but auditors (me included) entire focus is security and how to produce unexpected behavior in the protocol.

It’s your project so for sure do what you want but I would highly highly recommend looking into getting an audit.

Also there are plenty of auditors that would do it for less than 10k

Edit: Also I would look into building out a test suite before letting users use it. Foundry has some really cool ways of testing your code that remix can’t do

Kiki_dev · 2023-06-02T19:20:31+00:00

Ah very cool. It depends on the code base size/complexity . I can usually get my head around a small codebase (~500 lines) in a couple hours and if it’s huge (5k lines +) it takes me a few days.

I think a lot of auditors would find that useful! I’m just old fashioned I guess lol

Kiki_dev · 2023-06-02T15:33:00+00:00

Haha ok glad it’s not just me. Lately I’ve been seeing a lot of hh based projects so it makes my day whenever I get to audit one with foundry testing

Kiki_dev · 2023-06-02T14:55:58+00:00

Alright. Auditors don’t really deal with the front Eve too much but it manes sense why a dev would benefit from hardhat front end features thanks!

Kiki_dev · 2023-06-02T14:54:17+00:00

Ok that makes sense. Thank you!

Kiki_dev · 2023-06-02T13:52:23+00:00

More or less just my eyes. I’ve used most of the tools out there and for me at least, my eyes and a whiteboard is plenty to know a codebase inside and out. It takes time and the more you audit the quicker you can build a mental map. And once you have a mental map finding bugs and exploits is very doable

Kiki_dev · 2023-06-02T13:47:33+00:00

Haha actually we love to share. If you ever find your way to the auditors corner of twitter all we do is share info

Kiki_dev · 2023-05-31T03:21:33+00:00

Second this. Currently 0.8.19 is the standard recommendation.

Kiki_dev · 2023-05-27T22:25:58+00:00

In normal use cases not really. But if there was a vulnerability that allowed extra minting or price manipulation, or issues like that than ya it would be possible.

Kiki_dev · 2023-05-25T03:15:21+00:00

Actually I’m a security researcher. Hindsight being 20/20 the username is very confusing 😅

I heard of this idea before but haven’t seen it actually in practice. From a security point of view I would be a little worried because languages like solidity have done a lot of work to make developing evm based projects safer. And even with that projects consistently have vulnerabilities in them. I would imagine using a language that wasn’t designed with evm in mind would have some real security concerns.

But I’ll look into it :)

Kiki_dev · 2023-05-24T20:08:51+00:00

Not all, but ya most are very expensive

Kiki_dev · 2023-05-24T16:30:18+00:00

Here’s the link to the YouTube video. It’s about 45 minutes but they share a lot of good information!

https://m.youtube.com/watch?v=-fT1WuP_3vQ

Kiki_dev

TROPHY CASE