Hey there, I am Samrat Gupta aka Sm4rty, a Smart Contract Auditor at QuillAudits Team and a partime Bug Bounty Hunter. In this blog I will be sharing roadmap and step-wise guide to get started with web3 and Smart Contract hacking. There is no definite path or roadmap to learn…

Hey there, I am Samrat Gupta aka Sm4rty, a Security Researcher and a Bug Bounty Hunter. In this Blog I will be sharing my recent finding RCE via Dependency Confusion attack at Hackerone Private program. This blog is about my methodology, How I found the bug and how I created…

Hey Guys, I am Samrat Gupta aka Sm4rty, a Security Researcher and a Bug Bounty Hunter. In this blog, I will be sharing a list of 350+ Free Tryhackme rooms to start learning hacking. I have arranged and compiled it according to different topics so that you can start hacking…

Hey Guys, I am Samrat Gupta aka Sm4rty, a Security Researcher and a Bug Bounty Hunter. In this blog, I will be explaining how can you find bugs in Shopping Feature of the web application. Shopping and Billing feature is commonly present in most of the web-application. Testing this features…

Good one

Summary: This week we will be covering ZK Series with Port Adams, The vulnerabilities of Tomorrow, Move Language Security, Novel Griefing Attacks, On-chain Transaction Debugging, Auditors Roadmap and much more. 🔎 Audit Reports Explained 🐦 Usage of deprecated ChainLink API 🐦 Lack of Access control over burn function 🐦 Bad Source of Randomness 🐦 Arbitrary…

💫 Summary: This week we will cover Zcash Hash Collision, a $1 million bounty on the Aurora blockchain, reversing the EVM, ice phishing attacks, tips on approaching new codebases, and finding permission bugs in smart contracts with role mining. 🔎 Audit Reports Explained 🐦 Lack of access control in the parameterize function of proposal contracts 🐦…

💫 Summary: This week we will cover Zero-Knowledge: A-Z, Web3 Security Tools Lists, Mental Models for Smart contract Audits, Bug Bounty, Defcon CTF with Perfect Blue, some awesome GitHub Repositories, and many more. 🔎 Audit Reports Explained 🐦 Sandwich attack due to hardcoded slippage 🐦 Initialize function can be invoked multiple times. 🐦 A Typo leading…

Brief: This week we will cover $1 Million Bug Payout, Trust’ Interview, ZK Vulnerability — Frozen Heart, 700+ Smart contract Bugs, math knowledge for smart contract auditing, and many more. 🔎 Audit Reports Explained: If you didn’t follow my Daily Swig, here are all the daily posts. …