From Bug Bounties to Smart Contract Audits: My Path in Web3 Security

Karan BhardaKaran Bharda
4 min read

Table of contents

How I Started My Journey in Web3 Security

Hello Readers, I’m Karan Bharda from India. I’m the founder of PinakShield and a Web3 Security Trainer at TheCyberBoy. I love Web3 security, and in this blog, I’ll share how I started my journey in Web3, when I first learned about it, and some free resources and tips to help you get started too!

A Little About Me

Before diving into Web3, I was involved in the Web2 security world, working as a bug bounty hunter and a security analyst. I also built websites for fun and to earn some extra income.

However, bug bounty hunting became frustrating because I often faced issues like:

  • Reports being marked as "Not Applicable" (NA)

  • Receiving duplicate reports where someone else had already found the same bug

That's when a friend advised me, "Forget this. Learn Web3. It's a growing field with fewer people and better opportunities to earn." It was the first time I heard terms like smart contract auditing and Web3 security.

Jumping Into Web3

Without much thought, I Googled:

  • Smart contract hacking courses

  • Web3 security courses

However, I didn't realize that Web3 is very different from Web2, and I didn't know the basics. The courses talked about blockchain fundamentals, Ethereum, EVM, and Solidity—all of which were completely new to me.

I felt overwhelmed and wondered, "Where do I even begin?"

Starting With the Basics

To clear up my confusion, I went back to Google and searched for the prerequisites for Web3 security. I found out I needed to understand:

  1. Blockchain fundamentals (how blockchain works, its components, etc.)

  2. Ethereum and the EVM (Ethereum Virtual Machine)

  3. Basic programming in Solidity

I started with the basics of blockchain by watching YouTube videos and reading articles. I also read the Bitcoin whitepaper to learn how Bitcoin and blockchain work. Once I had this foundation, I moved on to Ethereum and the EVM.

Learning Solidity

Solidity is a programming language used to write smart contracts, which are the backbone of Web3. Initially, I found it challenging.

I encountered many errors while coding, and it was frustrating. I thought, “Why am I even doing this? I hate debugging!”

But my curiosity about Web3 security kept me motivated. Here’s what I did:

  • When I encountered an error, I searched for solutions on Google.

  • If I couldn’t find anything, I used ChatGPT to help me figure it out. 😅

😡😤🤬

Eventually, I got the hang of Solidity and practiced it on a platform called CryptoZombies, where I built small projects step by step. This was a game-changer for me!

Diving Deeper Into Smart Contracts

Once I understood Solidity, I wanted to challenge my skills further. That's when I discovered tools like:

  • Foundry: A testing framework for smart contracts

  • Updraft: A platform to learn Foundry

These tools helped me learn how to test and deploy smart contracts correctly. A big thanks to Patrick Collins, whose tutorials made everything much clearer!

Exploring Vulnerabilities

After becoming comfortable with the basics, I began learning about smart contract vulnerabilities—weaknesses that hackers can exploit. To practice, I used platforms like:

  • EtherHunt

  • Damn Vulnerable DeFi

These platforms offered hands-on challenges that helped me improve my skills.

The Turning Point

After months of learning and practicing, Vaidik Pandya offered me a role as a Web3 Security Trainer at TheCyberBoy. This was a huge milestone in my journey!

This role also inspired me to start my own firm, and that's how PinakShield was born.

The Challenges I Faced

Learning Web3 wasn't always easy. There were times when I felt like giving up, especially when I faced:

  • Endless errors in Solidity and Foundry

  • The pressure of learning completely new concepts

  • The frustration of debugging

But I realized that consistency and curiosity are key. Every time I hit a roadblock, I found ways to overcome it, whether through Google, ChatGPT, or by reaching out to the community.

What’s Next?

As I write this on December 30, 2024, I'm excited about a new year full of growth and opportunities. My current goals include:

  • Growing PinakShield

  • Participating in public contests like Code4rena and Immunefi

  • Securing private audits for smart contracts

In my next blog, I'll share the story of my first smart contract audit. Stay tuned!

Resources to Get Started

If you're interested in Web3 security, here are some resources I recommend:

  1. Ethereum Blockchain Fundamentals (YouTube)

  2. Bitcoin Whitepaper

  3. CryptoZombies

  4. Web3 and Smart Contract Resources and notes(Paid)

Feel free to reach out to me on Twitter or LinkedIn if you need more guidance.

Final Thoughts

Web3 security is a vast and exciting field. If you're passionate about learning and exploring new opportunities, don't let initial challenges stop you. With patience and the right resources, you'll succeed!

11
Subscribe to my newsletter

Read articles from Karan Bharda directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Web3 JourneyWeb3smart contract security auditbugbounty

Written by

Karan Bharda
Karan Bharda

Karan Bharda is a Web3 Security Researcher, Founder of PinakShield, and Web3 Security Trainer at TheCyberBoy. Specializing in smart contract and dApp security, he shares insights through his blog and has contributed to private audits for various Web3 projects.