Tip 1: Questions open your mind, answers close it

Tip 2: Keep asking "Why?". Become as curious as a child. That's how you go down the rabbit-hole

• "Train your mental triggers and find creative ways to poke at things" - zachobront
• "If you want to master something, teach it" - Prof. Feynmann's Technique applied to auditing:

1. Read "something"

2. Explain it. Simplify it as much as possible. Create relatable stories/scenarios/analogies

3. Re-read that "something" again. Identify gaps in knowledge. Write down questions

4. Repeat cycles 2) and 3) until you feel ready to move on-

Can you change someone else's state? (doing something for someone)

• Can you influence someone else's state? (manipulating something used somewhere by someone)
• Can a malicious contract be supplied to the system?
• Can I supply mismatched inputs? (e.g. TokenId not belonging to the User)
• Can I supply unexpected inputs? (e.g. Past timestamp)
• Can something silently pass instead of reverting?
• Can someone be prevented from transferring their funds to the contract?
• Can rewards be blocked/reduced/delayed/inflated/claimed too early/claimed for someone else?
• Can funds get stolen/locked/stuck?