Audit every single contract for the mostobvious things. Understand the full protocol and find most of the lowhanging-fruit. Identify most logical issues and observe the storage behaviorfor most flows. Also advanced exploits can already be found here already.
This step takes the most time.
This step mostly uncovers dumb bugs whichwere overseen during the first stage. Storage correctness is double checkedcarefully here and arithmetic operations are double checked.
At this point all low-hanging fruits andlogical errors have been identified. It’s now time to exploit the codebase withdifferent attack vectors, such as input exploits, unexpected call-paths,external storage manipulation or arithmetic manipulation / revert triggers,just to name a few.
Especially the third part can only beconducted on a working and *almost* bug-free codebase, otherwise it ispointless since still fixes and logical changes will happen. It is true thatthe third part is what pays off in contests.
