What determines a great auditor?

Since audit contests, unique bugs became a big thing and every researcher wants to find that unique bug.

Sometimes, an auditor's skill is even determined by how many unique bugs he found.

While the best auditors often find unique bugs, finding unique bugs does not automatically make you the best auditor.

I've been digging a lot through contest reports in order to acquire some talent for @bailsecurity

and some researchers remind me of myself in the earlier days. I remember my mentor telling me:

"Sometimes you find crazy edge-cases and sometimes you miss fundamental things"

Special thanks to the person of interest here, you know I mean you if you read it ❤️

Anyhow, what i'm trying to say: Do not only focus on these super edge-cases but try to cover the whole codebase completely, this applies more to normal audits and not so much to contests but you probably get the point.

A great auditor is that one who finds the most amount of issues and is still able to throw in the creativity to find the edge-cases.

In the next post I will write a bit about how to find unique bugs.