Code4rena — First 1M$ stats

Leaderboard Number One

General Stats

  • I participated in 97 of the 108 EVM contests. I stopped after the 108th contest as I was confident that I would hit 1M$ in awards once the judging phase for the pending ones was done. (Some of these contests are still pending judging at the time of writing.) Code4rena’s audit contests allow for participation of varying degrees but for the vast majority of contests, I treated it as a standard audit and read the entire code base instead of just a few of the contracts in scope.
  • I audited 395,626 lines of Solidity code. Determined by running this command on my C4 contest directory, which excludes most of the out-of-scope interfaces and external libraries:
  • find . -name '*.sol' -type f -not -regex '.*/test.*' -not -regex '.*/interface.*' -not -regex '.*/node_modules.*' -not -regex '.*/openzeppelin.*' -not -regex '.*/@openzeppelin.*' -not -regex '.*/mock.*' | sort -n | xargs wc -l &> c4.log
  • That’s ~4,000 LOC on average per contest which feels too much on the higher end. There are several short 3-day contests with ~1,000 LOC — the filter above is definitely missing some contracts that are out of scope.
  • I found 900 issues in total, 168 high-severity issues (76 of which are unique issues only found by myself).

Time-weighted Stats

Awards and hours worked per month

Where does the drop in awards come from?

Wardens per contest
Hourly rate

What’s next?

--

--

--

Full Stack Software Engineer #javascript #EOS. Into Recreational Math / CS 🤯 Just message me about anything, my mind is open.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Better test fixtures with Pytest

Core Java: Date and Time

Multiple Environments with AWS Amplify

NSTabView controlled by NSSegmentedControl

Kat Nodes | Regarding Sustainability

Why Should I Start Thinking About Using Microservices?

From Java to …

Life Programming View — 06 Quantum Mechanics — Tunneling

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Christoph Michel

Christoph Michel

Full Stack Software Engineer #javascript #EOS. Into Recreational Math / CS 🤯 Just message me about anything, my mind is open.

More from Medium

Access Control Vulnerabilities in Smart Contracts

SolidityScan.com Access Control Vulnerabilities

0 != 0 a misconfiguration, leading to missing funds

Discord Phishing Techniques By DM

Hack First, Bounty Later