Article author: Denis Bogdanov
Smart contract security auditor
The most discussed topic in the crypto community is how to find Solidity developers, create your own DeFi project and raise big money on it. I wanted to share with you how I learned the Solidity programming language from scratch and got a job at a well-known IT company.
I have a higher economic education and work experience in the banking sector for more than 15 years. However, I didn’t even think in a nightmare that I would be on the street due to staff cuts in one very famous state-owned bank. In the summer of 2016, more than 50% of the staff fell under the reduction, including all regional divisions. In a word, politics. After visiting my high-ranking acquaintances, I realized that no one needed the former official and began to think about changing careers. I had a familiar programmer and from his stories I realized that these specialists earn quite well. But after reading on the Internet about popular programming languages, I realized that I could never compete with guys who know C ++, JS or Java. And then, I accidentally stumbled upon an article that talked about the blockchain, smart contracts and the new, promising Solidity language, which required a low entry threshold, but then little was known.
What is the Solidity programming language for?
Solidity is a language for writing smart contracts, with which you can create your own payment system and issue your own currency, provide banking services, attract investments (ICO) in startups, create decentralized organizations and much more.
Smart contracts work in the Ethereum blockchain network like ordinary programs and they have one very important feature: no one can interfere with their work and change them and the mathematical algorithm.
How I taught Solidity
When I started learning, the language was in development and the Solidity documentation could be read in a week. Unfortunately, at that time, no textbooks and courses existed. And if there were single publications, then only on English-language resources.
Realizing that it is not possible to learn programming on your own without understanding the basic elements of the code such as a function, variable, array, loop. And then JS courses for beginners came to my aid. the syntax of the languages were very similar.
After a month of courses, I was able to understand the basics of programming and was able to write the first programs in JS, and I started learning smart contract code again. It was 2017 in the yard – the HYIP ICO, where the simplest contact for issuing tokens could be written according to a ready-made template in a day and earn thousands to two thousand dollars. It was cool. Everyone needed blockchain specialists.
Difficulties in learning Solidity
It was quite difficult for me to understand the nuances of the language myself, because Before that, I didn’t know programming at all. The Internet, too, did not provide answers to emerging questions. I began to look for a teacher with development experience. Having given several announcements in a telegram, I realized that no one would teach me, although I offered good money for lessons.
The main problem with Solidity is its insidiousness for the programmer. It is not difficult for someone who knows other programming languages to learn the syntax in a short time, but it is not easy to study the main vulnerabilities of the language in order to be able to write code correctly. Another problem is the cost of executing code in the blockchain, which forces you to incur significant costs for non-optimal code. But the biggest difficulty for a beginner is responsibility, that by making a small mistake, the contract owner can easily lose significant money, in some projects reaching tens of millions of dollars. This has never happened before in programming.
By my luck, I consider that later I managed to get on courses with Alexei Matiyasevich, a famous white hat hacker, who saved $31,000,000 from intruders during a hacker attack. In his free lessons, we received up-to-date information about contract vulnerabilities. Caught every word.
First job as an auditor
I began to take private orders for writing simple contracts on various freelance exchanges. I made myself a good profile in linkedin, later it played an important role. Soon I was noticed and invited for an interview at a private company engaged in security auditing – searching for bugs and vulnerabilities in smart contracts. I did not solve the terms of reference very well, but nevertheless, I was hired by the company, because. it was very difficult to find specialists who knew Solidity even at a basic level. This was my first remote job and was very different from programming because it was necessary to look for errors in someone else’s code, which was not always clear. The audit of the contract was usually carried out by 3 auditors, on the principles of bug bounty and whoever found more errors received a larger percentage of the declared cost of the audit. At that time, the audit was free of charge for clients and the payment for the work of auditors was made from a special fund of the company. I had no auditing experience, and my colleagues did not particularly want to share knowledge, because this could reduce their income. I had to come up with something and I found a solution. I began to study old reports and form a database of errors. Considering that typical mistakes are often repeated by developers, checking the code using a specific checklist has begun to bring results. At the beginning, I chose simple contracts and took the amount of code. I could audit 5 ICO contracts a day and earn from 100 to 200 dollars. Unfortunately, in 2019, interest in blockchain technology fell sharply and the company was no longer able to pay for the services of auditors. I had to temporarily study the frontend and web development. Nevertheless, I am very grateful to this company for the experience gained.
My work in an audit company
And so, at the end of 2020, there was a new boom in DeFi projects using smart contract technology. Dramatically, the demand for blockchain developers has grown, but smart contracts have become much more complex. Thanks to the linkedin profile, I began to receive numerous offers from various foreign companies, including those specializing in the audit of smart contracts. I passed the technical tasks, but did not pass the conversational English interview. This did not upset me much, because. I was looking for an opportunity not to make money, but to find a strong team where I could improve my skills in Solidity and security audit, preferably Russian-speaking. And I found her.
I was approached by representatives of an audit company with a proposal to work together, I went through an oral interview and discovered a different world of projects where young guys are already changing the world economy, and I would like to live in a society where people can succeed thanks to the acquired knowledge, and not through nepotism and bribery. The company does not pursue short-term benefits, does not save on employee salaries, but systematically improves the quality of audits. Auditors can communicate with each other, conduct general trainings, analyze new hacks, pull up newcomers. Additionally, for anyone who wants to become auditors, free courses are held, and the best ones are offered a job in an audit company. In probably a few months, I gained experience in auditing that exceeded my knowledge gained over the past years. And now the company of the audit company has the highest world ratings and can choose its partners from the world’s largest companies – market leaders in DeFi projects.
And most importantly, not what you work on, but who you work with. I am sure that with such a team we will make the world of smart contracts more secure.
As you know, blockchain development is becoming more and more popular now. The number of projects in the field of DeFi (decentralized finance), DAO, NFT is growing. And all this is developed on Solidity. So far, this language has rather short documentation compared to other programming languages. It can be read in a few days, and in a few weeks you can already roughly understand what to do. Developers and auditors of smart contracts are relatively expensive. We will talk about the features of the Solidity language, its non-standard behavior at open lesson. Come and participate!
In class we will discuss:
Why should you learn the Solidity language?
What can be written in Solidity?
What are the features and differences from other programming languages in Solidity?
Why is it easy to switch to development if you know the basics of JS and C++?
How much does a Solidity developer earn?