How To Make 6 Figures+ With Smart Contract Audits

00:00

okay so you've done the work you've

00:02

learned solidity you've built some cool

00:03

dapps read through dozens of audit

00:05

reports scrolled through all of the web

00:08

3 security related threads on Twitter

00:10

and completed countless ctfs so now it's

00:13

time to make some money but how in this

00:15

video I'm going to answer this exact

00:18

question to the absolute best of my

00:20

ability this is the ultimate guide from

00:23

going from zero to six figures in even

00:26

multiple six figures through smart

00:28

contract auditing and for the first time

00:31

in a YouTube video This is actually not

00:33

clickbait getting to that level is

00:35

certainly not some four hour work week

00:37

from the beach it will take in fact

00:40

Massive Action and massive effort

00:43

combined with extreme perseverance on

00:46

your part but I'm here to tell you that

00:48

it is indeed possible and lay out the

00:51

exact steps that you need to take to

00:53

actually get there but first why should

00:55

you listen to me over a year ago I

00:57

founded Guardian Audits and during my

00:59

journey I learned how to go from

01:01

absolutely zero to getting my first paid

01:04

audit and then my second bigger audit

01:07

and a third and a fourth and a fifth and

01:10

so on until eventually I was able to

01:12

quit my job as a software engineer and

01:14

build out a team to deliver some of the

01:16

highest quality auto reports to the

01:19

biggest protocols in the space and so my

01:22

goal is to distill down everything that

01:24

I've learned from each step along the

01:25

way and give it to you so you can avoid

01:27

all of the mistakes that I made and

01:30

ultimately become a much better smart

01:32

contract auditor because of it alright

01:34

we've got a lot to discuss so let's just

01:37

hop right into it

01:42

[Music]

01:45

all right like I said in this video I'm

01:48

not going to be holding anything back

01:50

I'm going to give you literally

01:52

everything I know about how you can earn

01:54

six figures plus as a smart contract

01:57

auditor the only thing I ask you to

01:59

understand is that this is not going to

02:01

be easy but with that being said I want

02:03

you to know that it is entirely possible

02:06

you are entirely capable of doing it and

02:09

if you follow these principles and

02:11

strategies that we're about to outline

02:13

you will likely do it far quicker than I

02:16

did all right we're going to cover four

02:18

things in this video first of all why I

02:21

don't like contests as a long-term

02:23

income Source second of all how auditar

02:26

a Time specific product and how that

02:28

affects the way that we need to think

02:30

about our lead generation and then third

02:33

I'm going to go over a high level

02:35

process to go from 0 to 1 and then

02:39

beyond with your personal web3 brand and

02:42

auditing portfolio and then finally I'm

02:45

going to cover exactly what I would do

02:47

if I had to start from zero all over

02:49

again okay so first of all let's talk

02:51

about why I don't like contests I don't

02:54

like contests because they put you as an

02:57

auditor in a commoditized position by

03:01

that I essentially just mean that you

03:02

are easily replaceable in the contest

03:06

environment it might be true that you're

03:08

able to make a good amount of money

03:11

right off the bat by participating in

03:13

some contests but unless you're building

03:15

a brand based on it it's not very

03:16

defensible over the long run more people

03:19

can come in and instantly start

03:21

competing with you on the same exact

03:23

Audits and eventually shave down your

03:26

Revenue instead what you want is a brand

03:28

that compounds and compounds and

03:31

continues to grow with every single bit

03:33

of work that you do and ultimately makes

03:35

you Irreplaceable as an auditor because

03:38

of the personal brand that you've built

03:40

up now even though I don't like the idea

03:42

of using contests as a long-term income

03:46

solution as an auditor I think they are

03:48

a fantastic way to get your brand

03:51

kick-started and get some initial

03:53

findings and overall just improve at the

03:56

skill of smart contract auditing and so

03:58

here's how you can leverage contests

04:01

early on to actually get this

04:04

compounding started as quickly as

04:06

possible for your web3 brand first of

04:09

all as soon as the actual contest report

04:12

has been compiled and delivered go ahead

04:15

and create a full report of your own

04:18

findings that you uncovered in the

04:20

contest so that you can show off some of

04:22

the cool things that you uncovered and

04:25

show that you know what you're talking

04:26

about when it comes to web3 security and

04:29

then second of all when you do place in

04:32

a contest make sure to share it all over

04:34

the place share it on Twitter make sure

04:36

you get the appropriate street cred for

04:39

doing really well in a contest because

04:41

this can immediately boost the

04:43

reputation on your personal brand in the

04:46

space and on that point it's also a good

04:48

idea to have the same handle on your

04:51

Discord that's going to be used in the

04:52

competition as is used in your Twitter

04:55

handle so that you can easily be

04:59

recognized across these platforms okay

05:02

great so before we officially dive in to

05:06

talk about the sort of on the ground

05:08

hand-to-hand combat of actually how

05:11

you're going to be selling Audits and

05:12

building your brand doing the legwork we

05:15

need to discuss a key high level quality

05:18

of the service that you're going to be

05:20

selling so the most important thing we

05:22

need to understand is that smart

05:24

contract audits are a Time specific

05:27

product teams only need audits at a very

05:30

specific time right when their contracts

05:33

have been finished and internally

05:35

reviewed and they're getting ready for

05:38

deployment and what we need to do is

05:40

structure our approach to getting

05:43

inbound leads and clients around this

05:45

fundamental fact and so this means

05:47

adopting an inbound sales process as

05:51

opposed to an outbound sales process so

05:53

what do I mean by that when we're

05:55

talking about an inbound sales process

05:57

we're talking about clients coming to us

05:59

exactly when they need our product or

06:03

service instead of us reaching out to

06:05

the client regardless of whether they're

06:08

looking for our product at that specific

06:11

time or not now obviously as smart

06:13

contracts are a Time specific product

06:16

we'll want clients to be coming to us

06:18

exactly when they need a smart contract

06:21

audit this means that we already have to

06:24

be known or connected to them through

06:28

our web 3 brand now of course building

06:31

up such a brand or really a web of

06:34

connections throughout the industry that

06:36

sends us inbound clients like this is no

06:39

small task it's much much easier to

06:42

Simply go and DM a bunch of protocols

06:45

and ask them if they need an audit but

06:48

because of the fundamental fact that

06:51

smart contract audits are a Time

06:53

specific product an inbound sales

06:56

process is going to be a lot more

06:58

effective than an outbound sales process

07:01

and so the key focus of the process that

07:04

we're about to discuss is really

07:07

centered around getting that brand and

07:09

getting that web of connections kicked

07:12

off so we can continue to nurture it and

07:14

grow it to the size where ultimately we

07:18

have ample inbound leads coming in all

07:20

right so without further Ado now that

07:22

we've covered those two things let's go

07:25

ahead and hop into the exact process for

07:28

going from zero to one and then beyond

07:31

with our web3 personal brand so first of

07:34

all just like we discussed stop reaching

07:38

out to protocols and just simply asking

07:41

if they need an audit first of all this

07:43

is approaching it from the wrong angle

07:45

as we discussed because not only are

07:48

audits a Time specific product we want

07:52

to nurture a connection with the

07:54

protocol over a long period of time

07:56

rather than instantly upfront asking to

07:59

give them an audit so instead what we

08:01

want to do is we want to

08:03

connect with the protocols and provide

08:05

them with free value up front what we

08:08

want to do is provide them value with

08:10

the expectation of absolutely nothing in

08:13

return just in order to start that

08:15

relationship off and be able to initiate

08:18

some connections in the space that will

08:20

eventually grow to be immensely valuable

08:22

and so just some ways that you can

08:24

provide some easy value to protocols and

08:27

initiate that connection is you could

08:29

release articles that just do a high

08:32

level technical breakdown of their

08:34

protocol and sort of give them like a

08:36

shout out do a thread on Twitter with it

08:38

and then go ahead and DM them and say

08:40

look here's the the high level technical

08:43

breakdown I did for you is there

08:45

anything you would like me to add or is

08:47

there are there other contracts you

08:48

would like me to do this for anything

08:50

like that you're just leading with value

08:52

they can feel the value they can feel

08:54

that you're giving to them instead of

08:56

immediately asking to take from them by

08:59

you know asking if you can do a smart

09:01

contract audit for them another thing

09:03

you could do is just do a free review of

09:07

their code and basically just DM them

09:10

and give them the results of your review

09:12

and of course if you find anything

09:14

interesting they might be interested in

09:17

reaching out to you for future audits

09:20

that they're going to have done and so

09:21

this way you're reaching out to

09:23

protocols and you're sort of doing the

09:25

legwork of starting to build your web of

09:27

Connections in the space that will

09:29

eventually grow and connections will

09:32

they get more connections until you

09:36

eventually reach a Tipping Point where

09:39

you have such a strong Network within

09:41

the space that you get inbound leads and

09:43

inbound clients without even doing

09:45

anything anymore and this really feeds

09:47

into the next part of the process which

09:50

is just building out your network and

09:53

this is not even just networking with

09:55

potential clients it's networking with

09:57

everybody in the space you want to hop

09:59

in the discords and meet fellow Auditors

10:02

you want to be on Twitter

10:05

and you know have discussions with

10:07

fellow engineers and web3 inhabitants

10:10

and this way like we said we're just

10:12

exponentially increasing the rate that

10:15

our sort of web grows in the space and

10:19

then the next thing you want to do when

10:20

you're building your network and sort of

10:22

almost just building an audience is to

10:25

be releasing all of the things that you

10:27

learn as you go so if you learn

10:29

something interesting about solidity or

10:31

maybe an interesting novel exploit go

10:34

ahead and write a thread on it and share

10:36

it on Twitter first of all you're just

10:37

doing a great service to the community

10:39

by sharing your knowledge but you're

10:42

also going to receive a lot more

10:43

connections because of that because

10:45

people can feel the value and they know

10:47

that it's going to be worthwhile

10:49

connecting with you next when you're

10:51

building out your network go ahead and

10:53

see if you can't join others as they do

10:56

audits in contests or perhaps even team

10:59

audits because these are the strong

11:01

Connections in the space that are going

11:03

to end up paying you dividend ends as

11:06

the years go on if you get really good

11:08

at working with a particular auditor

11:10

then the two of you can team up and

11:13

provide a much higher quality audit than

11:15

if the two of you just worked separately

11:18

right and similarly the people that you

11:20

work with might end up inviting you to

11:23

work on other private audits with them

11:25

okay and then the last thing that you

11:27

can really do to start building your

11:29

network is of course going to be to go

11:31

to Industry events right this is the

11:33

easiest way to properly build as many

11:36

strong connections as possible in even

11:39

just a span of a weekend so if you have

11:42

the ability and you're looking to really

11:44

kick-start the growth of your network

11:46

and the industry of course

11:48

make time on your calendar to go to

11:51

these industry events and then

11:53

throughout this process as you're doing

11:55

work in the space and you're reaching

11:57

out to new protocols and you're growing

11:59

your network make sure you're building

12:01

your brand and your portfolio in unison

12:04

so what you're going to want to do is as

12:06

you're creating all of these new reports

12:09

and as you're doing potentially contests

12:11

and uncovering findings you want to

12:13

accumulate all of this and put it on

12:16

your GitHub and make it publicly

12:18

available for everybody to see so that

12:20

you can show off all the great work that

12:21

you're doing and gain credibility and

12:24

once you have a really high level of

12:26

credibility it's going to be that much

12:28

easier you're going to have that much

12:29

more leverage when you go into a

12:32

discussion with a client about doing a

12:35

smart contract audit for them all right

12:36

so that's a high level process for

12:40

kickstarting the compounding of your

12:43

brand but I want to discuss essentially

12:46

what I would do if I was star starting

12:49

from absolutely zero to sort of kick

12:52

start my brand and then begin the

12:54

compounding as fast as possible so we'll

12:56

go through an exact framework of

12:59

literally the steps that I would take

13:01

each step and all of the actions that I

13:04

would take to actually go from zero to

13:07

one and then beyond so first things

13:10

first literally the first thing I would

13:12

do is set up my Twitter profile with

13:15

these three things first of course I

13:18

would have a name and a description that

13:22

makes it really obvious that I am a web

13:25

3 smart contract security perhaps even

13:28

D5 or nft or whatever your specialty is

13:32

auditor and then I would have a specific

13:35

call to action in my bio to DM if you're

13:39

looking for any sort of private audit or

13:42

code review or anything like that it's

13:43

important to have a specific call to

13:46

action for people to DM you because this

13:48

is how people are going to know that

13:50

you're actually accepting work and

13:52

looking for inbound leads and of course

13:54

make sure that you're able to actually

13:56

receive DMS on Twitter sometimes Twitter

13:59

will will get you like that and

14:01

you will have not been accepting any DMS

14:04

so make sure DMS are turned on and then

14:07

finally I would have a pinned tweet to

14:10

my profile that shows I have credibility

14:13

in the space this could be anything like

14:16

a valuable thread that breaks down a

14:18

very specific feature in solidity or a

14:22

particular exploit or perhaps even a

14:24

previous customer review of my audit if

14:28

I have one or maybe if it's even a

14:30

thread that just showcases all of the

14:33

work that I've done all of the contests

14:35

I've competed in all of the reports that

14:37

I have in my portfolio Okay so after I

14:39

get those first three things set up on

14:42

my Twitter profile here's what I'm going

14:44

to do I would do five threads a day

14:47

breaking down the technical details of

14:50

different protocols that I found on

14:52

crypto Twitter I would just go and I

14:54

would look up hashtag Phantom hashtag

14:56

avax or different sort of like defy

14:59

hashtags to find what are the newer

15:02

protocols that are coming out who are

15:05

they maybe they haven't launched yet and

15:07

they're looking for an audit or they're

15:09

going to be launching some upgrades or

15:10

something like that where they they

15:13

might need an audit and in the future

15:15

and I want to essentially just start a

15:18

connection with them and get things

15:20

started off right so for each of these

15:22

threads that I make on the technical

15:24

details of their protocol I'm going to

15:26

post it on Twitter and then go ahead and

15:29

share it with the protocol and basically

15:31

just let them know that you gave them a

15:34

feature ask them you know is there

15:36

anything that you'd like me to add do

15:37

you have any other contracts that you

15:39

would like me to add maybe I could do

15:40

this for another system of yours and you

15:43

know just like we said start out of the

15:46

gate by providing value then if they

15:48

respond positively and you know they're

15:51

very thankful then you

15:53

can go ahead and ask them you know well

15:57

what are you working on right now what

15:58

is what where your Project's at and this

16:00

basically does two things for you first

16:02

of all when you are actually releasing

16:04

these five threads a day you're going to

16:07

get a huge audience of people who are

16:10

actually interested in the technical

16:12

details of these protocols which is

16:15

going to immediately kick-start your

16:18

audience and ultimately grow to be an

16:21

extremely valuable asset and then

16:23

secondly obviously you're going to have

16:26

these connections with these protocols

16:28

kicked off and you're going to have lead

16:30

with value and so automatically that

16:33

imbues a certain level of trust and

16:35

appreciation and indebtedness to you and

16:40

so later when they are looking for an

16:42

audit they'll go and you know either

16:45

they'll remember you or you'll pop up on

16:47

their timeline they'll go to your

16:49

profile and they'll see that you are a

16:51

smart contract auditor for or higher and

16:54

a lot of times the projects that you end

16:58

up featuring and dming will not be

17:00

looking for an audit at that very moment

17:03

and that's why the important part here

17:04

is really just to initiate that

17:07

connection and I want you to notice here

17:09

how we're approaching it from The Stance

17:11

of how we can help them out by giving

17:15

them an audit especially in this

17:17

beginning stage you have to sort of

17:19

adopt the mindset that it isn't about

17:21

making money but in fact it's about just

17:24

purely helping people out helping teams

17:26

out with the valuable skill that you've

17:30

basically unlocked and trained up in

17:33

yourself and paradoxically this will

17:36

actually lead to an outsized return over

17:39

the long run now this whole process of

17:41

making threads and dming protocols is

17:44

not going to have a huge impact on day

17:47

one or even week one this is something

17:50

that's going to take days and days and

17:52

days of of consistent action on this

17:56

single repeated task before you build up

17:59

some semblance of an initial Network

18:02

that you can leverage to get your first

18:05

client and so after a few days of doing

18:07

this you're not going to notice too much

18:09

don't expect anything after the first

18:12

few days but after one to two months

18:14

you're going to be astonished at the

18:17

opportunities that begin to open up to

18:20

you now so you keep doing this and you

18:22

keep sticking to it and doing your five

18:24

threads a day five DMS a day until you

18:27

get that one team that is actually

18:30

looking for an audit and so when we do

18:32

finally get that opportunity we want to

18:34

capitalize on it and we need to have a

18:38

great offer for them you need to make

18:39

them an offer that they would feel

18:42

almost stupid saying no to and so here's

18:45

exactly what we're going to do

18:47

to give them an absolutely risk-free

18:49

offer that they cannot say no to this

18:52

offer it is pay per vulnerability what

18:55

you're going to do is ask for just a

18:58

small down payment and only more if you

19:01

actually uncover vulnerabilities in

19:03

their smart contract system my first

19:05

down payment was literally just fifty

19:09

dollars for an nft contract just fifty

19:12

dollars it's literally nothing for a

19:14

smart contract audit but this is not to

19:16

say that you should simply be cheap you

19:19

could still quote five thousand dollars

19:21

per critical bug and if the contract is

19:23

going to hold millions of dollars of

19:25

assets then that five thousand dollars

19:28

for that particular critical bug is a

19:31

no-brainer any protocol would be

19:33

overjoyed to be able to spend only five

19:36

thousand dollars to get that uncovered

19:38

and fixed Point here is to remove the

19:41

risk for the client if you charged ten

19:44

thousand dollars up front they're going

19:46

to have all sorts of outs running

19:47

through their head about if you can

19:50

actually give them an audit that's going

19:52

to be worth that amount of money with

19:55

the vulnerabilities that you're going to

19:57

uncover however if you just ask for

19:59

fifty dollars down and five thousand

20:02

dollars per critical and x amount for a

20:05

high and mediums Etc then it's going to

20:08

be a no-brainer decision to them from

20:10

their point of view the worst case

20:12

scenario is that they give you just

20:14

fifty dollars to do the audit and you

20:16

uncover nothing and the best case

20:19

scenario is they give you fifty dollars

20:22

to do the audit and you inform them of

20:24

multiple critical vulnerabilities that

20:27

they had that would have absolutely

20:29

wrecked them upon deployment but you

20:32

saved them and they would be absolutely

20:35

gracious to pay you thousands and

20:38

thousands of dollars for that report and

20:40

so the point is you'll deliver the same

20:43

report either way but by back loading

20:45

your price you create a risk-free offer

20:48

that the client is much more likely to

20:51

say yes to so you're going to start off

20:53

by charging a much smaller down payment

20:56

to get your portfolio and your web3

20:59

brand kicked off and then once you have

21:01

a more robust portfolio and you have a

21:05

stronger web of connections throughout

21:07

the industry bringing you in on leads

21:09

then it's time to increase down payment

21:13

that you're charging and actually start

21:15

to be a little bit pickier about the

21:18

protocols that you actually take on to

21:20

audit over time the projects that you

21:23

audit and the projects that you release

21:25

reports for are going to become a part

21:28

of your brand whether you like it or not

21:30

so you need to choose the right clients

21:32

that are going to protect your

21:34

reputation ideally you want to only take

21:37

on the clients that are really serious

21:40

about security and are willing to pay

21:43

you what you're worth give you the time

21:45

that's necessary for the audit and take

21:47

your report really seriously with all of

21:49

the findings that you uncover and then

21:51

of course the quality of the clients

21:53

that you get will be directly correlated

21:55

with the quality of reports that you

21:58

give and so it's a virtuous cycle you

22:00

get better clients who are willing to

22:03

pay you more money and give you more

22:05

time to do the audit which enables you

22:08

to create better reports and collaborate

22:11

with others who are even more skilled

22:13

which in turn of course gives you more

22:17

credibility in the space which gets you

22:18

better clients who will pay you more and

22:21

give you more time and of course you can

22:23

see this all just spirals up right but

22:26

it goes the other way as well if you

22:29

don't protect your web 3 personal brand

22:31

and you just take on any clients then

22:34

the cycle spins the other way and so we

22:37

need to be very protective of the

22:39

clients that you actually choose to

22:41

service and dedicate your precious time

22:44

to and so from this point on it's all

22:46

about creating those really powerful

22:48

relationships with the people that you

22:51

work with whether that be the people

22:53

that you actually collaborate with and

22:55

work with on audits or whether that's

22:58

your actual clients and so now all you

23:01

have to do is continue to cultivate

23:03

these relationships and continue to put

23:06

in The Sweat Equity and before long if

23:09

you haven't reached already you will

23:11

easily be in the six figures plus

23:14

territory all right so that covers

23:16

everything that you need to know about

23:18

literally going from zero to one and

23:21

then even Beyond as a smart contract

23:23

auditor and going from you know complete

23:26

side interest to a full-time gig if you

23:29

want to find a place where you can start

23:32

to really build your web 3 connections

23:35

in the space and connect with other

23:36

like-minded Auditors as well as sharpen

23:39

your skills as an auditor go ahead and

23:40

check out

23:42

lab.guardianaudits.com and apply to join

23:44

our growing group of like-minded

23:47

Auditors in the solidity lab you can

23:50

team up with others and participate in

23:52

team Audits and get paid for the

23:54

findings that you uncover this way you

23:56

get the opportunity to work with others

23:59

in a real audit setting to not only

24:02

sharpen your skills but also potentially

24:04

make those lasting connections that will

24:07

pay dividends and dividends throughout

24:09

the space and if you're still not

24:11

absolutely confident in your web 3

24:14

security skills and you want one place

24:17

to basically go from where you are now

24:19

to a certified Pro Smart contract

24:22

auditor I actually collaborated on the

24:26

perfect program that can take you in an

24:29

organized step-by-step efficient process

24:32

I collaborated with Security

24:34

Professionals from across the field

24:36

including Johnny time pass off crumb and

24:40

Trust 90 to bring you dozens of hours of

24:43

lecture content and exercises on

24:46

literally every area of web 3 smart

24:49

contract security that you could imagine

24:51

if that sounds like something that could

24:53

help you out on your journey wherever

24:54

you are right now go ahead and take 50

24:56

off when you use my link in the

24:59

description below alright that's all for

25:01

this time I'll see you in the next one

25:05

foreign

25:07

[Music]