As we approach the end of May, we're pleased to introduce Ubermensch as our Auditor of the Month. Ubermensch is our expert in Web3 Auditing, and today, we want to explore his journey and career path.
- Hello, Ubermensch, nice to meet you. Should I call you Ubermensch, or do you have another name you'd prefer?
- Thanks for having me. My name is Farouk, but I go by Ubermensch. I started my Web3 career around three to four years ago. I'm from Morocco and have a great passion for Web3 security. I worked for three years at an older firm before starting my freelance career earlier this year. I’ve collaborated with organizations like AuditOne, Audit Group, and CG Security. It's been a great journey, and I’m constantly developing my skills in Solidity and trust auditing.
- So, you’re from Morocco! I thought you were from Germany because of your nickname.
- Yes, my nickname has German origins, but I only know a few words in German.
- You mentioned you've been with AuditOne for about a year. How did you find out about our company, and what motivated you to join our platform?
- I heard about AuditOne from a former colleague who spoke highly of the company. I checked out the website, signed up, passed the GG Solidity Trust exams, and was invited to my first audit. I’ve built strong relationships with the AuditOne team and look forward to future collaborations.
- That’s wonderful to hear. Can you share a story about a particularly challenging audit you worked on? Did you find it on the AuditOne platform?
- Auditing is inherently challenging because each project has unique business logic and technology stacks. One recurring challenge is dealing with issues in the business logic of projects. These issues are often difficult to mitigate because they require changes to the project's architecture rather than just fixing code. It’s a less focused area but crucial for security.
- But have you ever faced an unusual security risk that was particularly hard to mitigate?
- Yes, especially when the issue lies in the business logic rather than the code. These problems require more than just technical fixes; they need changes in the project’s incentive model and architecture. It’s challenging but also rewarding to solve such complex issues.
- What’s been your most memorable project?
- Working with the Aurora team through AuditOne has been remarkable. They have a highly secure codebase, which makes it challenging and rewarding to find vulnerabilities. The collaboration has been a significant highlight of my career.
- Thank you for sharing that. How do you maintain work-life balance, given your achievements in Web3 auditing?
- Professional development happens both through direct project work and continuous learning. I allocate time to read articles and stay updated on new technologies. Balancing work and learning helps me stay agile and informed.
- How does your typical day look?
- I prefer a freestyle approach. I set major objectives the day before and focus on those. My productivity is highest in the early hours, so I dedicate that time to my most critical tasks. Flexibility helps me stay motivated.
- Are you more of a night or day person?
-I used to be a night person, but now I work mostly during the day. This change has boosted my productivity and energy levels.
- What’s your view on the future of Web3 auditing with the rise of AI? Do you think AI will replace human auditors?
- AI will enhance auditing by assisting with tasks like understanding business logic and writing reports, but it won't completely replace human auditors in the near future. Collaboration between AI and humans will yield the best results.
- For our new auditors, what advice would you give to those starting their career in Web3 auditing?
- Build a strong foundation in computer science and blockchain technology. Practice is key—participate in contests and shadow audits to compare your findings with existing reports. Continuous learning and feedback loops are crucial for improvement.
- Excellent advice. What crucial skills should new auditors develop?
- Perseverance is essential, as auditing can be tough. Humbleness is also important to avoid overlooking simple bugs while seeking complex issues. Analytical thinking, attention to detail, and good communication skills are also vital.
- Thank you for the detailed answer! Finally, what improvements would you suggest for the AuditOne platform?
- AuditOne has made significant improvements already. The team is flexible and open to feedback. I don’t have any specific suggestions as they are already addressing most points I could think of.
- Thank you, Farouk. It’s great to hear your positive feedback. We appreciate your insights and look forward to continued collaboration. Thank you to our community for joining, and have a great evening!
- Thank you for having me. Have a good day!