2 min read

Does being an auditor an easy job?

Does being an auditor an easy job?

Since I started working in the Blockchain space, I've dreamed of becoming a smart contract auditor. I wanted to work in cybersecurity, but I also loved blockchain. Combining the two was a dream job for me. Finally after few years, I managed to join CertiK and become Smart Contract Auditor.

Everything was coming together, and I couldn't be happier work-wise. But after ten months of working as an auditor, it's not all sunshine and rainbows. It's still a job and a difficult one. It doesn't mean I don't enjoy it because I love my job, but it doesn't change the fact that it can be frustrating.

I've talked many times about the project's quality of the code, or rather lack of it. I can't count how many times I looked at the terribly written code trying to point out everything. Or auditing projects that don't intend to fix any issues because they are already on the mainnet and wanted only a check for critical bugs. And don't get me started on seeing projects that are forks of other projects that only change few lines.

Being an auditor, it's not only dealing with the code. It also means you need to deal with the clients. And clients are different. I met clients that are great to work with and are keen to fix any issue because they understand security audit is for them.

But some clients are acting so defensive and dismissive of any findings I presented them in the report. These types of clients are the most difficult to work with.

I don't want to talk about the responsibility of the auditor. I wrote a separate post on this matter.

I won't lie. It's a stressful job when you consider your work will be looked at and taken apart when something goes wrong with the project. I don't need to say most of the projects gather massive traction, and millions of dollars are going through them. Having the responsibility of checking projects if they're safe is stressful sometimes.

I got used to that feeling, but sometimes, when I read about another hack and bash on the project, I know there is somewhere another auditor that missed something in the report and is stressing the hell out. I stress out sometimes I could have missed something, especially with more extensive and more complex projects.

After all the hard work done on the report and many hours spent auditing the code, I feel great when I finally finish the audit. I know I did what I could, and I'm proud of my work. I feel satisfied I'm helping secure the DeFi ecosystem, even if that means working on some crappy code. It's just part of the job that I love.


Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I'm currently in the middle of 100 days of blogging challenge. Subscription box below 👇

If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.

See you tomorrow!