TIME MANAGEMENT IN WEB3 SECURITY

[Chinwuba22]

Good day guys,
Would be nice to hear you guys opinion/strategies on the following:

How much do you think is enoough time to spend reading through a project docs as some projects docs seem to be of considerate length.
Do you time bound yourself while working. If yes, how do you scale what time is enough to cover a certain item.
Would appreciate a feedback from everyone. Thanks.

[EngrPips]

Hello @Chinwuba22, Knowing what time would be enough for a specific codebase length would come from several smart contract reviews. No one can tell what time would be enough for you to audit a 500 line of code, but they can only speak for themselves. You need to keep doing it. The more you do it, the more you understand how things work for you and how long it takes you to get things done.

[Chinwuba22]

Ok Thanks. For you personally. Do you go through every section of a projects docs? Which parts do you ommit?

[EngrPips]

That will depend on whether I am studying the protocol personally or if I am studying it to gain more context about the protocol for an ongoing smart contract review of the protocol. For the former, I would study every section of the project docs, and for the latter, I would study the part of the protocol docs that is necessary for the ongoing smart contract review

[Chinwuba22]

Alright. Thanks.

[PatrickAlphaC]

Do you time-bound yourself while working

Yes, you have to.

You can always look at one more line of code, hypothesize one more exploit, and eventually, you have to say you're done. As you get better, you'll start to better understand whether you feel confident in your security review.

how do you scale what time is enough to cover a certain item

It depends. The more audits you do, the better you'll be at timing things.

[Chinwuba22]

Thanks for the reply sir.