# Maxime's Spearbit Promotion ## Describe in further detail why you feel that you are ready for a role promotion within Spearbit? I feel ready for a role promotion because since I arrived at Spearbit (last July), I've been lucky to work on some really interesting projects, and I've learned a ton about web3 security and blockchain technology, including smart contract development. I've been able to identify and mitigate security risks in web3 projects, and I have a deep understanding of the latest security trends and best practices in the industry. I am also a smart contract developer and I am constantly learning and staying up to date with the latest smart contract development trends. I'm excited about the opportunity to take on more responsibility and contribute to the continued success of Spearbit. ## Work Experience ### Web2 - WebFX - Junior Full-Stack Developer - April/2018 - April/2020 - Mostly React/Rails - Hyeler - Full-Stack Developer - July/2020 - September/2021 - React/Python ### Web3 - Freelance - Smart Contract Developer - July/2021 - Jul/2022 - several projects: - Participated in the NFT launch for french artist Sofiane Pamart - Bbonds - created all the smart contracts (https://www.bbonds.com/) - other not as relavant contributions to some NFTs project - Lukso - Smart Contract Developer - Jun/2022 - today - developped the GenesisDeposit SC that will be use to launch Lukso's mainnet - developped the MigrationDeposit SC that will be used to migrate LYXe to LYX - participated in several Lukso Standard Proposals - etc... - Spearbit - Junior Security Researcher - July/2022 - today ## Audit experience ### Audits with spearbit | Date | 18th, July 2022 - 1st, Aug 2022 | | --- | --- | | Protocol | Exponent, DeFi, Token Equity and SEAL engagement | |Team members| <ul><li>Rajeev @ Secureum, Lead Security Researcher</li><li>Desmond Ho, Lead Security Researcher</li><li>Jonatas Martins, Apprentice</li><li>Maxime Viard, Apprentice</li><li>Balazs Kocsis, Apprentice</li><li>Calvbore, Apprentice</li><li>Naps62, Apprentice</li><li>Hagrid, Apprentice</li><li>Tqts, Apprentice</li></ul> | |Reflection | During the audit, we engaged in extensive discussions and were encouraged to raise questions and explore a variety of topics. Despite some challenges,it was a valuable learning experience. Very nice first experience ! |Findings| 2 Medium Risk, 1 Low Risk, 24 Informational, 4 Gas optimization | <br/> <br/> | Date | 5th, Sep 2022 - 23rd, Sep 2022 | | --- | --- | | Protocol | Nomad | |Team members| <ul><li>Chrisoph Michel, Lead Security Researcher</li><li>Gerard Persoon, Lead Security Researcher</li>Leastwood, Lead Security Researcher<li>Blockdev Michel, Associate Security Researcher</li><li>Maxime Viard, Junior Security Researcher</li></ul> | |Reflection | Probably my favorite audit because of its context (following hack), the leads thas were awesome as per their knowledge but also the discussions arround the projects. |Findings | 7 High Risk, 6 Medium Risk, 32 Low Risk, 58 Informational, 20 Gas optimization | <br/> <br/> | Date | 23rd, Nov 2022 - 1st, Dec 2022 | | --- | --- | | Protocol | Paladin | |Team members| <ul><li>Rajeev @ Secureum, Lead Security Researcher</li><li>Patrickd, Security Researcher</li><li>Zarf, Junior Security Researcher</li>Andy Li, Junior Security Researcher<li>tchkvsky, Junior Security Researcher</li><li>Maxime Viard, Junior Security Researcher</li><li>0xNazgul, Junior Security Researcher</li><li>merkleplant, Junior Security Researcher</li> <li> DecorativePineapple, Junior Security Researcher</li></ul> | |Reflection | Great discussion led by Rajeev and Patrick, in my opinion SEAL assesments are very good exercices where everyone learns. Some findings are pure results of internal discussions. Really enjoy them. |Reflection | 1 High Risk, 6 Medium Risk, 10 Low Risk, 9 Informational, 10 Gas optimization | ### External audits As part of the Block4 cohort of YAcademy, I had the opportunity to participate in several project audits. Although my participation was limited due to simultaneous involvement in the SEAL assessment for Paladin, I still found the experience to be incredibly valuable. We delved into various projects such as the Llamapay V2 protocol and the Yearn Stargate Strategy, and I was able to gain a deeper understanding of these projects. In addition, I valued the discussions and collaboration within the cohort and felt it was a great opportunity for learning and growth. ## Bug Bounties Was not very active on the bug bounties platform of 2022. Part of my 2023 resolutions! ## Tool familiarity | Name of the tool | Context (what did you use it for? what did you achieve?) | :---: | :---: | | Echidna | Really powerful tool, in my opinion, more than Foundry for fuzzing. Also great youtube series to learn how to fuzz by Trail of Bits. Used it in several projects, included Lukso | | Certora Prover | Learn Certora but not as efficient as I would like to be, to be honest, I think it is the type of tool that takes a lot of time to master and really make something out of it. Used it on personal projects.| | Slither | Always run it on projects, good to find informations and low issues. Also sometimes can point you into some directions, for example for reentrancies etc... | | Foundry | Best tool for quick test and quick fuzzings tests. Also great for debugging. Use it daily. | | Hardhat | Not as awesome as Foundry but still a good tool to master. I think sometimes it is better than Foundry for some quick tests. Use it daily as well. |