diff --git a/bug_hunting/README.md b/bug_hunting/README.md
new file mode 100644
index 0000000..39eb186
--- /dev/null
+++ b/bug_hunting/README.md
@@ -0,0 +1,38 @@
+## bug hunting smart contracts
+
+<br>
+
+### initial questions  
+
+<br>
+
+* list `external` and `public` functions. 
+* when and where external call happens and what changes.
+* check `payable` functions.
+* how functions are accessed (permissions by who).
+* follow the flow for transfers.
+
+<br>
+
+### look for common vulnerabilities
+
+<br>
+
+* reentrancy with flashloans, fallbacks, payables.
+* access control.
+* arithmetic errors.
+
+<br>
+
+### create an enviroment for testing
+
+<br>
+
+* static analysis
+* fuzzing and poc exploits (use foundry)
+
+<br>
+
+---
+
+### resources