For the software engineers visiting here, I give you:
The big stuff wasnt what I expected. I thought I'd find wrong logic or security holes. Instead what I found was this layer of... I dont even know what to call it. Plausible-looking code that technically works but is structured in ways no human would choose. A try-catch around a console.log. A utility function that was 40 lines of enterprise-grade typescript doing exactly what Array.prototype.map already does. Variable names that sound right but dont match what the variable actually holds, like a thing called userPreferences that was actually a session token.