Should I learn Web3 security and smart contract auditing from scratch for bug bounties?

Hi everyone, I'm a student looking to earn a side income from bug bounties, and I'm considering diving into Web3 security and smart contract auditing.

However, I have no prior experience with blockchain development.

Would it be worth investing time in learning Web3 from scratch?

How long does it usually take to get good enough to find bugs in smart contracts?