Intro to Sherlock

Sherlock is an audit provider and smart contract vulnerability research platform. Sherlock works to protect Decentralized Finance (DeFi) users from smart contract exploits with security reviews from leading auditors backed by smart contract coverage incentives on the audited contracts.

You can find a brief overview of the Sherlock ecosystem below.

Sherlock Ecosystem

There are 3 main participants in the Sherlock ecosystem:

1. Protocols

2. Watsons

3. Independent Security Researchers

Protocols

Protocols come to Sherlock for audits from top smart contract security experts. Sherlock offers a financial incentive of smart contract coverage on any contracts that are reviewed as part of the audit. This means you can rest assured knowing that Sherlock has "skin in the game" in terms of auditing the smart contracts. Basically, if the audited smart contracts have a critical bug, Sherlock will pay up to $500k on the codebase in scope. No other auditor offers this kind of backing for their audits.

Whenever a Critical-severity vulnerability is discovered in a protocol (on an audited contract), Sherlock may pay for the bug bounty cost (minus a deductible). Sherlock's claims process will decide whether or not the vulnerability falls under coverage and should be paid out.

Watsons

Sherlock’s Watsons (the security experts) do a full audit of each prospective protocol's contracts and provide input as to the risk of the protocol's contracts. Sherlock audits feature both dedicated, top-tier auditors who are incentivized to find vulnerabilities in the codebase, as well as a contest pot where anyone in the world can find bugs. See Protocol Teams for more info on the audit process. And security experts (or those planning to become security experts) can see more information about how they can participate in audits in Watsons.

Independent Security Researchers

Sherlock, as a competitive platform, has a significant amount of independent security researchers. These researchers are from all over the world, in competition with each other to find as many legitimate vulnerabilities in your codebase as possible in order to earn a payout. The level of coverage our hybrid model provides is unparalleled in comparison to other forms of smart contract audits.