search

Audits for Protocol Teams

Explains Sherlock’s pre-launch review options (collaborative audits, audit contests, and Blackthorn) and how teams choose the right model based on scope, timeline, and risk. Includes what to expect

hashtag
Sherlock for Protocol Teams

Shipping onchain systems means shipping into an adversarial environment. Security work needs to assume motivated attackers, complex integrations, and real capital at stake.

Pre-launch review through auditing is one part of that security motion. Most teams still start with an audit, but there are two common audit formats in Web3, and they solve different problems.

hashtag
Collaborative Audits

A traditional audit is a staffed engagement where a small set of reviewers works closely with your team over a defined window. This model is best when you want tight coordination, architectural depth, and direct back-and-forth during remediation.

hashtag
Audit Contests

An audit contest is a time-boxed public review program with clear incentives. Many independent researchers review the same scope in parallel and submit issues for judging. This model is best when you want broad scrutiny, high-throughput discovery, and measurable participation.

hashtag
Sherlock’s Approach to Auditing

Sherlock combines the coordination of a staffed audit with the parallel discovery of a contest.

You get a designated senior reviewer who owns the engagement end-to-end - scoping, architecture context, issue review, and fix verification: plus a large field of independent researchers competing on the same scope under clear rules.

In practice, that means:

  • Depth plus breadth: a coordinated review led by a senior auditor, reinforced by participation from 500+ potential researchers across the network depending on scope and timing.

  • Findings you can ship against: submissions are judged, deduplicated, and severity-calibrated so teams get a clean set of fix-ready issues instead of raw noise.

  • Fix verification: the engagement includes structured fix review so teams can ship with confidence that patches are correct and don’t introduce new risk.

  • Cost efficiency: Sherlock is designed so the majority of spend goes to the people doing the security work — not overhead. In many engagements, ~80% of fees go directly to researchers.

  • A clear paper trail: you leave with legible outputs (final issue set, severity decisions, remediation notes) that support internal reporting and future upgrades.

If you want to request a review, use the intake form below. The next sections walk through scheduling, scoping, and what to expect from the process and outputs.

Request an audit here: https://sherlock.xyz/contactarrow-up-right

PreviousDisclaimersNextHow Collaborative Audits Work

Last updated