Covers how to prepare for an audit contest, what’s required 72 hours before start, and what happens if readiness or logistics aren’t complete.
Preparing a codebase for an audit contest improves review quality and reduces noise during the contest window. Sherlock’s Audit Requirements Checklist outlines the minimum readiness standards expected by the start date so researchers can spend time on security work instead of setup and environment issues.
For audits scheduled more than a week in advance, Sherlock will run check-ins with the protocol team to confirm readiness and avoid last-minute blockers.
72 hours before the start date
Approximately 72 hours before the audit begins, the protocol team must provide:
the frozen commit hash and branch
the final list of contracts/modules in scope
At the same time, the protocol completes the remaining audit payment.
If requirements are not met
If required logistics are incomplete (for example, payment or access), the audit will not start.
If the frozen commit does not meet the Audit Requirements Checklist, or if the final scope requires more review time than originally scheduled, Sherlock will work with the protocol team on one of the following paths:
reschedule the audit window
extend the audit length (subject to staffing availability and revised pricing)
proceed on a best-efforts basis with adjusted expectations and limitations (including potential impact on eligibility for post-audit coverage programs)
If the start date is blocked due to protocol readiness after a slot has been reserved, the deposit may be used to compensate reserved reviewer time.
