Prepping a protocol’s code for an audit is an invaluable process to result in a higher quality security review, but it can be challenging for many protocol development teams to know what things they should prioritize to better prepare for an audit. Sherlock has designed its Audit Requirements Checklist to guide protocols towards the minimum requirements Sherlock expects to see completed by the audit start date. For audits scheduled >7 days in advance of the start date, Sherlock will have multiple check-ins with each protocol team to make sure they are on-track to meet all the Audit Requirements Checklist items before the audit start date.
72 hours before the audit start date, the protocol team sends Sherlock the finalized commit hash, branch, and contracts to be audited. At this point, the protocol will also pay the remaining 75% of the audit cost.
In the unlikely scenario where a protocol submits contracts which fail to meet the Audit Requirements Checklist or submits contracts which will require a longer audit than what was originally scheduled, Sherlock will allow the protocol to move forward with one of the following scenarios:
- 1.Attempt to reschedule
- 2.Attempt to increase the length of the audit
- 3.Move forward with a “best efforts” audit, which will undergo a full contest, but will not qualify for coverage afterwards