Sherlock V2
  • πŸ‘‹Intro to Sherlock
  • πŸ™‹FAQ
  • πŸ“šGlossary
  • ‼️Disclaimers
  • Audits
    • πŸ§‘β€πŸ’»Protocol Teams
      • How it Works for Protocols
      • Audit Timeline
      • Scheduling Process
      • Audit Preparation
      • Protocol Involvement During the Audit Process
      • Protocol Involvement Post-Audit
      • Rescheduling and Cancellations
      • Interim Updates and Upgrades
    • πŸ•΅οΈWatsons
      • Lead Senior Watson Selection Process
      • Fix Review Process
      • Contest Points
      • How to Score Issue Points in a Contest
      • Meeting the Payout Criteria
      • First Blood Pot
      • Leaderboard Points Example
      • FAQ
    • πŸ§‘β€βš–οΈJudging
      • Judging Conduct Guidelines
      • Criteria for Issue Validity
        • Criteria Changelog
      • Lead Judge
      • πŸ§‘β€βš–οΈCommunity Judging
      • Dedicated Judge
      • Discussion
      • Sherlock's Exclusive Judging Apprentice Program
    • 🀝Referral Program
  • Bug Bounties
    • 🌱Pre-Launch Bounty
    • πŸš€Post-Launch Bounty
      • πŸ“œPlatform Rules
      • βš–οΈDispute Resolution
  • Coverage
    • πŸ›‘οΈSherlock Shield
    • πŸ’°Stakers
      • Overview
      • Lockup Period
      • Payout Flow
      • Staking APY
    • πŸ§‘β€πŸ’»Protocol Teams
      • Getting Started
      • Coverage Premiums
      • Pricing
      • Composability and Coverage
      • Payout Flow
      • FAQ
    • πŸ“Claims
      • Claims Process
  • Tokens
    • SHER
    • Receipt NFTs
  • Governance
    • Roles
  • Developer
    • Overview
    • Stake Position Lifecycle
    • Claim Lifecycle
    • Protocol Lifecycle
    • SHER Distribution
    • Deployed Contracts
    • Contract Reference
    • Audits
Powered by GitBook
On this page
  1. Audits
  2. Protocol Teams

Audit Timeline

PreviousHow it Works for ProtocolsNextScheduling Process

Last updated 12 months ago

Each Sherlock audit consists of a fixed pay element to adequately incentivize at least 1 dedicated Senior Watson to lead the audit as well as a prize pool element that often draws 200-400 independent auditors.

In order to properly align incentives with protocols, Sherlock offers smart contract coverage behind qualifying audits (not included in the audit cost), which can be activated at any point after the audit is completed, provided the fix review has been completed and there haven’t been subsequent changes to the code base.

Sherlock has developed the following broad underwriting guidelines for how much time is needed to complete an audit of codebases of various sizes in order to offer smart contract coverage on the protocol in the future:

~500

~3 days

~1000

~6 days

~2000

~12 days

~3000

~18 days

~4000

~25 days

~5000

~32 days

~6000

~38 days

Note: Sherlock utilizes the tool to calculate nSLOC. *Given the exponential complexity of very large codebases for any security expert, Sherlock will have final discretion whether to write smart contract coverage behind its audit for protocols with >6000 nSLOC

Sometimes a protocol will need extra audit time instead of a 1-day fix review after their initial audit. This is very normal. In this case, Sherlock recommends another (shorter) contest in order to be eligible for smart contract coverage. This "shorter" contest will not need to follow the nSLOC guidelines above, because most auditors will already be familiar with it and will have audited it very recently. The cost/length of the follow-up audits will depend on the scoping/judgment of the Lead Senior Watson.

πŸ§‘β€πŸ’»
Solidity Metrics