How it Works for Protocols
Whether this is your protocol’s first audit before launching on mainnet, or latest version, Sherlock’s audit experience is designed to provide the familiarity of a legacy audit, with drastically better results.
A protocol’s audit process:
- 1.You can request an audit by going to Sherlock.xyz and submitting a customer form under “Request Audit” - you can schedule an audit with at least 3 days' notice.
- 2.Sherlock will contact you to discuss your audit scope, expected timeline, and requirements to get an audit started (check out our Audit Requirements Checklist for items Sherlock requires to start an audit).
- 3.Sherlock conducts an initial assessment and provides you with a quote based on the length of time required for the audit.
- 4.You then reserve your audit slot by putting down a refundable deposit for 25% of the cost of the audit.
- 5.Three days before the audit starts, you send Sherlock the final commit, branch, contracts, and the remaining portion of the audit deposit.
- 6.Once the audit begins, you can follow along in real-time and view all submissions in a private GitHub.
- 7.A few days after the audit ends, Sherlock will provide you with a list of all judged high and medium-severity findings.
- 8.You then have 72 hours to acknowledge and indicate which submitted issues you intend to fix and schedule a fix review to be completed within 3 weeks.
- 9.You implement any changes and deliver a new commit hash and PRs for every issue to Sherlock 24 hours before your fix review starts.
- 10.Post-fix review, you will receive sign-off to launch on mainnet and a final report, which gives you the option to add coverage at any point in the future.
- 11.Sherlock works with you to get your coverage and bug bounty live (if applicable).