What Sherlock expects from protocol teams during audit contests and collaborative audits, including communication channels, availability, and how visibility and disclosures are handled during live rev
Protocol involvement during the audit process
Sherlock audits work best when the protocol team is available and responsive during the review window. Reviewers will have questions about intended behavior, roles, integrations, and edge cases. Fast answers reduce ambiguity and improve outcomes.
Communication during an audit contest
At the start of an audit contest, the protocol team is added to a shared Discord channel used for auditor Q&A. Participation isn’t mandatory, but teams that engage tend to get clearer submissions and fewer avoidable misunderstandings.
During the contest, issues are submitted and judged through Sherlock’s workflow. Findings may be reviewed and validated while the contest is still running. To protect contest integrity, visibility into submissions is controlled during the contest window, and teams should avoid sharing exploit details or partial findings publicly until the review phase completes and disclosures are coordinated.
After the contest window ends, the protocol receives a curated set of validated findings with severity calibration and remediation guidance, followed by fix verification once patches are ready.
Communication during a collaborative audit
In a collaborative audit, the protocol team works directly with the staffed audit team throughout the review window. Questions, findings, and remediation details are tracked in the audit workspace in real time. This format is designed for tighter iteration: rapid clarification, faster convergence on intended behavior, and continuous alignment on fixes as they are implemented.
Expectations for protocol teams
Protocol teams should plan to be available during audit weeks for questions and clarifications, and to move promptly on remediation and fix verification once findings are confirmed.
