Sherlock V2
  • đź‘‹Intro to Sherlock
  • 🙋FAQ
  • đź“šGlossary
  • ‼️Disclaimers
  • Audits
    • 🧑‍💻Protocol Teams
      • How it Works for Protocols
      • Audit Timeline
      • Scheduling Process
      • Audit Preparation
      • Protocol Involvement During the Audit Process
      • Protocol Involvement Post-Audit
      • Rescheduling and Cancellations
      • Interim Updates and Upgrades
    • 🕵️Watsons
      • Lead Senior Watson Selection Process
      • Fix Review Process
      • Contest Points
      • How to Score Issue Points in a Contest
      • Meeting the Payout Criteria
      • Leaderboard Points Example
      • FAQ
    • 🧑‍⚖️Judging
      • Judging Conduct Guidelines
      • Criteria for Issue Validity
        • Criteria Changelog
      • Lead Judge
      • 🧑‍⚖️Community Judging
      • Dedicated Judge
      • Discussion
      • Sherlock's Exclusive Judging Apprentice Program
    • 🤝Referral Program
  • Bug Bounties
    • 🌱Pre-Launch Bounty
    • 🚀Post-Launch Bounty
      • đź“śPlatform Rules
      • ⚖️Dispute Resolution
  • Coverage
    • 🛡️Sherlock Shield
    • đź’°Stakers
      • Overview
      • Lockup Period
      • Payout Flow
      • Staking APY
    • 🧑‍💻Protocol Teams
      • Getting Started
      • Coverage Premiums
      • Pricing
      • Composability and Coverage
      • Payout Flow
      • FAQ
    • đź“ťClaims
      • Claims Process
  • Tokens
    • SHER
    • Receipt NFTs
  • Governance
    • Roles
  • Developer
    • Overview
    • Stake Position Lifecycle
    • Claim Lifecycle
    • Protocol Lifecycle
    • SHER Distribution
    • Deployed Contracts
    • Contract Reference
    • Audits
Powered by GitBook
On this page
  1. Audits
  2. Watsons

Fix Review Process

PreviousLead Senior Watson Selection ProcessNextContest Points

Last updated 6 months ago

The Lead Senior Watson for a contest will be expected to complete the fix review as a part of their role. The fix review ensures that the protocol’s changes post-audit have been properly implemented. The protocol will select a date within 3 weeks of the audit end-date for which they would like the fix review to be conducted. At this point one of 3 things happen:

  1. Lead Senior Watson confirms that date works.

  2. Lead Senior Watson proposes an alternative date for the fix review.

  3. Lead Senior Watson does not have reasonable availability, and loses 25% of their fixed-pay compensation. That 25% will be used to compensate a new Watson (based on performance in that specific contest) to conduct the fix-review.

If the Lead Senior Watson determines that the protocol’s code changes require >1 day to review, then Sherlock will work with the protocol team to schedule a new (hopefully smaller) contest to review these changes. The new contest can be as short as 3 days or as long as 3 weeks. When it’s determined that the protocol’s code needs a new contest, the initial Lead Senior Watson will lose their 25% fixed pay for the fix review (which did not occur), but they will get first priority to be the Lead Senior Watson on that protocol’s follow-up contest (and receive fixed pay for that). The protocol will be able to put that refunded portion (25%) of the Lead Senior Watson’s pay towards the fixed pay for the Lead Senior in that follow-up contest. The fixed pay for the follow-up contest should always be equal to or greater than the 25% fixed pay that was withheld in the previous contest.

If a Lead Senior Watson places outside of the top 10 in the ranking for a contest they lead, then they must forfeit 25% of their fixed pay so that Sherlock can bring in a Watson who found more of the issues to conduct the fix review.

Receiving the 25% Fixed Pay

The 25% Fixed Pay will be released up to two weeks after the fix review occurs.

The two-week delay is so that the can flag any Critical issue that should have been caught in the fix review.

If no issues are reported that should have been caught in the fix review, the 25% fixed pay gets unlocked.

If an issue is reported that could have been caught during the original audit or audit contest, then it is not the sole responsibility of the fix reviewer to catch, and thus the 25% fixed pay gets unlocked.

If a Critical vulnerability is found that could only have been caught during the fix review (was introduced after the original audit), then, depending on the size of the Pre-Launch Bounty, some or all of the 25% fixed pay will be re-routed to the bug bounty submitter, and away from the fix reviewer.

🕵️
Pre-Launch Bounty