Disclaimers

What Sherlock is

Sherlock provides security review programs and related services designed to help teams identify and remediate vulnerabilities in onchain systems. These services can materially reduce risk, but they do not eliminate it. Web3 code and smart contract systems operate in adversarial environments, and failures can still occur even after review.

What Sherlock is not

No guarantees. Sherlock does not and cannot guarantee that a smart contract will be free of vulnerabilities, that an exploit will not occur, or that any particular finding will be identified during a review.

Not insurance. Sherlock is not an insurance company and does not offer insurance products as defined by applicable laws or regulations. Any financial coverage or reimbursement-style program offered by Sherlock (if applicable to your engagement) is governed solely by its written terms and may be subject to eligibility requirements, limits, and exclusions.

What protocol teams are paying for

Security review outcomes are probabilistic. Protocol teams engaging Sherlock programs are paying for access to a structured security process (including participation from independent researchers in certain programs) and for the outputs of that process (findings, severity assessments, and remediation guidance). Security research is not deterministic: reviewers may miss issues, severity may be debated, and outcomes depend on scope, code maturity, time constraints, and the protocol’s architecture and integrations.

Scope matters. Results apply only to the defined scope and version(s) reviewed. Code changes, new deployments, upgrades, integrations, configuration changes, and operational decisions after the review can materially change the effective risk profile.

Financial coverage and reimbursements (if applicable)

Some engagements may include an optional financial coverage component governed by program-specific terms. If your engagement includes such a component:

• Availability is not guaranteed. The existence of a stated limit does not guarantee funds will be available at the time of an event. Availability can be affected by program limits, other obligations, smart contract risk, governance or operational issues, or other factors described in the governing terms.

• Eligibility is determined by the terms. Whether an event qualifies depends on the written terms (including scope, evidence requirements, and exclusions). A team’s belief that an event “should” qualify does not guarantee eligibility

Protocol teams should read and rely on the governing terms for any coverage component and should not treat coverage as a substitute for strong engineering, operational controls, monitoring, incident response planning, or appropriate risk management.

Sherlock’s agreements and any reimbursement-style programs are generally structured around protocol teams, not end users. Even where a protocol team receives funds under a coverage component, Sherlock does not control how those funds are handled or distributed. Users should not assume they will be reimbursed in any exploit scenario.

Guidance on communications

Protocol teams should avoid public statements that imply guarantees, certainty of outcomes, or assured reimbursement. Any description of Sherlock’s services or optional coverage should be accurate, qualified, and consistent with the applicable written terms.

Independent diligence

Protocol teams remain solely responsible for their code, deployments, operations, and user communications. Teams should conduct their own diligence and risk assessment and should not rely on Sherlock services as the sole control for preventing loss.

Legal disclaimer

This documentation is provided for informational purposes only and does not constitute legal, financial, tax, investment, or other professional advice. Nothing on this page forms or modifies any contract, agreement, warranty, or guarantee. Any services, deliverables, or optional coverage or reimbursement-style programs are governed solely by the applicable written agreements and program terms (including eligibility requirements, limits, and exclusions). To the extent permitted by law, Sherlock disclaims all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. In the event of any conflict between this documentation and the applicable agreements or program terms, the agreements and program terms control.