Sherlock V2
Search…
Intro to Sherlock
FAQ
Glossary
Audits
Protocols
Watsons
Coverage
Stakers
Protocols
Claims
Tokens
SHER
Receipt NFTs
Governance
Roles
Developer
Overview
Stake Position Lifecycle
Claim Lifecycle
Protocol Lifecycle
SHER Distribution
Strategy Distribution
Deployed Contracts
Contract Reference
Audits
Powered By GitBook
FAQ

General

What is Sherlock?

  • Sherlock is an audit marketplace and smart contract coverage protocol built on the Ethereum blockchain. Sherlock works to protect Decentralized Finance (DeFi) users from smart contract exploits with security reviews from top auditors backed by smart contract coverage on the audited contracts.

How is Sherlock different from other audit firms?

  • Most audit firms rely on their reputation to convince protocol teams to use them. This is a poor way to guarantee incentive alignment. Sherlock provides something far more valuable than reputation: millions of dollars. If a contract that is audited and covered by Sherlock gets exploited, then Sherlock's staking pools can lose millions of dollars. This is a much stronger incentive to do a good job vs. maintaining an amorphous reputation across thousand of audits and dozens of individual auditors.
  • Many audit firms charge 100% more than what they pay individual auditors. This is the "reputation premium." Sherlock can pay top independent security experts more than they would make at leading audit firms. Then Sherlock can offer millions in backing behind the audit. And the cost is STILL lower than what most traditional firms charge.
  • Good security work is done by talented individuals. Many audit firms have been known to hide lesser talented individuals behind their overall audit firm reputation. This means the quality of audit you will get from other firms is highly variable. You should always check to see who the individual auditors are. Sherlock is very transparent about the qualifications of our individual auditors.

How is Sherlock different from other risk management protocols?

Coverage is managed by protocols/DAOs instead of users
  • Right now, the burden of managing smart contract risk is borne entirely by users. By working directly with protocols, smart contract coverage can be applied to all users with no extra work required. Not to mention, when an exploit happens, protocol teams often find themselves deciding to reimburse users who did not purchase insurance (all of them, usually), so getting covered at the protocol level helps teams sleep better.
Pricing is done by security experts with skin in the game
  • Assessing smart contract risk is hard. Really hard. Sherlock's approach puts the responsibility squarely in the hands of those who are most capable and aligns their incentives as closely as possible with stakers.
Claims decisions are made by an unbiased 3rd party
  • Follow the incentives. Does a successful payout rely on a decision made by someone who will lose a lot of money if they decide in your favor? Sherlock has partnered with UMA to offer an unbiased claims process handled by objective, third-party voters who have economic guarantees around their incentives. Read more here.

How does staking work?

  • A user stakes USDC for a fixed term (6 months or 12 months) and receives a market-leading yield in return. The yield is partially fixed, partially variable. The amount of SHER tokens a staker will receive is known at the time of staking and is fixed for the duration of the stake. Other yield strategies employed by Sherlock (depositing in Aave, etc.) may be fixed or floating. And the premiums received by stakers would be expected to increase as more protocols become covered. If there is a covered smart contract exploit during the term, a staker's funds can be slashed up to 50%.

How can I get an audit or coverage from Sherlock?

Is coverage for a protocol always fully collateralized?

  • One of the superpowers of a risk management protocol like Sherlock is using diversification to increase the affordability of coverage and limit the need for full collateralization. This is what allows coverage to be affordable in traditional markets. The value staked into Sherlock's staking pools is designed to be less than the total funds that Sherlock is covering. By the same token, the staking pool is also designed to be significantly larger than the max size of coverage at any one protocol.
  • Isolated exploits should always be 100% paid out. Sherlock is designed to have at least 200% overcollateralization for any singular exploit event.
  • Things get more interesting if an exploit occurs at multiple covered protocols and drains 100% of the funds of multiple protocols at the same time. In this situation, depending on the capital efficiency of Sherlock, Sherlock may not be able to reimburse each exploit (assuming 4 or more simultaneous exploits) at 100 cents on the dollar. However, Sherlock's risk models are designed to mitigate the risk of multiple protocols being affected by the same type of exploit. Consequently, it would constitute an extremely unlikely event (never before seen in DeFi) to have multiple covered protocols hacked for nearly all of their TVL at the same time -- but it is theoretically possible.
  • Even in extreme scenarios where Sherlock's capitalization falls below the coverage amount for a single protocol, that protocol will only be charged for the amount it would receive in a payout. This ensures that, at any given time, a protocol NEVER overpays for coverage.
Previous
Intro to Sherlock
Next
Glossary
Last modified 1mo ago
Copy link
On this page
General
What is Sherlock?
How is Sherlock different from other audit firms?
How is Sherlock different from other risk management protocols?
How does staking work?
How can I get an audit or coverage from Sherlock?
Is coverage for a protocol always fully collateralized?