Sherlock V2


Sherlock Terminology

Bug Bounty

  • A bug bounty is essentially a reward offered to an honest participant who finds a way to exploit a protocol. Black hat hackers are "bad guys" who exploit a protocol directly, leading to losses for all users. White hat hackers are "good guys" who report a potential exploit vector to the protocol team in return for a bug bounty reward (usually USDC).


  • A claim occurs when a protocol covered by Sherlock receives a bug bounty submission or believes it has been hacked and believes Sherlock has a responsibility to repay the bug bounty or hack. See the claims section for details.


  • If Sherlock takes on a protocol as a customer, the "coverage" is the amount of tokens (USDC) that Sherlock will reimburse when a bug bounty submission or exploit (that falls under the coverage agreement) occurs.


  • For Sherlock's purposes, an exploit is the act of maliciously removing tokens (usually tokens deposited by others) from a protocol in an unintended way. Sherlock covers most (but not all) exploits that a protocol could experience. For a detailed breakdown of which exploits are generally covered, take a look at our current coverage agreements here.


  • The amount of USDC a protocol pays Sherlock over a specified time interval. In return, Sherlock reimburses covered bug bounty submissions and exploits experienced by the protocol over that same time interval.


  • Sherlock's governance token. See the SHER section for more info.


  • The act of depositing USDC into a Sherlock staking pool for a fixed period (6 months, 12 months, etc.). Once USDC has been deposited, USDC and SHER tokens accrue to the depositor in the form of APY. A portion of the staked tokens (up to 50% for an individual exploit) in the staking pool is at risk of being liquidated due to a bug bounty payout or exploit at one of the protocols covered by Sherlock.


  • The act of removing staked USDC from the Sherlock staking pool. This action can only be taken once the staking period (6 months, 12 months, etc.) for that USDC has ended.


  • "You know my methods, Watson. There was not one of them which I did not apply to the inquiry." - The Memoirs of Sherlock Holmes (1893)
  • Watsons are the individuals without which Sherlock would be nothing. These are the security experts who do the deep fundamental research (audits) that allows Sherlock to confidently provide coverage for a given protocol's smart contracts.
Last modified 2mo ago