Before Sherlock initiates coverage on a protocol, a security assessment is conducted to determine the price of that coverage. Both parties will also need to come to a consensus around the coverage agreement. Most protocols will be able to use Sherlock's off-the-shelf coverage agreement to great effect, but in certain cases, there will need to be language to account for special, protocol-specific situations. We will also agree on a deductible amount with the protocol and a bug bounty amount before initiation of coverage.
Side note on protocol deductibles: The deductible is simply a USD value of money the protocol agrees to set aside (outside of Sherlock) to compensate for hacks. Protocols will likely commit to a fixed USD value deductible.
Once the coverage agreement is established and a deductible and bug bounty amount agreed on, the initial security assessment is conducted to decide the starting price for coverage. The security assessment will technically never "end" because Sherlock security experts will be incentivized to keep protocols safe over time. This means that the price charged to protocols may fluctuate over time as a protocol takes actions that make it less risky or more risky. Hopefully the security team will be working closely with protocols to instill more robust development practices over time which will lower those protocols’ premiums over time as well. Sherlock will strive not to make pricing changes for protocol premiums unless a protocol is actually making a material update to their mainnet contracts.
Last modified 1mo ago
Copy link