Image of a gear for vulnerability explanation

FEATURED POST

September 22, 2025

Introducing Sherlock AI

Sherlock AI is an auditing assistant that helps teams catch vulnerabilities early, streamline audits, and ship smart contracts with confidence.

Join Sherlock Community on Discord
Join our community and stay up to date
Join Sherlock on Discord
Sherlock's Blog Banner for 'What is smart contract auditing' article, featuring Sherlock logo with smart contract imagery.

October 21, 2025

What Is Smart Contract Auditing? A Complete Guide for 2026

Learn what smart contract auditing is, how it works, and why it’s essential for Web3 security in 2026. Explore process, tools, and best practices.

October 21, 2025

Understanding the "Insecure Randomness" Vulnerability

We're breaking down the 10 most threatening vulnerabilities in Web3 protocols. Number 9 on our list is Insecure Randomness.

Banner Image for Understanding Critical, High Medium and Low Vulnerabilities Article by Sherlock Smart Contract Security

October 15, 2025

Understanding Critical, High, Medium, and Low Vulnerabilities in Smart Contracts‍

Learn how smart contract vulnerabilities are classified as Critical, High, Medium, or Low — and how these severity levels guide prioritization, remediation, and rewards across audits, contests, and bug bounty programs.

October 9, 2025

Introducing Berndt, Sherlock's Newest AI Researcher

One of the most respected names in Web3 security, Bernhard Mueller, is now part of the team shaping its future.

October 6, 2025

What is Collaborative Smart Contract Auditing?

Learn how collaborative smart contract auditing combines expert-led code reviews with large-scale researcher contests to deliver deeper, broader security coverage.

October 1, 2025

How Sherlock AI Uncovered a $2M Vulnerability on Mainnet

Sherlock AI discovered a Critical vulnerability affecting $2,400,000 in a live lending protocol. This is the first known instance of an AI uncovering a multi-million-dollar bug on mainnet.

September 17, 2025

Vulnerability Analysis: Numa Price Manipulation (August 2025)

On August 10th, 2025, Numa was exploited through a price manipulation in its synthetic minting logic. Our postmortem explains how the attack unfolded, the technical root cause, and lessons for builders.

August 29, 2025

The Top 10 Most Threatening Vulnerabilities in Web3 Protocols: #10 Integer Overflow/Underflow

Maintaining numerical integrity is essential to protocol security. Without bounded and validated operations, protocols lose system assurance and expose themselves to silent failures that corrupt state, halt execution, or distort incentives. Robust arithmetic is not an optimization detail - it’s a core requirement for trustworthy DeFi.

July 17, 2025

GMX Exchange Hack Explained

GMX Exchange Hack Explained: $42M Drained via Re-Entrancy Exploit. Written in collaboration with Blackthorn Lead Security Partner, Panprog.

June 2, 2025

When Audits Go Head-to-Head: How Case Studies Reveal the Most Effective Methodology

When it comes to the blockchain, securing trust requires bulletproof auditing. But how can teams determine which provider delivers truly rigorous security reviews?

June 2, 2025

How Did My Audit Go? A Framework for Evaluating Audit Effectiveness

Right now the process of choosing and recommending audit firms in the blockchain space is opaque. Sticking to the values of Web3, we want to demystify the selection process and introduce quantifiable metrics for audit effectiveness, thereby enhancing trust and reliability within the blockchain ecosystem.