FEATURED POST

September 17, 2025

What is Sherlock? An Explainer for Builders and Teams

Sherlock is a smart contract security partner that unites audits, contests, bug bounties, and coverage into one model. Learn how we protect protocols from first launch through growth, and why continuous security is the foundation for the next era of onchain systems.

Sherlock is a smart contract security platform that protects protocols through build, launch, and change. We unite collaborative audits, global researcher contests, live bug bounties, and financial coverage into a single model that keeps protection with your code as it evolves - so teams ship with confidence and scale securely.

Launches and major upgrades are decisive moments for every protocol; the choices made here set user confidence and the stability of what’s built on top. Founded in 2021, Sherlock is a smart contract security platform built to move with your code - through build, launch, and change - so teams ship on schedule and scale securely. Our job is to turn high-stakes milestones into repeatable outcomes: faster releases, cleaner code, and durable trust.

How Sherlock Works

Sherlock protects protocols by aligning multiple layers of security into a single model designed to move with your code. At the earliest stages, Sherlock AI and collaborative audits bring researcher-level scrutiny directly into development, helping teams catch issues before they grow costly. Those findings are then reinforced through large-scale contests that add adversarial pressure from hundreds of independent researchers.

Once code is live, Sherlock keeps protection active. Structured bug bounties maintain scrutiny on deployed contracts without overwhelming developers, while financial coverage ties real capital to the process so incentives stay aligned. Together, these layers compound into a lifecycle platform - one that adapts as protocols build, launch, and evolve, ensuring protection stays embedded at every step.

Sherlock AI

Sherlock AI embeds auditor-level security checks directly into development. Connected to your development repo, it runs on individual commit or pull request and on full-codebase scans, applying a mix of static analysis, data-flow tracing, and models trained on thousands of real vulnerabilities. The system inspects logic flows, state changes, and external interactions to flag exploitable issues early on, enabling teams to maintain the integrity of their code leading into formal audits and monitor it after launch.

Collaborative Audits

Sherlock’s collaborative audits are powered by data. Every researcher comes in with a performance profile built from contest history, past findings, and predictive modeling on the codebase in front of them. This actuarial approach lets Sherlock assemble the right team for each project, led by Senior Watsons whose results are proven across dozens of audits and contests. The process itself is hands-on: researchers work directly with your team, challenge design choices, and return to review fixes. Because incentives are tied directly to results - with most fees flowing to the auditors themselves - the outcome is deeper coverage, stronger remediation guidance, and code that enters production with measurable confidence.

Audit Contests

Audit contests mobilize a global pool of independent researchers to apply adversarial pressure at scale. Each contest attracts hundreds of participants competing under defined rules, with findings ranked and validated through Sherlock’s reputation system. This constant cycle of participation and scoring generates a live dataset on researcher performance, which feeds back into how collaborative audit teams are assembled. The outcome is broader code coverage, stronger validation of vulnerabilities, and a research community that grows sharper with every contest.

Bug Bounties

The bug bounty programs at Sherlock are designed to keep live code under constant scrutiny without overwhelming teams with noise. Proprietary validity checks and triage systems filter out duplicates and low-value submissions, distilling findings into a concise set of high-impact vulnerabilities. This structure saves developers significant time while ensuring meaningful issues are addressed quickly. Through tying bounties back to our audit model, Sherlock extends protection beyond deployment and keeps security active as protocols evolve.

Financial Coverage

Sherlock is the first audit firm to align incentives by backing its work with financial coverage. If a vulnerability is missed, Sherlock’s coverage ensures there is real capital on the line (up to $500,000 in coverage) creating accountability and confidence that the security process isn’t just theoretical. This approach gives teams added assurance that their security partner is accountable and fully aligned with their success.

Who Sherlock Protects

Sherlock works with teams across the spectrum of onchain finance - from emerging projects preparing for their first launch to established networks securing billions in value. What unites them isn’t size, but responsibility: every protocol that touches user funds, coordinates validators, or underpins financial activity carries risk that must be secured. Sherlock’s model adapts to that reality, scaling protection to fit both growing startups and enterprise-grade infrastructure.

The platform secures:

  • Layer 1 / Layer 2 upgrades — core protocol teams preparing or modifying network code and consensus-adjacent components.

  • ZK privacy systems — protocols shipping proving/verification logic with tight correctness and performance constraints.

  • Staking / restaking networks — operators coordinating validator sets and pooled collateral with slashing/exposure risk.

  • Stablecoin issuers — teams managing collateralization, redemptions, and peg stability under real-time conditions.

  • Lending / borrowing markets — money markets with oracle, liquidation, and interest-rate complexities.

  • DEXs & derivatives venues — AMMs, orderbooks, and perps where small bugs can cascade across liquidity.

  • Yield platforms & launchpads — vaults, routers, and orchestration layers aggregating user capital and upgrades.

  • AI-driven / emerging primitives — novel mechanisms moving from research to production with changing attack surfaces.

Sherlock protects the protocols that carry the highest stakes in crypto: the systems where user trust, market stability, and billions in value are on the line.

Transcending the Point in Time Audit

Audits remain the foundation of protocol security - every serious team needs them, and Sherlock continues to treat them as a core pillar. But protocols don’t stop evolving once code is pushed live. Protocols grow, upgrades ship, and live systems face new attack surfaces every day. That’s why Sherlock built a platform that extends security across the full journey, making audits stronger by surrounding them with contests, bounties, and financial coverage.

The vision behind this model is to provide security that scales with the growth of onchain systems. Through aligning researchers, incentives, and capital, Sherlock creates trust strong enough to support the next wave of adoption. Our role is to transcend simply catching vulnerabilities - we aim to give builders the confidence to innovate and users the assurance that what they rely on is protected.

Conclusion

Sherlock was founded on a simple belief: security must evolve alongside the code it protects. By uniting audits, contests, bounties, and coverage into one model, Sherlock delivers protection that adapts as protocols build, launch, and grow.

Ready to secure your protocol? Contact Sherlock’s security team today.

MORE BLOG POSTS

Want to read more?

August 5, 2025

5 Steps to Becoming a Top-Level Smart Contract Auditor

A proven, five-step blueprint from Sherlock’s top auditors on how to start earning money as a smart contract auditor in under a month. Learn how to master codebases, build your checklist, think like an attacker, and accelerate your growth through fast feedback.

July 17, 2025

GMX Exchange Hack Explained

GMX Exchange Hack Explained: $42M Drained via Re-Entrancy Exploit. Written in collaboration with Blackthorn Lead Security Partner, Panprog.

June 2, 2025

Why Careful Validation Matters: A Vulnerability Originating in Inline Assembly

At Sherlock, one of the top Lead Senior Watsons, recently uncovered and helped to resolve a vulnerability related to the lack of overflow protection in Solidity's inline assembly. Read on for the details behind the vulnerability that was detected, allowing the arbitrary call of functions from a vulnerable smart contract.