Sherlock is thrilled to announce the launch of our new auditing platform!
Sherlock is officially rejecting the legacy audit model where 2-3 auditors look at a codebase for a few weeks. In its place, Sherlock is pioneering a brand new approach to audits, which looks like a hybrid between a Capture-The-Flag (CTF) competition and a legacy audit.
We’ve just gone live with our first audit using the new approach today, partnering with Sentiment to secure their codebase:
Anyone familiar with Sherlock knows that we’re a smart contract coverage provider for crypto protocols. We’ve been offering up to $10M of on-chain exploit and bug bounty coverage for almost a year now with current clients such as Opyn, Euler, Lyra, Tempus, LiquiFi and Hook.
But Sherlock has been doing audits that entire time as well. In fact, it’s the biggest key to pricing coverage effectively. We noticed the quality of talent at legacy audit companies was deteriorating, so we leaned into our own curated network of security experts. Now, we’re moving our approach in a direction that no legacy auditor has dared to venture: incentivizing auditors to compete head-to-head while getting paid and promoted based on the severity of bugs they find.
Audit competitions have been occurring in the crypto space for some time now. We saw it pioneered by Code Arena and tested out by other organizations like Secureum and Sherlock.
The results are in: audit competitions are unreasonably effective ways of securing codebases.
They are so effective that, as a smart contract coverage provider, Sherlock sees no other option than to incorporate a competitive aspect into every audit we do. We don’t think there is a better way to secure a codebase, and the data doesn’t lie.
We have huge respect for current audit competitions like Code Arena, but they aren’t without their shortcomings: no fix reviews, no guarantee of quality talent, no guarantee of time spent, hundreds of issues for protocol teams to wade through, etc.
Sherlock’s “next generation” audit is actually more of a hybrid between a legacy audit and an audit competition. We incentivize one auditor/team as if they are a legacy auditor (high guaranteed pay), and then we invite everyone else to compete for a prize pool. Those who perform well in prize pool competitions will rise to the top to become lucratively paid “senior” auditors.
The first competition has just started today and can be found here. We’ve launched a two-week audit with Sentiment.
If you’re a security expert of any level and think you have what it takes to rise through the ranks, join any of our ongoing or upcoming contests.
If you’re a protocol team interested in trying out the most innovative audit model since sliced bread, check us out. We offer up to $10M of smart contract coverage on every audit, so you know Sherlock’s incentives are aligned with yours.
If you didn’t know, Sherlock is the first and only auditor to offer smart contract coverage behind our audits. The crypto space has been begging auditors to have more aligned incentives with protocols for years. Sherlock listened.
With the launch of audit contests, Sherlock not only has the most aligned incentives thanks to the smart contract coverage but now has the most powerful audit model in the crypto space.
Despite difficult conditions in crypto markets, Sherlock has seen a ton of success in the past few months. Sherlock currently covers ~$35M of on-chain TVL for protocols and that number is growing every month.
We’ve recently completed audits with Element, FIAT DAO, Merit Circle, Flux Protocol, Perennial, NiftyApes, and others who we expect will utilize our smart contract or bug bounty coverage when they go live on mainnet.
In addition, Sherlock’s staking pool has had zero payouts and zero claims in the ~1 year that Sherlock has been on mainnet. We are very lucky to have worked with some of the best smart contract auditors since Day 1, and Sherlock’s track record is entirely due to their skill and expertise.
Every staker in Sherlock’s March/April staking rounds is on track to earn a ~37% APY. You missed it, anon. But you might get a second chance:
Sherlock’s staking pool is also launching an incentive program in early September which you won’t want to miss. It will be one of the most competitive sources of USDC yield on-chain, paying ~10% USDC APY and 5% SHER token APY for a combined ~15% APY (assuming no SHER token appreciation). Check out the incentive details here and the staking pool here.
For more information on Sherlock, check out our site.
And we’re hiring deeply technical people who think from first principles and are willing to work harder than they ever have to bring crypto to the masses.