Sherlock is an audit marketplace and smart contract coverage protocol built on the Ethereum blockchain. Sherlock works to protect Decentralized Finance (DeFi) users from smart contract exploits with security reviews from top auditors backed by smart contract coverage on the audited contracts.
- Protocols come to Sherlock for audits from top independent security experts. Sherlock offers smart contract coverage on any contracts that are reviewed as part of the audit. Sherlock offers coverage on white-hat bounties and/or black-hat exploits.
- The coverage is optional, but adding the coverage allows protocols to know that Sherlock has "skin in the game" in terms of auditing the smart contracts. Basically, if the audited smart contracts have a critical bug, Sherlock will likely have to pay out millions of dollars. No other auditor offers this kind of backing for their audits.
- Stakers deposit USDC into the staking pools in return for one of the highest USDC APYs (as of 6/18/22) in DeFi. The APY stakers will receive is made up of 3 streams:
- Premiums from protocol customers
- Interest earned from depositing staker funds into yield strategies (Aave, Compound etc.)
- Incentive rewards paid in SHER (Sherlock’s governance token)
Sherlock’s Watsons (the security experts) do a full audit of each prospective protocol's contracts and provide input as to the risk of the protocol's contracts. For security team incentive alignment, we pay out a certain amount of SHER tokens if the protocol a security team is in charge of pricing/securing stays safe over time.
How is Sherlock different from other audit firms
- Most audit firms rely on their reputation to convince protocol teams to use them. This is a poor way to guarantee incentive alignment. Sherlock provides something far more valuable than reputation: millions of dollars. If a contract that is audited and covered by Sherlock gets exploited, then Sherlock's staking pools can lose millions of dollars. This is a much stronger incentive to do a good job vs. maintaining an amorphous reputation across thousand of audits and dozens of individual auditors.
- Many audit firms charge 100% more than what they pay individual auditors. This is the "reputation premium." Sherlock can pay top independent security experts more than they would make at leading audit firms. Then Sherlock can offer millions in backing behind the audit. And the cost is STILL lower than what most traditional firms charge.
- Good security work is done by talented individuals. Many audit firms have been known to hide lesser talented individuals behind their overall audit firm reputation. This means the quality of audit you will get from other firms is highly variable. You should always check to see who the individual auditors are. Sherlock is very transparent about the qualifications of our individual auditors