what's Sherlock?
Sherlock is a decentralized platform providing comprehensive security services for smart contracts in the DeFi ecosystem. It operates as an audit marketplace where protocols can engage top security researchers through competitive contests to identify vulnerabilities before deployment. The platform combines traditional audits with innovative mechanisms like bug bounties and AI-assisted tools to enhance code review efficiency. At its core, Sherlock uses a unique coverage protocol that allows users to insure their funds against smart contract exploits, distributing risk across a pool backed by premiums and reserves. Researchers, known as "Watsons," participate in time-bound contests to find and report issues, earning rewards based on severity. This crowdsourced approach has secured billions in TVL for protocols like MakerDAO and GMX, fostering a more robust blockchain environment. Sherlock's native token, SHER, facilitates governance, staking for coverage, and incentives for participants. Built on Ethereum, it emphasizes transparency and community-driven security, evolving with features like AI auditing assistants to stay ahead of emerging threats.
Sherlock suffered an $80M hack from a compromised private key.
Suffered a hack resulting in $50M loss plus $30M unauthorized mint due to compromised private key associated with the SERVICE_ROLE in USR protocol contracts.
Completed private audits for DEX v2 with public audit contest concluding on approximately 2026-03-10
Audit codebases from Sherlock contests are included in EVMBench, an OpenAI benchmark (released in 2025) that evaluates AI agents on smart contract security using 40 audit codebases with 120 high-severity vulnerabilities.
Launched $7.5M bug bounty program with Usual Protocol in January 2026.
Addressed Ethermint codebase vulnerability exploited on SagaEVM on January 21, 2026, coordinating with Saga, Cosmos Labs, Skip Protocol, B Harvest, MANTRA Chain, and Zellic.
Mentioned in a Centrifuge post discussing security frameworks for tokenized RWAs, with audit contests highlighted as a method for running adversarial reviews across codebases using hundreds of researchers.
Launched bug bounty program for Aave V4; codebase enters open security review.
MetaVault audit report completed by Sherlock DeFi's #1 ranked auditor.
Dango completes DEX module audit contest on Sherlock platform, now evaluating issues ahead of Testnet-3 expected October 13.
New partnership with Mellow Protocol includes security testing of institutional-grade vaults.
New $50K audit contest for Tangent project launches August 28.
New $100K audit contest for onchain order book module running September 15-28.
$93K audit competition reward paid out to top performer, marking resumption of audit activities following June operational pause.
Conducted security audits for Resolv protocol prior to $12M exploit.
Platform currently has zero active web3 security contests, marking operational pause in audit activities.
Final security audit completed by Sherlock, clearing path for v1.0 upgrade rollout.
New bug bounty program launches with 200K USDC reward for critical vulnerabilities in Yearn v3 integration.
$16M bug bounty program launches as largest in Web3 history, in collaboration with NexusMutual and UsualMoney.
$16M single-bug bounty program launches as largest technology security reward in history.
Largest-ever crypto bug bounty program launches with $16M reward for critical vulnerabilities.