Sherlock

Other · Underwriting

NetworkOtherUnderwritingAudit-Coverage0 coinsAudited

Sherlock provides smart-contract audit coverage for DeFi protocols. Security researchers and stakers back a first-loss capital pool that pays out when covered protocols suffer exploits matching policy terms.

Audit-backed protocol coverage with a first-loss capital pool.

Protocol TVL

Latest data · 15 min delay

Research

Components, facts, FAQ, timeline, and tokenomics in one place

Main components (8)

1

Audit Cover / Sherlock Shield

Financial coverage that reimburses protocols for losses from smart-contract exploits that should have been caught during a Sherlock audit. Historically offered up to $10M per protocol under the V2 staking model; the current Sherlock Shield product sits on top of audited code post-launch with limits up to $500,000 and is explicitly described as 'not insurance', with payouts governed by written program terms and claims processes.

2

USDC Staking Pool (V2, first-loss capital)

A single Ethereum-based underwriting pool where stakers locked USDC to backstop coverage payouts. Stakers earned cover-purchase fees, yield-strategy returns and SHER token incentives, but bore first-loss risk: staked capital could be liquidated to pay valid exploit claims.

3

Audit Contests

Large-scale adversarial competitions where thousands of registered security researchers compete to find vulnerabilities in a protocol's codebase for a prize pool, with severity-based scoring.

4

Collaborative Audits

Private, staffed security reviews led by top-ranked researchers, offered as a pre-launch complement or alternative to open contests.

5

Bug Bounties

Ongoing post-launch incentive programs for live protocols, including record-size bounties (e.g. a $16M program for Usual).

6

Sherlock AI

AI-driven automated code-analysis tool (beta launched September 2025) that scans smart-contract code during development to surface vulnerabilities earlier in the lifecycle.

7

Claims Assessment (SPCC + UMA)

Two-stage claims process: the Sherlock Protocol Claims Committee (core team + security advisors) votes within ~7 days; denied claims can be escalated to UMA's Optimistic Oracle for arbitration for a fixed fee.

8

SHER Token

Native protocol token used for staking rewards and researcher incentives. Note: SHER was never launched as a liquid, publicly traded token; the planned large public token round did not result in a live token.

Differentiator

Ties underwriting directly to audit coverage — protocols pay premiums and stakers backstop exploit losses on audited codebases.

Organizational structure

Units & roles

  • Sherlock (Spearbit-adjacent / Sherlock Inc.)

    US-based venture-funded company that builds and operates the Sherlock security platform and coverage protocol. Co-founded by Jack Sanford (co-founder, frequently quoted on the coverage model and the 2023 reserves crisis).

    Company / core team
  • Sherlock Protocol Claims Committee (SPCC)

    Committee of core team members and security advisors that reviews and votes on coverage claims within roughly 7 days before any escalation to UMA arbitration.

    Claims governance body

Investment rounds

DateRoundAmountInvestorsLink
2021-06-03Pre-Seed$1.5M
IDEO CoLab VenturesA.CapitalScalar CapitalDeFi AllianceKain WarwickHart LamburSidney Powell
Source
2022-09-14Seed$4M
ArchetypeSpartanLatticeCoinFund
Source

Similarity to traditional finance products

How Sherlock maps onto established TradFi structures, and where it diverges.

TradFi productSimilarity to SherlockKey differences
Warranty / audit-linked professional-liability coverLike a warranty on professional work, Sherlock's Audit Cover pays out when the audited 'product' (smart-contract code) fails due to a defect the audit should have caught, aligning the auditor's incentives with the client's outcome.Cover is funded on-chain by USDC stakers taking first-loss risk rather than by a regulated insurer's balance sheet; claims are decided by a protocol committee plus UMA's Optimistic Oracle rather than courts or regulators; limits are modest and the product is explicitly 'not insurance'.
Surety bondA third party (the staking pool) posts capital that can be drawn on if the covered party's code fails, similar to how a surety guarantees performance and pays the obligee on default.There is no legal recourse against a principal to recover paid claims; the 'surety' capital is crowdsourced from anonymous USDC stakers earning yield, and pricing is tied to audit quality scores rather than credit underwriting.
Research agent