🛡️ Discover Covered vaults, safe DeFi yields made simple.
Your keys, your coins, your risk.
Welcome to OpenCover, the #1 source for DeFi cover data, news and insights. Compare cover providers to derisk your portfolio for free.
Sherlock
Sherlock is a protocol-level cover provider (B2B) and audit marketplace powered by the SHER governance token. Launched in 2021, participants can earn rewards for finding security vulnerabilities in audit contests or earn yield by providing underwriting capital.
Total Value Locked
Total Value Locked
Active Cover Amount
Covers sold
Claims
Payouts
Sherlock covers?
Audit Cover (B2B)
Protection against losses resulting from technical faults of smart contract code that should have been detected during audit.
Sherlock claims process?
Sherlock uses an advisory board and third-party arbitration (UMA Optimistic Oracle) to assess claim validity. The typical time frame for a valid claim payout ranges from several hours to 4 weeks.
Submitting a claim
Claims may be submitted by a protocol agent (representative of a covered protocol) immediately after a fund loss event and up to 7 days after the cover period has ended using the Sherlock dApp.
When submitting a claim, the claimant must provide:
- An event timestamp
- An amount to be reimbursed, which may be a current or a previous amount covered
There is no fee associated with this step of claim submission.
Sherlock claim assessment
Immediately after a claim is submitted, Sherlock’s Watsons (independent security experts) work with the covered protocol’s development team to stop the exploit (if still in progress), understand its scope and assist with determining if the exploit could be covered under Sherlock’s Audit Cover terms. If applicable, the Watsons also assist with claim submission.
When a claim is submitted, the Sherlock Protocol Claims Committee (SPCC) initially votes to determine whether to approve or deny a claim. This initial voting period may last up to 7 days.
If the claim is denied, the claimant may re-submit the claim with a different claim amount to the SPCC.
Alternatively, the claimant may escalate the claim to UMA by paying a fee (9,600 USDC plus an UMA fee that is subject to change).
If the claim is ultimately approved through UMA, half of the fee is returned to the claimant. The fee is kept by UMA otherwise.
Who is on the Sherlock Claims Committee (SPCC)?
The SPCC is composed of Sherlock core team members and security advisors.
It currently includes Sherlock founder Jack Sanford, Evert Kors, John Mardlin, Rajeev Gopalakrishna, Emiliano Bonassi, Mikko Ohtamaa and Mick de Graaf.
What is UMA?
UMA is a decentralized dispute arbitration service and optimistic oracle (a third-party entity that connects smart contracts to off-chain data).
How many times can a claim be submitted?
The claimant may re-submit a claim to the SPCC with a new claim amount or escalate an existing claim to UMA arbitration for a fee. The UMA decision is final and cannot be appealed.
Sherlock risk management?
Sherlock uses an expert panel to determine which protocols to cover. Cover fees and capacity are determined by Sherlock pricing models and community staking.
Cover listing process
Audit Cover requests are submitted by external protocols/companies and evaluated by the Sherlock team.
Multiple criteria are taken into account for audits, including:
- Codebase size and status (frozen vs. under development)
- Software development best practices
Protocols that are selected for audits undergo an 8-step audit and review process conducted by Watsons before becoming eligible for coverage.
Who are the Watsons?
Watsons are independent security professionals or teams who conduct Sherlock audits in exchange for a fee. Watsons may sign up to participate in an audit within Sherlock’s community or dApp.
Senior Watsons are ranked in the top 10% of Watsons and lead protocol audits and code reviews in exchanged for a fixed fee per audit. The highest-ranked Senior Watson that signs up for an audit is chosen to lead it.
Cover pricing
Protocols that undergo an audit and address all high and medium security vulnerabilities surfaced by the Watsons may opt in to Sherlock Audit Cover.
The Sherlock team and the protocol must then agree upon:
- Cover amount: Total amount within the protocol covered under the Sherlock cover product (up to $10 million)
- Price of coverage: The USDC fee paid by the protocol for cover. Protocols that undergo a public Sherlock audit contest vs. a private audit contest receive cover prices of 2% and 2.5%, respectively.
Sherlock source of underwriting capital?
Sherlock has a single underwriting capital pool on Ethereum.
Capital is crowdsourced from:
- Cover fees paid by covered protocols
- Sherlock participants who stake USDC to offer protection against losses and earn fees from cover purchases, yield strategies and protocol reward incentives
