Summary: Sherlock is a web3 security company whose current primary materials frame it as a complete-lifecycle security platform for onchain systems. Rather than presenting security as a one-time audit, Sherlock’s docs describe an operating model spanning development-time AI review, staffed collaborative audits, public audit contests, post-launch bug bounties, and optional exploit-payout coverage through Sherlock Shield, with public repositories that also point to a protocol-style coverage layer and published audit/coverage reports.
What it does:
Provides Sherlock AI, an auditor-oriented code-analysis product for development and pre-launch review
Runs staffed collaborative audits and a higher-touch Blackthorn tier for high-stakes scopes with iterative fix verification
Hosts public audit contests that use many independent researchers to pressure-test code under structured incentives
Operates pre-launch and post-launch bug-bounty programs to maintain ongoing scrutiny on live systems
Offers Sherlock Shield, an optional coverage program for qualifying audited codebases, and maintains public repositories for coverage/protocol components and audit reports
Key claims:
Sherlock docs define “complete lifecycle security” as pressure applied during development, before launch or upgrade, and after launch as integrations and incentives evolve
Official site and FAQ position Sherlock as a security organization for onchain systems where software directly controls capital, not just a point-in-time audit marketplace
The docs enumerate six core services: Sherlock AI, Collaborative Auditing, Audit Contests, Bug Bounties, Sherlock Shield, and Blackthorn
Shield docs make the coverage layer concrete by describing eligibility gates, fix review, coverage tiers, and an onchain claims process rather than vague “insurance” marketing language
The public GitHub organization includes smart contracts, frontend, indexer, governance/discussion materials, integrations lists, and public audit / coverage reports, suggesting Sherlock spans both services and protocol-like coverage infrastructure
Whitepaper: No classic whitepaper or litepaper was found during this pass. The strongest primary materials were Sherlock’s homepage, docs introduction, FAQ, Shield docs, and public GitHub organization; see ../whitepapers/sherlock-primary-sources-2026-04-25.md.
Comparable to: security platforms that are broader than one-shot audits.
Differs from: contest-only or bounty-only venues because Sherlock keeps pushing the bundle toward lifecycle review plus optional payout-backed coverage.