Introducing Sherlock - Exploit Protection

We are launching on Ethereum mainnet today and wanted to share more about what we have been working on - cue Sherlock. Sherlock is a risk management platform built on Ethereum and designed to keep end users protected by providing affordable and scalable coverage to protocols.

For our guarded launch, we have $30M of capital commitment to our liquidity pool and will be announcing the three protocols we our covering over the next few weeks (our first protocol will be announced today).

The Sherlock Ecosystem

The Sherlock ecosystem involves 3 main participants: Watsons (Sherlock’s decentralized security team), Protocols, and Stakers (capital providers of the pool). These three participants work together to create a system that (1) incentivizes Watsons to keep protocols as safe as possible, (2) produces reliable coverage for protocols and (3) doesn’t require stakers to be smart contract security experts.

Sherlock is differentiated from other solutions in two major ways: (1) Pricing and (2) UX.

How we Differentiate

Pricing

The way coverage through Sherlock works is that Watsons will assess the riskiness of a protocol through deep fundamental research and then will work with the risk team to price out coverage for the protocol. Areas of assessment include protocol architecture, complexity of on-chain operations, upgradability risks, economic risks, protocol dependencies (composability), oracle manipulation risks, processes for shipping secure code, “emergency” mechanisms for limiting hack magnitudes, etc.

Sherlock does the work required to price risk as accurately as possible on an individual protocol level. Other risk management protocols use a utilization curve to price coverage which means prices change dynamically with the demand for cover. This means it is likely that 99% of the coverage written is mis-priced. If the ‘correct’ price is X%, then every cover written on the utilization curve at <X% is underpriced and every cover written >X% is overpriced. It’s very rare that covers are written at exactly X% when using a utilization curve. In Sherlock’s case, all covers are written at exactly X%, ensuring both sides of the marketplace get a fair price every time.

Other approaches to pricing similarly fall flat. Using machine learning for price discovery is dangerous because there is so little historical data available in DeFi security. Pricing based on supply and demand usually requires the supply side to have deep smart contract security knowledge. This approach can have trouble scaling. If pricing is not trustworthy, stakers won’t stake funds. So, we believe the only way to truly understand a protocol’s risk and price it as accurately as possible is through deep fundamental research.

Sherlock aligns leading security experts and stakers in a way that makes sense for both parties. Stakers trust the pricing decisions of Watsons because each Watson get compensated very well if their pricing turns out right, but can lose the majority of their compensation if their pricing turns out wrong. Stakers only need to trust the incentive alignment to feel comfortable delegating their capital to security experts; they don’t need to be experts themselves. And Watsons benefit from the capital provided by stakers because they get paid as a % of premiums written against that capital. As a bonus, the vesting nature of Watsons’ compensation incentivizes continuous monitoring/assessment of the protocols they are responsible for, as opposed to the transactional nature of many audits.

UX

When it comes to interacting with protocols in DeFi, Sherlock believes the easiest UX is no UX. This is why Sherlock works directly with protocols instead of users.

Where to learn more

  1. Sherlock Docs: https://docs.sherlock.xyz/
  2. Twitter: https://twitter.com/Sherlock_DeFi
  3. Website: https://sherlock.xyz/
  4. Medium: https://sherlock-protocol.medium.com/

If you are a security or risk-minded individual and want to make DeFi safer, join the conversation in our Discord (https://discord.gg/6XWQncvn) and reach out if there are ways you want to contribute.