audit firm profile

Sherlock

Vetted on Procur3

SolidityRustMoveVyperEthereumArbitrumOptimismDEXLendingBridge

Sherlock is a blockchain security firm known for deep protocol-level audits across DEX, Lending, Bridge. This profile aggregates its public audit record, 8,900+ findings and notable clients — so you can evaluate fit before requesting a competitive quote through Procur3.

Request a quote from Sherlock

320+

Public audits

8,900+

Findings logged

all severities

3,985

Crit + high + med

material findings

Incidents attributed

see history below

overview

About Sherlock

Sherlock is a blockchain security firm specialising in smart contract audits and protocol-level security reviews. The team works primarily in Solidity, Rust, Move and Vyper, covering engagements across Ethereum, Arbitrum, Optimism and related ecosystems. Core areas of expertise include DEX, Lending, Bridge, Yield.

With 320+ public audits on record, Sherlock has worked with notable protocols including Notional V3, Index Coop, Perennial V2, Telcoin. The firm's review history provides a transparent track record that teams can evaluate before engaging.

Through Procur3, teams can put their scope to Sherlock alongside other matched firms and receive a competitive quote — without a three-week sales cycle.

track record

Findings by severity

HighMediumLowInfoGas

Critical	558	6.3%
High	1,395	15.7%
Medium	2,032	22.8%
Low	2,212	24.9%
Informational	1,720	19.3%
Gas	983	11%

Across 320+ public audits, Sherlock has logged 8,900+ findings. Critical and high-severity issues account for roughly 45% of all findings — a profile reflecting thorough, deep-dive analysis across diverse protocol architectures.

Figures aggregated from publicly available audit reports. Counts are updated periodically and may lag the firm's latest private engagements. Severity labels follow each report's own classification.

selected work

Notable clients

Notional V3

Lending

↗

Index Coop

Indexes

↗

Perennial V2

Derivatives

↗

Telcoin

DeFi

↗

post-audit incidents

Incident history

Incidents recorded where a protocol was exploited after a Sherlock engagement. Attribution is contextual — a later exploit may fall outside the audited scope or post-date the review. We link the public source so you can judge for yourself.

source: rekt.news

Exploit in a previously-reviewed protocol

1 public incident is associated with a protocol Sherlock had engaged with. The exploited component fell partially outside the original audit scope. See the linked post-mortem for the full timeline and root cause.

get started

Ready to work with Sherlock?

Post your scope once. Sherlock quotes it competitively alongside other matched firms — you compare and award.

Request a quote — free Browse all firms

vetted firms onlyquotes in hoursfree for builders