Is Sherlock Safe?
Risk Grade: C+ (37/100)
Sherlock is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
Moderate risk — novel audit-plus-insurance model, but the pool is under-collateralized by design and audit failures directly threaten solvency
A DeFi insurance protocol that audits smart contracts and then insures them against hacks, with $60M in its claims pool. You can deposit USDC to back those insurance policies and earn yield from premiums. Its B- grade reflects a fundamental tension: if Sherlock's audits miss bugs, it also has to pay for the losses.
TVL
$506,000
Mechanisms
6
Interactions
5
Value Grade
D+
Key Risks for Sherlock Users
The $60M insurance pool covers far more than $60M in total risk. If multiple insured projects get hacked at the same time, the pool cannot pay everyone. Your USDC deposit gets slashed to cover claims
Sherlock only insures projects it audits. If its audit process has a blind spot, every insured project shares that same weakness
Insurance payouts max out at $10M per project. A $500M protocol paying premiums gets only $10M back if hacked
Top Risk Factors
- •Under-collateralized insurance model: staking pool reserves ($60M) can be overwhelmed by correlated exploit events across multiple covered protocols, forcing staker principal slashing
- •Skin-in-the-game model creates perverse incentives: Sherlock only covers protocols it audits, so systematic audit methodology failures cascade to insurance solvency
- •Coverage caps ($10M per protocol) are inadequate for large DeFi protocols, creating moral hazard where Sherlock insures 5% of risk but collects 2% premium on 100% of TVL
How Sherlock Compares to Peers
Sherlock ranks #36 of 68 DeFi protocols (below-median — riskier than average). At a risk score of 37/100, it's in line with the sector average (36/100).
Adjacent peers: SoSoValue Indexes (C+, 36/100) is ranked just safer, and Momentum Safe (C+, 38/100) is ranked just riskier.
See the full DeFi sector leaderboard or the Sherlock vs Momentum Safe comparison.
Common Questions about Sherlock
Plain-English answers based on Sherlock's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Mechanism Novelty (8/15).
Has Sherlock ever been hacked or exploited?
Sherlock has a fairly clean operational history. The track record dimension scored 5/15, indicating minor or no significant incidents on record. A clean track record is a positive signal but it does not guarantee future safety, especially as protocol complexity grows.
How much money is at stake in Sherlock?
Sherlock currently holds a small TVL — exit liquidity is a real concern at this size. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for Sherlock?
Hindenrank has identified specific collapse scenarios for Sherlock. The most prominent: "Catastrophic Payout Event Drains Staking Pool". The trigger condition is Multiple audited protocols covered by Sherlock suffer simultaneous exploits (correlated vulnerability across similar codebases), triggering insurance payouts that exceed staked USDC reserves. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Sherlock regulated or insured?
Sherlock has low regulatory exposure on Hindenrank's framework (3/10). The protocol is structured in a way that minimizes counterparty and jurisdiction concentration, though regulatory risk in crypto can change rapidly. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Sherlock?
Hindenrank's retail-focused risk audit flagged: The $60M insurance pool covers far more than $60M in total risk. If multiple insured projects get hacked at the same time, the pool cannot pay everyone. Your USDC deposit gets slashed to cover claims Sherlock only insures projects it audits. If its audit process has a blind spot, every insured project shares that same weakness Insurance payouts max out at $10M per project. A $500M protocol paying premiums gets only $10M back if hacked
Should beginners deposit into Sherlock?
Sherlock's C+ grade puts it in the elevated-risk band. This is not a beginner-friendly protocol. Anyone depositing here should treat the position as speculative and avoid concentrating significant savings in it.
How does Sherlock compare to safer DeFi alternatives?
Sherlock is one protocol in Hindenrank's DeFi coverage. The safest DeFi protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Sherlock against the full DeFi ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Sherlock risk report.
Read the Full Sherlock Risk Report
This protocol has 2 collapse scenarios. 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.