Andre Cronje|May 01, 2026 11:30
"The contest wrapped up with zero valid Medium or High severity findings, making it one of the cleanest contest outcomes we have seen on Sherlock."
Very appreciative of Sherlock, our codebase was also one of the first public contests that really stress-tested "AI submissions", there were a lot...
That being said, audits are not a silver bullet, any good security is a layered approach. Audits for smart contract code, pen testing for web infra, external policy monitoring on RPC and external infra, bounties, public auditing contests, timelocks, multisigs, proper derisking of multi geographical signers, and code level implementations (such as circuit breakers or queues) all need to be considered. In today's "new defi" of proxy upgradeable contracts, msig managed configs, external RPC inputs for onchain decision making, one bad config can drain everything.(Andre Cronje)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink