Crypto protocol audits typically include two to three auditors scouring the code over a few weeks. Sherlock, which sells its solutions directly to protocols, starts with one or two senior auditors taking a brief look at the code. Sherlock then hosts an auditing competition where entrants are financially rewarded for finding vulnerabilities. The auditors come from a list of people that Sherlock has worked with before, but approved auditors will eventually include the top contest performers, explained Sanford.