Comparison guide of crowdsourced audits: Code4rena vs Sherlock

Andrii Stepanov
Marketing Manager
6 Minutes Read

In today’s digital landscape, the security of smart contracts is of paramount importance. With a multitude of platforms emerging to cater to the demand for impeccable smart contract auditing, making an informed choice has become increasingly challenging. This comprehensive guide intends to streamline your decision-making process. By focusing on five critical categories:

  • Special Features
  • Performance and Reliability
  • Customer Support and Documentation
  • Pricing, and Amount
  • Credibility of Hackers

Key Players in Crowdsourced Audits

Two significant entities stand out in this rapidly emerging sector: Code4rena and Sherlock. Both offer unparalleled services, albeit with a few distinctive features.


Code4rena epitomizes the essence of community-driven platforms dedicated to auditing smart contracts. What sets this platform apart is its gratis offering. Developers have the liberty to upload their smart contracts, post which the community rallies to audit them. Its suite of tools includes automated scanning and a clear-cut categorization of vulnerabilities, ensuring that grave threats are immediately flagged.


On the other side of the spectrum lies Sherlock, a premium solution for those in search of top-tier crowdsourced security auditing. Sherlock, much like Code4rena, empowers developers by identifying and aiding in rectifying vulnerabilities in smart contracts. Its multifaceted toolkit offers automated scans and a hierarchical arrangement of vulnerabilities based on their severity.

Difference between Code4rena and Sherlock

The arena of smart contract security auditing is growing exponentially, and amidst this growth, two primary players, Code4rena and Sherlock, have established their presence. Let’s examine the specific benefits, performance, customer support, and pricing strategies that each platform brings to the table.

Specific Features Offered:


  • Bot races: This innovative feature allows the automated tools to run checks for potential vulnerabilities, ensuring any superficial issues are filtered out and do not attract unnecessary expenditure.


  • Insuranse for Exploited Projects: Sherlock stands out by offering a security blanket for projects. If a project that’s been audited by Sherlock is exploited, it provides coverage, ensuring peace of mind for developers and stakeholders alike.

Performance and Reliability:


  • Versatility for All: Catering to a broad audience, Code4rena is more focused on beginners, so it may be a better fit if you are new to smart contract auditing. Meanwhile, seasoned security researchers are still wanting, thanks to an array of features tailored to meet their advanced requirements.


  • Tailored for the Experts: With its advanced feature set, Sherlock primarily serves experienced security researchers. The platform is meticulously crafted to aid these experts in unearthing and manipulating vulnerabilities to their advantage.

Customer Support and Documentation:


  • Support System:  Facilitated through both email and live chat.
  • Documentation and Community: Their website boasts an extensive documentation section, meticulously detailing every aspect of the platform, ensuring users can navigate its offerings with ease.


  • Robust Support: Facilitated through both email and live chat.
  • Detailed Documentation: Their official documentation may not be as exhaustive



  • The platform adopts a flexible pricing approach. Depending on the project’s budget, payments vary, with the most basic contest pricing starting at $6,500.


  • Sherlock’s pricing model is hinged on the lines of code (LOC) in a project:
    • 500 – 19k LOC: 3-day audit
    • 1k – 36k LOC: 7-day audit
    • 2k – 74k LOC: 12-day audit

Amount and Credibility of Hackers:

Sherlock: Targeted squarely at the experts of the security realm, Sherlock is a haven for experienced security researchers. The platform is fine-tuned to not just uncover but also exploit vulnerabilities. Its emphasis on experienced participants ensures a high caliber of auditing. Code4rena: Code4rena embraces a more encompassing approach, serving as a bridge between novices and experts in the world of smart contract auditing. While it serves as fertile ground for beginners to foster their skills, seasoned researchers will find its tools and features beneficial. The platform, thus, enjoys a diverse range of hackers, both in terms of number and skill sets.

HackenProof: A Fresh Perspective

While Sherlock and Code4rena have established themselves firmly, HackenProof emerges as a compelling contender with its unique offerings:

  • Qualified Auditors: HackenProof isn’t about sheer numbers. It stresses quality, with every auditor being a credentialed smart contract evaluator.
  • Pricing Dynamics: Their model is unique – you pay based on Lines of Code (LOC), and importantly, only for legitimate issues. Unlike many platforms that demand upfront commissions, HackenProof only extracts a 10% fee for its Triage service if valid issues are detected.
  • Diverse Auditing Teams: One isn’t confined to a single team with HackenProof. They have alliances with over seven adept auditing companies, and their platform teems with more than 20,000 security engineers.
  • Vigorous KYC Process: Every participant undergoes the KYC process. This ensures a double advantage: Firstly, only qualified auditors with proven skills can access an audit, ensuring you don’t wade through inconsequential reports. Secondly, the rigorous KYC ensures that no multi-account hunters sneak through.
  • Broad Technological Support: The platform stands out in its support for diverse technologies, ranging from Solana, Rust, Move, and Cairo to Vyper.
Criteria Code4rena Sherlock HackenProof
Amount of hackers 13k 5k 20k
Credibility of researchers More focused on beginners Mostly expert auditors Experienced blockchain auditors and researchers
Customer Support 24/7 customer support
Documentation Provide documentation on the ending of the audit Provide documentation on the ending of the audit Provide documentation on the ending of the audit
Pricing Depending on the project’s budget, payments vary Paying on the amount of LOC Paying on the amount of LOC
Fee Should pay on top of pricing Should pay on top of pricing Included in budget

Each platform, with its own set of merits, caters to varied requirements. If you’re scouting for a cost-effective, community-driven solution, Code4rena is your best bet.

However, if premium, targeted services tailored for the experts resonate more with your needs, Sherlock should be your choice.

Yet, for those who emphasize the paramount importance of quality and want a blend of diversified expertise, backed by a unique pricing model and expansive technological compatibility, HackenProof surges ahead as the top recommendation.

Want to know more about a comprehensive approach to security and crowdsourced audits? Get in touch to request a demo with our team today!




Read more on HackenProof Blog