slither/README.md

# Slither, the Solidity source analyzer
[![Build Status](https://travis-ci.com/trailofbits/slither.svg?token=JEF97dFy1QsDCfQ2Wusd&branch=master)](https://travis-ci.com/trailofbits/slither)
[![Slack Status](https://empireslacking.herokuapp.com/badge.svg)](https://empireslacking.herokuapp.com)

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comphrehension, and quickly prototype custom analyses.

## Features

* Detects vulnerable Solidity code with low false positives
  * Detection of most major smart contract vulnerabilities
  * Detection of poor coding practices
* Identifies where the error condition occurs in the source code
* Easy integration into continuous integration pipelines
* Four built-in 'printers' quickly report crucial contract information
* Detector API to write custom analyses in Python
* Ability to analyze contracts written with Solidity > 0.4

Slither possesses it's own intermediate representation, called [SlithIR](https://github.com/trailofbits/slither/wiki/SlithIR).

## Usage

``` 
$ slither tests/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in tests/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]
``` 

If Slither is run on a directory, it will run on every `.sol` file of the directory. All vulnerability checks are run by default.

###  Configuration

* `--solc SOLC`: Path to `solc` (default 'solc')
* `--solc-args SOLC_ARGS`: Add custom solc arguments. `SOLC_ARGS` can contain multiple arguments
* `--disable-solc-warnings`: Do not print solc warnings
* `--solc-ast`: Use the solc AST file as input (`solc file.sol --ast-json > file.ast.json`)
* `--json FILE`: Export results as JSON
* `--exclude-name`: Excludes the detector `name` from analysis

### Printers

* `--printer-summary`: Print a summary of the contracts
* `--printer-quick-summary`: Print a quick summary of the contracts
* `--printer-inheritance`: Print the inheritance graph
* `--printer-vars-and-auth`: Print the variables written and the check on `msg.sender` of each function

## Checks available

By default, all the checks are run.

Check | Purpose | Impact | Confidence
--- | --- | --- | ---
`--detect-arbitrary-send`| Detect functions sending ethers to an arbitrary destination | High | Medium
`--detect-reentrancy`| Detect reentrancy vulnerabilities | High | Medium
`--detect-suicidal`| Detect suicidal functions | High | High
`--detect-uninitialized-state`| Detect uninitialized state variables | High | High
`--detect-uninitialized-storage`| Detect uninitialized storage variables | High | High
`--detect-locked-ether`| Detect contracts with payable functions that do not send ether | Medium | High
`--detect-tx-origin`| Detect dangerous usage of `tx.origin` | Medium | Medium
`--detect-pragma`| Detect if different pragma directives are used | Informational | High
`--detect-solc-version`| Detect if an old version of Solidity used (<0.4.23) | Informational | High
`--detect-unused-state`| Detect unused state variables | Informational | High

[Contact us](https://www.trailofbits.com/contact/) to get access to additional detectors.

## How to install

Slither requires Python 3.6+ and [solc](https://github.com/ethereum/solidity/), the Solidity compiler.
<!--- 
## Using Pip

```
$ pip install slither-analyzer
```

or
-->

```bash
$ git clone https://github.com/trailofbits/slither.git && cd slither
$ python setup.py install 
```

## Getting Help

Feel free to stop by our [Slack channel](https://empireslacking.herokuapp.com) (#ethereum) for help using or extending Slither.

* The [Printer documentation](https://github.com/trailofbits/slither/wiki/Printer-documentation) describes the information Slither is capable of visualizing for each contract.

* The [Detector documentation](https://github.com/trailofbits/slither/wiki/Adding-a-new-detector) describes how to write a new vulnerability analyses.

* The [API documentation](https://github.com/trailofbits/slither/wiki/API-examples) describes the methods and objects available for custom analyses.

* The [SlithIR documentation](https://github.com/trailofbits/slither/wiki/SlithIR) describes the SlithIR intermediate representation.

## License

Slither is licensed and distributed under the AGPLv3 license. [Contact us](mailto:opensource@trailofbits.com) if you're looking for an exception to the terms.
Initial public commit 6 years ago			`# Slither, the Solidity source analyzer`
			`[![Build Status](https://travis-ci.com/trailofbits/slither.svg?token=JEF97dFy1QsDCfQ2Wusd&branch=master)](https://travis-ci.com/trailofbits/slither)`
Update README.md 6 years ago			`[![Slack Status](https://empireslacking.herokuapp.com/badge.svg)](https://empireslacking.herokuapp.com)`
Initial public commit 6 years ago
better features list 6 years ago			`Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comphrehension, and quickly prototype custom analyses.`
Update README.md 6 years ago
			`## Features`
Initial public commit 6 years ago
better features list 6 years ago			`* Detects vulnerable Solidity code with low false positives`
			`* Detection of most major smart contract vulnerabilities`
			`* Detection of poor coding practices`
Update README.md 6 years ago			`* Identifies where the error condition occurs in the source code`
better features list 6 years ago			`* Easy integration into continuous integration pipelines`
			`* Four built-in 'printers' quickly report crucial contract information`
			`* Detector API to write custom analyses in Python`
			`* Ability to analyze contracts written with Solidity > 0.4`
Initial public commit 6 years ago
Update README 6 years ago			`Slither possesses it's own intermediate representation, called [SlithIR](https://github.com/trailofbits/slither/wiki/SlithIR).`
Initial public commit 6 years ago
Update README.md 6 years ago			`## Usage`
Update README 6 years ago
Initial public commit 6 years ago			```
Update README example Clean code in solidity_variables 6 years ago			`$ slither tests/uninitialized.sol`
Initial public commit 6 years ago			`[..]`
Update README example Clean code in solidity_variables 6 years ago			`INFO:Detectors:Uninitialized state variables in tests/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']`
Initial public commit 6 years ago			`[..]`
			```

Update README.md 6 years ago			If Slither is run on a directory, it will run on every `.sol` file of the directory. All vulnerability checks are run by default.

			`### Configuration`

Update README.md 6 years ago			* `--solc SOLC`: Path to `solc` (default 'solc')
			* `--solc-args SOLC_ARGS`: Add custom solc arguments. `SOLC_ARGS` can contain multiple arguments
			* `--disable-solc-warnings`: Do not print solc warnings
			* `--solc-ast`: Use the solc AST file as input (`solc file.sol --ast-json > file.ast.json`)
			* `--json FILE`: Export results as JSON
			* `--exclude-name`: Excludes the detector `name` from analysis
Update README.md 6 years ago
			`### Printers`

Update README.md 6 years ago			* `--printer-summary`: Print a summary of the contracts
			* `--printer-quick-summary`: Print a quick summary of the contracts
			* `--printer-inheritance`: Print the inheritance graph
			* `--printer-vars-and-auth`: Print the variables written and the check on `msg.sender` of each function
Initial public commit 6 years ago
Command line changes: - Add exclude flag for each detector - replace -low, -medium, -high by -exclude-low, ... - clean detectors/printers information and flags - detector follow this format '--detect-name' - close #1 and #10 Update README 6 years ago			`## Checks available`

			`By default, all the checks are run.`
Initial public commit 6 years ago
Update README 6 years ago			`Check \| Purpose \| Impact \| Confidence`
			`--- \| --- \| --- \| ---`
Reduce arbitrary send confidence until larger testing 6 years ago			`--detect-arbitrary-send`\| Detect functions sending ethers to an arbitrary destination \| High \| Medium
AbstractDetector: - Replace Classification by Impact - Add Confidence - Replace CODEQUALITY by Informational Add hidden option to automatically generate markdown list of detectors Update Readme 6 years ago			`--detect-reentrancy`\| Detect reentrancy vulnerabilities \| High \| Medium
Update README 6 years ago			`--detect-suicidal`\| Detect suicidal functions \| High \| High
--detect-uninitialized -> --detect-uninitialized-state inheritances -> inheritance 6 years ago			`--detect-uninitialized-state`\| Detect uninitialized state variables \| High \| High
Update README 6 years ago			`--detect-uninitialized-storage`\| Detect uninitialized storage variables \| High \| High
Update README.md These detectors use different heuristics than MAIAN and the results are not exactly the same. 6 years ago			`--detect-locked-ether`\| Detect contracts with payable functions that do not send ether \| Medium \| High
Open source tx.origin detector 6 years ago			`--detect-tx-origin`\| Detect dangerous usage of `tx.origin` \| Medium \| Medium
Update README.md 6 years ago			`--detect-pragma`\| Detect if different pragma directives are used \| Informational \| High
AbstractDetector: - Replace Classification by Impact - Add Confidence - Replace CODEQUALITY by Informational Add hidden option to automatically generate markdown list of detectors Update Readme 6 years ago			`--detect-solc-version`\| Detect if an old version of Solidity used (<0.4.23) \| Informational \| High
			`--detect-unused-state`\| Detect unused state variables \| Informational \| High
Add re-entrancy detector Add Prioritization information to README 6 years ago
Update README.md 6 years ago			`[Contact us](https://www.trailofbits.com/contact/) to get access to additional detectors.`
Initial public commit 6 years ago
Update README.md 6 years ago			`## How to install`

			`Slither requires Python 3.6+ and [solc](https://github.com/ethereum/solidity/), the Solidity compiler.`
			`<!---`
			`## Using Pip`

			```
			`$ pip install slither-analyzer`
			```

			`or`
			`-->`

			```bash
Fix typo in the installation instruction 6 years ago			`$ git clone https://github.com/trailofbits/slither.git && cd slither`
Update README.md 6 years ago			`$ python setup.py install`
			```

			`## Getting Help`
Initial public commit 6 years ago
Update README 6 years ago			`Feel free to stop by our [Slack channel](https://empireslacking.herokuapp.com) (#ethereum) for help using or extending Slither.`
Initial public commit 6 years ago
Update README.md 6 years ago			`* The [Printer documentation](https://github.com/trailofbits/slither/wiki/Printer-documentation) describes the information Slither is capable of visualizing for each contract.`
Update README 6 years ago
Update README.md 6 years ago			`* The [Detector documentation](https://github.com/trailofbits/slither/wiki/Adding-a-new-detector) describes how to write a new vulnerability analyses.`
Update README 6 years ago
Update README.md 6 years ago			`* The [API documentation](https://github.com/trailofbits/slither/wiki/API-examples) describes the methods and objects available for custom analyses.`
Initial public commit 6 years ago
Update README 6 years ago			`* The [SlithIR documentation](https://github.com/trailofbits/slither/wiki/SlithIR) describes the SlithIR intermediate representation.`

Update README.md 6 years ago			`## License`
Initial public commit 6 years ago
Update README.md (#15) 6 years ago			`Slither is licensed and distributed under the AGPLv3 license. [Contact us](mailto:opensource@trailofbits.com) if you're looking for an exception to the terms.`