# Slither, the Solidity source analyzer
[![Build Status ](https://travis-ci.com/trailofbits/slither.svg?token=JEF97dFy1QsDCfQ2Wusd&branch=master )](https://travis-ci.com/trailofbits/slither)
Slither is a Solidity static analysis framework written in Python 3. It provides an API to easily manipulate Solidity code, and integrates vulnerabilities detectors.
# Features
With Slither you can:
- **Detect vulnerabilities**
- **Speed up your understanding** of code
- **Build custom analyses** to answer specific questions
- **Quickly prototype** a new static analysis techniques
Slither can analyze contracts written with Solidity > 0.4.
Some of Slither detectors are open-source, [contact us ](https://www.trailofbits.com/contact/ ) to get access to additional detectors.
# How to install
Slither uses Python 3.6.
## Using Pip
```
$ pip install slither-analyzer
```
## Using Gihtub
```bash
$ git clone https://github.com/trailofbits/slither.git & cd slither
$ python setup.py install
```
Slither requires [solc ](https://github.com/ethereum/solidity/ ), the Solidity compiler.
# How to use
```
$ slither file.sol
```
For example:
```
$ slither examples/bugs/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in examples/bugs/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]
```
If Slither is applied on a directory, it will run on every `.sol` file of the directory.
## Checks available
By default, all the checks are run.
Check | Purpose | Impact | Confidence
--- | --- | --- | ---
`--detect-uninitialized` | Detect uninitialized state variables | High | High
`--detect-uninitialized-storage` | Detect uninitialized storage variables | High | High
`--detect-pragma` | Detect if different pragma directives are used | Informational | High
`--detect-reentrancy` | Detect if different pragma directives are used | High | Medium
`--detect-solc-version` | Detect if an old version of Solidity is used (< 0.4.23 ) | Informational | High
## Exclude analyses
* `--exclude-informational` : Exclude informational impact analyses
* `--exclude-low` : Exclude low impact analyses
* `--exclude-medium` : Exclude medium impact analyses
* `--exclude-high` : Exclude high impact analyses
* `--exclude-name` will exclude the detector `name`
## Configuration
* `--solc SOLC` : Path to `solc` (default 'solc')
* `--solc-args SOLC_ARGS` : Add custom solc arguments. `SOLC_ARGS` can contain multiple arguments.
* `--disable-solc-warnings` : Do not print solc warnings
* `--solc-ast` : Use the solc AST file as input (`solc file.sol --ast-json > file.ast.json`)
* `--json FILE` : Export results as JSON
## Printers
* `--printer-summary` : Print a summary of the contracts
* `--printer-quick-summary` : Print a quick summary of the contracts
* `--printer-inheritance` : Print the inheritance graph
* `--printer-vars-and-auth` : Print the variables written and the check on `msg.sender` of each function.
For more information about printers, see the [Printers documentation ](docs/PRINTERS.md )
## How to create analyses
See the [API documentation ](https://github.com/trailofbits/slither/wiki/API-examples ), and the [detector documentation ](https://github.com/trailofbits/slither/wiki/Adding-a-new-detector ).
# License
Slither is licensed and distributed under the AGPLv3 license. [Contact us ](mailto:opensource@trailofbits.com ) if you're looking for an exception to the terms.