Static Analyzer for Solidity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
slither/README.md

85 lines
2.5 KiB

# Slither, the Solidity source analyzer
[![Build Status](https://travis-ci.com/trailofbits/slither.svg?token=JEF97dFy1QsDCfQ2Wusd&branch=master)](https://travis-ci.com/trailofbits/slither)
Slither is a Solidity static analyzer framework, it provides an API to manipulate Solidity code easily. In addition to exposing a Solidity contracts AST, Slither provides many APIs to quickly check local and state variable usage.
With Slither you can:
- Detect vulnerabilities.
- Speed up your code understanding.
- Build custom analyses to answer specific needs.
- Quickly prototype a new static analysis technique.
## How to install
Use pip to install the dependencies:
```bash
$ sudo -H pip install -U -r requirements.txt
```
You may also want solc, which can be installed using homebrew:
```bash
$ brew update
$ brew upgrade
$ brew tap ethereum/ethereum
$ brew install solidity
$ brew linkapps solidity
```
or with aptitude:
```bash
$ sudo add-apt-repository ppa:ethereum/ethereum
$ sudo apt-get update
$ sudo apt-get install solc
```
## How to use
```
$ slither.py file.sol
```
```
$ slither.py examples/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in examples/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]
```
If Slither is applied on a directory, it will run on every `.sol` file of the directory.
## Options
### Configuration
* `--solc` SOLC: Path to `solc` (default 'solc')
* `--disable-solc-warnings`: Do not print solc warnings
* `--solc-ast`: Use the solc AST file as input (`solc file.sol --ast-json > file.ast.json`)
* `--json` FILE: Export results as JSON
* `--solc-args` SOLC_ARGS: Add custom solc arguments. SOLC_ARGS can contain multiple arguments.
### Analyses
* `--high`: Run only medium/high severity checks with high confidence
* `--medium`: Run only medium/high severity checks with medium confidence
* `--low`: Run only low severity checks
### Printers
* `--print-summary`: Print a summary of the contracts
* `--print-quick-summary`: Print a quick summary of the contracts
* `--print-inheritance`: Print the inheritance graph
For more information about printers, see the [Printers documentation](docs/PRINTERS.md)
## Checks available
Check | Purpose | Severity | Confidence
--- | --- | --- | ---
`--uninitialized`| Detect uninitialized variables | High | High
## License
Slither is licensed and distributed under the AGPLv3 license. [Contact us](mailto:opensource@trailofbits.com) if you're looking for an exception to the terms.ontact us if you're looking for an exception to the terms.