slither/README.md

# Slither, the Solidity source analyzer
[![Build Status](https://travis-ci.com/trailofbits/slither.svg?token=JEF97dFy1QsDCfQ2Wusd&branch=master)](https://travis-ci.com/trailofbits/slither)

Slither is a Solidity static analysis framework written in Python 3. It provides an API to easily manipulate Solidity code. In addition to exposing a Solidity contracts AST, Slither provides many APIs to quickly check local and state variable usage.

With Slither you can:
- Detect vulnerabilities
- Speed up your understanding of code
- Build custom analyses to answer specific questions
- Quickly prototype a new static analysis techniques

## How to install

Slither uses Python 3.6.


```bash
$ python setup.py install
```

You may also want solc, the Solidity compiler, which can be installed using homebrew:

```bash
$ brew update
$ brew upgrade
$ brew tap ethereum/ethereum
$ brew install solidity
$ brew linkapps solidity
```

or with aptitude:

```bash
$ sudo add-apt-repository ppa:ethereum/ethereum
$ sudo apt-get update
$ sudo apt-get install solc
```

## How to use

``` 
$ slither file.sol
``` 

``` 
$ slither examples/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in examples/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]
``` 

If Slither is applied on a directory, it will run on every `.sol` file of the directory.

## Options

### Configuration
* `--solc SOLC`: Path to `solc` (default 'solc')
* `--disable-solc-warnings`: Do not print solc warnings
* `--solc-ast`: Use the solc AST file as input (`solc file.sol --ast-json > file.ast.json`)
* `--json FILE`: Export results as JSON
* `--solc-args SOLC_ARGS`: Add custom solc arguments. `SOLC_ARGS` can contain multiple arguments.

### Analyses
* `--high`: Run only medium/high severity checks with high confidence
* `--medium`: Run only medium/high severity checks with medium confidence
* `--low`: Run only low severity checks

### Printers
* `--print-summary`: Print a summary of the contracts
* `--print-quick-summary`: Print a quick summary of the contracts
* `--print-inheritance`: Print the inheritance graph

For more information about printers, see the [Printers documentation](docs/PRINTERS.md)

## Checks available

Check | Purpose | Severity | Confidence
--- | --- | --- | ---
`--uninitialized`| Detect uninitialized variables | High | High


## License

Slither is licensed and distributed under AGPLv3. [Contact us](mailto:opensource@trailofbits.com) if you're looking for an exception to the terms.
Initial public commit 6 years ago			`# Slither, the Solidity source analyzer`
			`[![Build Status](https://travis-ci.com/trailofbits/slither.svg?token=JEF97dFy1QsDCfQ2Wusd&branch=master)](https://travis-ci.com/trailofbits/slither)`

Make Python 3 great again 6 years ago			`Slither is a Solidity static analysis framework written in Python 3. It provides an API to easily manipulate Solidity code. In addition to exposing a Solidity contracts AST, Slither provides many APIs to quickly check local and state variable usage.`
Initial public commit 6 years ago
			`With Slither you can:`
Update README.md 6 years ago			`- Detect vulnerabilities`
			`- Speed up your understanding of code`
			`- Build custom analyses to answer specific questions`
			`- Quickly prototype a new static analysis techniques`
Initial public commit 6 years ago
			`## How to install`

Update README.md 6 years ago			`Slither uses Python 3.6.`
Mention python version in README.md 6 years ago
Initial public commit 6 years ago
			```bash
Make a slither package 6 years ago			`$ python setup.py install`
Initial public commit 6 years ago			```

Make a slither package 6 years ago			`You may also want solc, the Solidity compiler, which can be installed using homebrew:`
Initial public commit 6 years ago
			```bash
			`$ brew update`
			`$ brew upgrade`
			`$ brew tap ethereum/ethereum`
			`$ brew install solidity`
			`$ brew linkapps solidity`
			```

			`or with aptitude:`

			```bash
			`$ sudo add-apt-repository ppa:ethereum/ethereum`
			`$ sudo apt-get update`
			`$ sudo apt-get install solc`
			```

			`## How to use`

			```
Make a slither package 6 years ago			`$ slither file.sol`
Initial public commit 6 years ago			```

			```
Make a slither package 6 years ago			`$ slither examples/uninitialized.sol`
Initial public commit 6 years ago			`[..]`
			`INFO:Detectors:Uninitialized state variables in examples/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']`
			`[..]`
			```

			If Slither is applied on a directory, it will run on every `.sol` file of the directory.

			`## Options`

			`### Configuration`
Update README.md 6 years ago			* `--solc SOLC`: Path to `solc` (default 'solc')
Initial public commit 6 years ago			* `--disable-solc-warnings`: Do not print solc warnings
			* `--solc-ast`: Use the solc AST file as input (`solc file.sol --ast-json > file.ast.json`)
Update README.md 6 years ago			* `--json FILE`: Export results as JSON
			* `--solc-args SOLC_ARGS`: Add custom solc arguments. `SOLC_ARGS` can contain multiple arguments.
Initial public commit 6 years ago
			`### Analyses`
			* `--high`: Run only medium/high severity checks with high confidence
			* `--medium`: Run only medium/high severity checks with medium confidence
			* `--low`: Run only low severity checks

			`### Printers`
			* `--print-summary`: Print a summary of the contracts
			* `--print-quick-summary`: Print a quick summary of the contracts
			* `--print-inheritance`: Print the inheritance graph

			`For more information about printers, see the [Printers documentation](docs/PRINTERS.md)`

			`## Checks available`

			`Check \| Purpose \| Severity \| Confidence`
			`--- \| --- \| --- \| ---`
			`--uninitialized`\| Detect uninitialized variables \| High \| High


			`## License`

Update README.md 6 years ago			`Slither is licensed and distributed under AGPLv3. [Contact us](mailto:opensource@trailofbits.com) if you're looking for an exception to the terms.`