diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7a21519b7..65f49b685 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,11 +45,9 @@ jobs: # Used by ci_test.sh pip install deepdiff - git clone https://github.com/crytic/solc-select.git - ./solc-select/scripts/install.sh - export PATH=/home/runner/.solc-select:$PATH - echo "export PATH=/home/runner/.solc-select:$PATH" >> ~/.bashrc - solc use 0.5.1 + pip install solc-select + solc-select install all + solc-select use 0.5.1 - name: Run Tests env: diff --git a/.github/workflows/detectors.yml b/.github/workflows/detectors.yml index cbd4a2f92..13f4ca6ff 100644 --- a/.github/workflows/detectors.yml +++ b/.github/workflows/detectors.yml @@ -33,11 +33,9 @@ jobs: pip install deepdiff pip install pytest - git clone https://github.com/crytic/solc-select.git - ./solc-select/scripts/install.sh - export PATH=/home/runner/.solc-select:$PATH - echo "export PATH=/home/runner/.solc-select:$PATH" >> ~/.bashrc - + pip install solc-select + solc-select install all + solc-select use 0.7.3 - name: Test with pytest run: | pytest tests/test_detectors.py diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index c2720d5ae..2629567bb 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -80,4 +80,5 @@ jobs: VALIDATE_DOCKERFILE: false VALIDATE_DOCKERFILE_HADOLINT: false VALIDATE_EDITORCONFIG: false + VALIDATE_JSCPD: false SHELLCHECK_OPTS: "-e SC1090" diff --git a/.github/workflows/parser.yml b/.github/workflows/parser.yml index bfa687f42..c7db98197 100644 --- a/.github/workflows/parser.yml +++ b/.github/workflows/parser.yml @@ -34,9 +34,13 @@ jobs: pip install pytest git clone https://github.com/crytic/solc-select.git + cd solc-select + git checkout 857d6fa883d9283454be1cb2d869a8f9962b27b8 + cd .. ./solc-select/scripts/install.sh export PATH=/home/runner/.solc-select:$PATH echo "export PATH=/home/runner/.solc-select:$PATH" >> ~/.bashrc + solc use 0.7.3 - name: Test with pytest run: | diff --git a/README.md b/README.md index 196a569f8..d68f2aa00 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Slither is a Solidity static analysis framework written in Python 3. It runs a s ## Features -* Detects vulnerable Solidity code with low false positives +* Detects vulnerable Solidity code with low false positives (see the list of [trophies](./trophies.md)) * Identifies where the error condition occurs in the source code * Easily integrates into continuous integration and Truffle builds * Built-in 'printers' quickly report crucial contract information @@ -30,7 +30,7 @@ Slither is a Solidity static analysis framework written in Python 3. It runs a s ## Bugs and Optimizations Detection -Run Slither on a Truffle/Embark/Dapp/Etherlime application: +Run Slither on a Truffle/Embark/Dapp/Etherlime/Hardhat application: ```bash slither . ``` @@ -217,5 +217,6 @@ Slither is licensed and distributed under the AGPLv3 license. [Contact us](mailt - [ETHPLOIT: From Fuzzing to Efficient Exploit Generation against Smart Contracts](https://wcventure.github.io/FuzzingPaper/Paper/SANER20_ETHPLOIT.pdf), Qingzhao Zhang, Yizhuo Wang, Juanru Li, Siqi Ma - SANER 20 - [Verification of Ethereum Smart Contracts: A Model Checking Approach](http://www.ijmlc.org/vol10/977-AM0059.pdf), Tam Bang, Hoang H Nguyen, Dung Nguyen, Toan Trieu, Tho Quan - IJMLC 20 - [Smart Contract Repair](https://arxiv.org/pdf/1912.05823.pdf), Xiao Liang Yu, Omar Al-Bataineh, David Lo, Abhik Roychoudhury - TOSEM 20 +- [Demystifying Loops in Smart Contracts](https://www.microsoft.com/en-us/research/uploads/prod/2020/08/loops_solidity__camera_ready-5f3fec3f15c69.pdf), Ben Mariano, Yanju Chen, Yu Feng, Shuvendu Lahiri, Isil Dillig - ASE 20 If you are using Slither on an academic work, consider applying to the [Crytic $10k Research Prize](https://blog.trailofbits.com/2019/11/13/announcing-the-crytic-10k-research-prize/). diff --git a/scripts/ci_test_cli.sh b/scripts/ci_test_cli.sh index fcdc960ff..9bfe63d5b 100755 --- a/scripts/ci_test_cli.sh +++ b/scripts/ci_test_cli.sh @@ -2,7 +2,7 @@ ### Test -solc use 0.7.0 +solc-select use 0.7.0 if ! slither "tests/config/test.sol" --solc-ast --ignore-return-value; then echo "--solc-ast failed" diff --git a/scripts/ci_test_erc.sh b/scripts/ci_test_erc.sh index a96a414e1..ce9a62363 100755 --- a/scripts/ci_test_erc.sh +++ b/scripts/ci_test_erc.sh @@ -4,7 +4,7 @@ DIR_TESTS="tests/check-erc" -solc use 0.5.0 +solc-select use 0.5.0 slither-check-erc "$DIR_TESTS/erc20.sol" ERC20 > test_1.txt 2>&1 DIFF=$(diff test_1.txt "$DIR_TESTS/test_1.txt") if [ "$DIFF" != "" ] diff --git a/scripts/ci_test_find_paths.sh b/scripts/ci_test_find_paths.sh index 2707aaa07..a916fb5a9 100755 --- a/scripts/ci_test_find_paths.sh +++ b/scripts/ci_test_find_paths.sh @@ -4,7 +4,7 @@ DIR_TESTS="tests/possible_paths" -solc use "0.5.0" +solc-select use "0.5.0" slither-find-paths "$DIR_TESTS/paths.sol" A.destination > test_possible_paths.txt 2>&1 DIFF=$(diff test_possible_paths.txt "$DIR_TESTS/paths.txt") if [ "$DIFF" != "" ] diff --git a/scripts/ci_test_kspec.sh b/scripts/ci_test_kspec.sh index c80df54e0..cb0a131a8 100755 --- a/scripts/ci_test_kspec.sh +++ b/scripts/ci_test_kspec.sh @@ -2,7 +2,7 @@ DIR_TESTS="tests/check-kspec" -solc use "0.5.0" +solc-select use "0.5.0" slither-check-kspec "$DIR_TESTS/safeAdd/safeAdd.sol" "$DIR_TESTS/safeAdd/spec.md" > test_1.txt 2>&1 DIFF=$(diff test_1.txt "$DIR_TESTS/test_1.txt") if [ "$DIFF" != "" ] diff --git a/scripts/ci_test_printers.sh b/scripts/ci_test_printers.sh index 209f4329e..1acfff3f1 100755 --- a/scripts/ci_test_printers.sh +++ b/scripts/ci_test_printers.sh @@ -10,6 +10,6 @@ if ! slither "tests/*.json" --print all --json -; then exit 1 fi -solc use "0.5.1" +solc-select use "0.5.1" slither examples/scripts/test_evm_api.sol --print evm diff --git a/scripts/ci_test_simil.sh b/scripts/ci_test_simil.sh index 5c8a8f70d..bad5fd067 100755 --- a/scripts/ci_test_simil.sh +++ b/scripts/ci_test_simil.sh @@ -7,7 +7,7 @@ pip3.6 install https://github.com/facebookresearch/fastText/archive/0.2.0.zip ### Test slither-simil -solc use "0.4.25" +solc-select use "0.4.25" DIR_TESTS="tests/simil" slither-simil info "" --filename $DIR_TESTS/../complex_func.sol --fname Complex.complexExternalWrites > test_1.txt 2>&1 diff --git a/scripts/ci_test_upgradability.sh b/scripts/ci_test_upgradability.sh index 2dd8f7a52..b34564003 100755 --- a/scripts/ci_test_upgradability.sh +++ b/scripts/ci_test_upgradability.sh @@ -3,7 +3,7 @@ ### Test slither-check-upgradeability DIR_TESTS="tests/check-upgradeability" -solc use "0.5.0" +solc-select use "0.5.0" slither-check-upgradeability "$DIR_TESTS/contractV1.sol" ContractV1 --proxy-filename "$DIR_TESTS/proxy.sol" --proxy-name Proxy > test_1.txt 2>&1 DIFF=$(diff test_1.txt "$DIR_TESTS/test_1.txt") diff --git a/trophies.md b/trophies.md new file mode 100644 index 000000000..55383790f --- /dev/null +++ b/trophies.md @@ -0,0 +1,45 @@ +# Slither Trophies + +The following lists security vulnerabilities that were found by Slither. +If you found a security vulnerability using Slither, +please submit a PR with the relevant information. + +| Project | Vulnerability | Date | +|--|--|--| +[Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) | Incorrect constructor name | July 2018 +[Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) | Deletion of a mapping with structure | July 2018 +[Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) | Uninitialized state variables | July 2018 +[Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf) | Missing return value check | Oct 2018 +[Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) | Reentrancy | Nov 2018 +[Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) | Deletion of a mapping with structure | Jul 2019 +[Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) | Missing return value | Jul 2019 +[Flexa](https://github.com/trailofbits/publications/blob/master/reviews/Flexa.pdf) | Reentrancy (events out of order) | Sep 2019 +[0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) | Missing return value | Oct 2019 +[Token mint](https://certificate.quantstamp.com/full/token-mint) | Reentrancies | Dec 2019 +[Airswap](https://certificate.quantstamp.com/full/airswap) | Missing return value check | Feb 2020 +[Stake Technologies Lockdrop](https://certificate.quantstamp.com/full/stake-technologies-lockdrop) | Dangerous strict equality | Mar 2020 +[E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Missing return value | May 2020 +[E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Empty return value | May 2020 +[DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Modifier can return the default value | May 2020 +[DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Dangerous strict equality allows the contract to be trapped | May 2020 +[DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Abi `encodedPacked` collision | May 2020 +[EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | `msg.value` is used two times to compute a price | May 2020 +[HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Reentrancy | May 2020 +[Dloop](https://certificate.quantstamp.com/full/dloop-art-registry-smart-contract) | Dangerous `block.timestamp` usage | Jun 2020 +[Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | Uninitialized state variable | Jul 2020 +[Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | State variable shadowing | Jul 2020 +[Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | Reentrancy | Jul 2020 +[Amp](https://github.com/trailofbits/publications/blob/master/reviews/amp.pdf) | Duplicate contract name | Aug 2020 +[PerlinXRewards](https://certificate.quantstamp.com/full/perlin-x-rewards-sol) | Multiple reentrancies | Aug 2020 +[Linkswap](https://certificate.quantstamp.com/full/linkswap) | Lack of return value check | Nov 2020 +[Linkswap](https://certificate.quantstamp.com/full/linkswap) | Uninitialized state variable | Nov 2020 +[Cryptex](https://certificate.quantstamp.com/full/cryptex) | Lack of return value check | Nov 2020 +[Hermez](https://github.com/trailofbits/publications/blob/master/reviews/hermez.pdf) | Reentrancy | Nov 2020 +[Unoswap](https://www.unos.finance/wp-content/uploads/2020/11/block-audit.pdf) | Contract locking ethers | Nov 2020 +[Idle](https://certificate.quantstamp.com/full/idle-finance) | Dangerous divide before multiply operations | Dec 2020 +[RariCapital](https://certificate.quantstamp.com/full/rari-capital) | Lack of return value check | Dec 2020 +[RariCapital](https://certificate.quantstamp.com/full/rari-capital) | Uninitialized state variable | Dec 2020 +[wfil-factory](https://github.com/wfil/wfil-factory/commit/a43c1ddf52cf1191ccf1e71a637df02d78b98cc0) | Reentrancy | Dec 2020 +[Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) | Reentrancy | Jan 2021 +[Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) | Variable shadowing | Jan 2021 +[OriginTrait](https://github.com/OriginTrail/starfleet-boarding-contract/commit/6481b12abc3cfd0d782abd0e32eabd103d8f6953) | Reentrancy | Jan 2021