Slither, the Solidity source analyzer

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.

• Features
• Bugs and Optimizations Detection
• Printers
• Tools
• How to Install
• Getting Help
• Publications

Features

• Detects vulnerable Solidity code with low false positives
• Identifies where the error condition occurs in the source code
• Easily integrates into continuous integration and Truffle builds
• Built-in 'printers' quickly report crucial contract information
• Detector API to write custom analyses in Python
• Ability to analyze contracts written with Solidity >= 0.4
• Intermediate representation (SlithIR) enables simple, high-precision analyses
• Correctly parses 99.9% of all public Solidity code
• Average execution time of less than 1 second per contract

Bugs and Optimizations Detection

Run Slither on a Truffle/Embark/Dapp/Etherlime application:

slither .

Run Slither on a single file:

slither tests/uninitialized.sol

For additional configuration, see the usage documentation.

Use solc-select if your contracts require older versions of solc.

Detectors

Num	Detector	What it Detects	Impact	Confidence
1	name-reused	Contract's name reused	High	High
2	rtlo	Right-To-Left-Override control character is used	High	High
3	shadowing-state	State variables shadowing	High	High
4	suicidal	Functions allowing anyone to destruct the contract	High	High
5	uninitialized-state	Uninitialized state variables	High	High
6	uninitialized-storage	Uninitialized storage variables	High	High
7	arbitrary-send	Functions that send ether to arbitrary destinations	High	Medium
8	controlled-delegatecall	Controlled delegatecall destination	High	Medium
9	reentrancy-eth	Reentrancy vulnerabilities (theft of ethers)	High	Medium
10	erc20-interface	Incorrect ERC20 interfaces	Medium	High
11	erc721-interface	Incorrect ERC721 interfaces	Medium	High
12	incorrect-equality	Dangerous strict equalities	Medium	High
13	locked-ether	Contracts that lock ether	Medium	High
14	shadowing-abstract	State variables shadowing from abstract contracts	Medium	High
15	tautology	Tautology or contradiction	Medium	High
16	boolean-cst	Misuse of Boolean constant	Medium	Medium
17	constant-function-asm	Constant functions using assembly code	Medium	Medium
18	constant-function-state	Constant functions changing the state	Medium	Medium
19	divide-before-multiply	Imprecise arithmetic operations order	Medium	Medium
20	reentrancy-no-eth	Reentrancy vulnerabilities (no theft of ethers)	Medium	Medium
21	tx-origin	Dangerous usage of tx.origin	Medium	Medium
22	unchecked-lowlevel	Unchecked low-level calls	Medium	Medium
23	unchecked-send	Unchecked send	Medium	Medium
24	uninitialized-local	Uninitialized local variables	Medium	Medium
25	unused-return	Unused return values	Medium	Medium
26	shadowing-builtin	Built-in symbol shadowing	Low	High
27	shadowing-local	Local variables shadowing	Low	High
28	void-cst	Constructor called not implemented	Low	High
29	calls-loop	Multiple calls in a loop	Low	Medium
30	reentrancy-benign	Benign reentrancy vulnerabilities	Low	Medium
31	reentrancy-events	Reentrancy vulnerabilities leading to out-of-order Events	Low	Medium
32	timestamp	Dangerous usage of block.timestamp	Low	Medium
33	assembly	Assembly usage	Informational	High
34	boolean-equal	Comparison to boolean constant	Informational	High
35	deprecated-standards	Deprecated Solidity Standards	Informational	High
36	erc20-indexed	Un-indexed ERC20 event parameters	Informational	High
37	low-level-calls	Low level calls	Informational	High
38	naming-convention	Conformance to Solidity naming conventions	Informational	High
39	pragma	If different pragma directives are used	Informational	High
40	solc-version	Incorrect Solidity version	Informational	High
41	unused-state	Unused state variables	Informational	High
42	reentrancy-unlimited-gas	Reentrancy vulnerabilities through send and transfer	Informational	Medium
43	too-many-digits	Conformance to numeric notation best practices	Informational	Medium
44	constable-states	State variables that could be declared constant	Optimization	High
45	external-function	Public function that could be declared as external	Optimization	High

See the Detectors Documentation for more information. By default, all the detectors are run.

Check out Crytic to get access to additional Slither's detectors and GitHub integration.

Printers

Quick Review Printers

• human-summary: Print a human-readable summary of the contracts
• inheritance-graph: Export the inheritance graph of each contract to a dot file
• contract-summary: Print a summary of the contracts

In-Depth Review Printers

• call-graph: Export the call-graph of the contracts to a dot file
• cfg: Export the CFG of each functions
• function-summary: Print a summary of the functions
• vars-and-auth: Print the state variables written and the authorization of the functions

To run a printer, use --print and a comma-separated list of printers.

See the Printer documentation for the complete lists.

Tools

• slither-check-upgradeability: Review delegatecall-based upgradeability
• slither-prop: Automatic unit tests and properties generation
• slither-flat: Flatten a codebase
• slither-check-erc: Check the ERC's conformance
• slither-format: Automatic patches generation

See the Tool documentation for additional tools.

Contact us to get help on building custom tools.

How to install

Slither requires Python 3.6+ and solc, the Solidity compiler.

Using Pip

pip3 install slither-analyzer

Using Git

git clone https://github.com/crytic/slither.git && cd slither
python3 setup.py install

We recommend using an Python virtual environment, as detailed in the Developer Installation Instructions, if you prefer to install Slither via git.

Using Docker

Use the eth-security-toolbox docker image. It includes all of our security tools and every major version of Solidity in a single image. /home/share will be mounted to /share in the container.

docker pull trailofbits/eth-security-toolbox

To share a directory in the container:

docker run -it -v /home/share:/share trailofbits/eth-security-toolbox

Getting Help

Feel free to stop by our Slack channel (#ethereum) for help using or extending Slither.

• The Printer documentation describes the information Slither is capable of visualizing for each contract.

• The Detector documentation describes how to write a new vulnerability analyses.

• The API documentation describes the methods and objects available for custom analyses.

• The SlithIR documentation describes the SlithIR intermediate representation.

License

Slither is licensed and distributed under the AGPLv3 license. Contact us if you're looking for an exception to the terms.

Publications

Trail of Bits publication

• Slither: A Static Analysis Framework For Smart Contracts, Josselin Feist, Gustavo Grieco, Alex Groce - WETSEB '19

External publications

• ReJection: A AST-Based Reentrancy Vulnerability Detection Method, Rui Ma, Zefeng Jian, Guangyuan Chen, Ke Ma, Yujia Chen - CTCIS 19
• MPro: Combining Static and Symbolic Analysis forScalable Testing of Smart Contract, William Zhang, Sebastian Banescu, Leodardo Pasos, Steven Stewart, Vijay Ganesh - ISSRE 2019
• ETHPLOIT: From Fuzzing to Efficient Exploit Generation against Smart Contracts, Qingzhao Zhang, Yizhuo Wang, Juanru Li, Siqi Ma - SANER 20
• Verification of Ethereum Smart Contracts: A Model Checking Approach, Tam Bang, Hoang H Nguyen, Dung Nguyen, Toan Trieu, Tho Quan - IJMLC 20

If you are using Slither on an academic work, consider applying to the Crytic $10k Research Prize.