Feist Josselin
456aad2422
|
6 years ago | |
---|---|---|
examples | 6 years ago | |
plugin_example | 6 years ago | |
scripts | 6 years ago | |
slither | 6 years ago | |
tests | 6 years ago | |
.gitattributes | 6 years ago | |
.gitignore | 6 years ago | |
.travis.yml | 6 years ago | |
LICENSE | 6 years ago | |
README.md | 6 years ago | |
setup.py | 6 years ago |
README.md
Slither, the Solidity source analyzer
Slither is a Solidity static analysis framework written in Python 3. It provides an API to easily manipulate Solidity code, and integrates vulnerabilities detectors.
Features
With Slither you can:
- Detect vulnerabilities
- Speed up your understanding of code
- Build custom analyses to answer specific questions
- Quickly prototype a new static analysis techniques
Slither can analyze contracts written with Solidity > 0.4.
Some of Slither detectors are open-source, contact us to get access to additional detectors.
How to install
Slither uses Python 3.6.
Using Pip
$ pip install slither-analyzer
Using Gihtub
$ git clone https://github.com/trailofbits/slither.git & cd slither
$ python setup.py install
Slither requires solc, the Solidity compiler.
How to use
$ slither file.sol
For example:
$ slither tests/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in tests/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]
If Slither is applied on a directory, it will run on every .sol
file of the directory.
Checks available
By default, all the checks are run.
Check | Purpose | Impact | Confidence |
---|---|---|---|
--detect-uninitialized-state |
Detect uninitialized state variables | High | High |
--detect-uninitialized-storage |
Detect uninitialized storage variables | High | High |
--detect-pragma |
Detect if different pragma directives are used | Informational | High |
--detect-reentrancy |
Detect if different pragma directives are used | High | Medium |
--detect-solc-version |
Detect if an old version of Solidity is used (<0.4.23) | Informational | High |
Exclude analyses
--exclude-informational
: Exclude informational impact analyses--exclude-low
: Exclude low impact analyses--exclude-medium
: Exclude medium impact analyses--exclude-high
: Exclude high impact analyses--exclude-name
will exclude the detectorname
Configuration
--solc SOLC
: Path tosolc
(default 'solc')--solc-args SOLC_ARGS
: Add custom solc arguments.SOLC_ARGS
can contain multiple arguments.--disable-solc-warnings
: Do not print solc warnings--solc-ast
: Use the solc AST file as input (solc file.sol --ast-json > file.ast.json
)--json FILE
: Export results as JSON
Printers
--printer-summary
: Print a summary of the contracts--printer-quick-summary
: Print a quick summary of the contracts--printer-inheritance
: Print the inheritance graph--printer-vars-and-auth
: Print the variables written and the check onmsg.sender
of each function.
For more information about printers, see the Printers documentation
How to create analyses
See the API documentation, and the detector documentation.
License
Slither is licensed and distributed under the AGPLv3 license. Contact us if you're looking for an exception to the terms.