mirror of https://github.com/crytic/slither
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Josselin
5490cca41b
|
6 years ago | |
---|---|---|
docs | 6 years ago | |
examples | 6 years ago | |
scripts | 6 years ago | |
slither | 6 years ago | |
.gitattributes | 6 years ago | |
.gitignore | 6 years ago | |
.travis.yml | 6 years ago | |
LICENSE | 6 years ago | |
README.md | 6 years ago | |
requirements.txt | 6 years ago | |
slither.py | 6 years ago |
README.md
Slither, the Solidity source analyzer
Slither is a Solidity static analyzer framework, it provides an API to manipulate Solidity code easily. In addition to exposing a Solidity contracts AST, Slither provides many APIs to quickly check local and state variable usage.
With Slither you can:
- Detect vulnerabilities.
- Speed up your code understanding.
- Build custom analyses to answer specific needs.
- Quickly prototype a new static analysis technique.
How to install
Use pip to install the dependencies:
$ sudo -H pip install -U -r requirements.txt
You may also want solc, which can be installed using homebrew:
$ brew update
$ brew upgrade
$ brew tap ethereum/ethereum
$ brew install solidity
$ brew linkapps solidity
or with aptitude:
$ sudo add-apt-repository ppa:ethereum/ethereum
$ sudo apt-get update
$ sudo apt-get install solc
How to use
$ slither.py file.sol
$ slither.py examples/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in examples/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]
If Slither is applied on a directory, it will run on every .sol
file of the directory.
Options
Configuration
--solc
SOLC: Path tosolc
(default 'solc')--disable-solc-warnings
: Do not print solc warnings--solc-ast
: Use the solc AST file as input (solc file.sol --ast-json > file.ast.json
)--json
FILE: Export results as JSON--solc-args
SOLC_ARGS: Add custom solc arguments. SOLC_ARGS can contain multiple arguments.
Analyses
--high
: Run only medium/high severity checks with high confidence--medium
: Run only medium/high severity checks with medium confidence--low
: Run only low severity checks
Printers
--print-summary
: Print a summary of the contracts--print-quick-summary
: Print a quick summary of the contracts--print-inheritance
: Print the inheritance graph
For more information about printers, see the Printers documentation
Checks available
Check | Purpose | Severity | Confidence |
---|---|---|---|
--uninitialized |
Detect uninitialized variables | High | High |
License
Slither is licensed and distributed under the AGPLv3 license. Contact us if you're looking for an exception to the terms.ontact us if you're looking for an exception to the terms.