mirror of https://github.com/crytic/slither
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Lorenz Breidenbach
90ea39bdd9
|
6 years ago | |
---|---|---|
docs | 6 years ago | |
examples | 6 years ago | |
scripts | 6 years ago | |
slither | 6 years ago | |
.gitattributes | 6 years ago | |
.gitignore | 6 years ago | |
.travis.yml | 6 years ago | |
LICENSE | 6 years ago | |
README.md | 6 years ago | |
requirements.txt | 6 years ago | |
slither.py | 6 years ago |
README.md
Slither, the Solidity source analyzer
Slither is a Solidity static analysis framework. It provides an API to easily manipulate Solidity code. In addition to exposing a Solidity contracts AST, Slither provides many APIs to quickly check local and state variable usage.
With Slither you can:
- Detect vulnerabilities
- Speed up your understanding of code
- Build custom analyses to answer specific questions
- Quickly prototype a new static analysis techniques
How to install
Use pip to install the dependencies:
$ pip install -U -r requirements.txt
You may also want solc, which can be installed using homebrew:
$ brew update
$ brew upgrade
$ brew tap ethereum/ethereum
$ brew install solidity
$ brew linkapps solidity
or with aptitude:
$ sudo add-apt-repository ppa:ethereum/ethereum
$ sudo apt-get update
$ sudo apt-get install solc
How to use
$ slither.py file.sol
$ slither.py examples/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in examples/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]
If Slither is applied on a directory, it will run on every .sol
file of the directory.
Options
Configuration
--solc SOLC
: Path tosolc
(default 'solc')--disable-solc-warnings
: Do not print solc warnings--solc-ast
: Use the solc AST file as input (solc file.sol --ast-json > file.ast.json
)--json FILE
: Export results as JSON--solc-args SOLC_ARGS
: Add custom solc arguments.SOLC_ARGS
can contain multiple arguments.
Analyses
--high
: Run only medium/high severity checks with high confidence--medium
: Run only medium/high severity checks with medium confidence--low
: Run only low severity checks
Printers
--print-summary
: Print a summary of the contracts--print-quick-summary
: Print a quick summary of the contracts--print-inheritance
: Print the inheritance graph
For more information about printers, see the Printers documentation
Checks available
Check | Purpose | Severity | Confidence |
---|---|---|---|
--uninitialized |
Detect uninitialized variables | High | High |
License
Slither is licensed and distributed under AGPLv3. Contact us if you're looking for an exception to the terms.