TheDude
/
slither
mirror of https://github.com/crytic/slither
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Static Analyzer for Solidity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13 Commits
76 Branches
41 Tags
110 MiB
 
 
 
 
Tag: Branch: Tree: d4a49662f2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd4a49662f2'
${ noResults }
Josselin d4a49662f2
Add --print-variables-written-and-authorization printer 		6 years ago
docs Add --print-variables-written-and-authorization printer 6 years ago
examples Fix typo in functions_writing.py 6 years ago
scripts Update travis to use solc 0.4.24 6 years ago
slither Add --print-variables-written-and-authorization printer 6 years ago
.gitattributes Initial public commit 6 years ago
.gitignore Initial public commit 6 years ago
.travis.yml Initial public commit 6 years ago
LICENSE Initial public commit 6 years ago
README.md Update README.md 6 years ago
requirements.txt Initial public commit 6 years ago
slither.py Fix --low unrecognized (issue #1) 6 years ago

README.md

Slither, the Solidity source analyzer

Build Status

Slither is a Solidity static analysis framework. It provides an API to easily manipulate Solidity code. In addition to exposing a Solidity contracts AST, Slither provides many APIs to quickly check local and state variable usage.

With Slither you can:

  • Detect vulnerabilities
  • Speed up your understanding of code
  • Build custom analyses to answer specific questions
  • Quickly prototype a new static analysis techniques

How to install

Slither uses Python 2.

Use pip to install the dependencies:

$ pip install -U -r requirements.txt

You may also want solc, which can be installed using homebrew:

$ brew update
$ brew upgrade
$ brew tap ethereum/ethereum
$ brew install solidity
$ brew linkapps solidity

or with aptitude:

$ sudo add-apt-repository ppa:ethereum/ethereum
$ sudo apt-get update
$ sudo apt-get install solc

How to use

$ slither.py file.sol

$ slither.py examples/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in examples/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]

If Slither is applied on a directory, it will run on every .sol file of the directory.

Options

Configuration

  • --solc SOLC: Path to solc (default 'solc')
  • --disable-solc-warnings: Do not print solc warnings
  • --solc-ast: Use the solc AST file as input (solc file.sol --ast-json > file.ast.json)
  • --json FILE: Export results as JSON
  • --solc-args SOLC_ARGS: Add custom solc arguments. SOLC_ARGS can contain multiple arguments.

Analyses

  • --high: Run only medium/high severity checks with high confidence
  • --medium: Run only medium/high severity checks with medium confidence
  • --low: Run only low severity checks

Printers

  • --print-summary: Print a summary of the contracts
  • --print-quick-summary: Print a quick summary of the contracts
  • --print-inheritance: Print the inheritance graph

For more information about printers, see the Printers documentation

Checks available

Check Purpose Severity Confidence
--uninitialized Detect uninitialized variables High High

License

Slither is licensed and distributed under AGPLv3. Contact us if you're looking for an exception to the terms.