TheDude
/
slither
mirror of https://github.com/crytic/slither
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Static Analyzer for Solidity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
76 Branches
41 Tags
110 MiB
 
 
 
 
Tag: Branch: Tree: d6b51cef66
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd6b51cef66'
${ noResults }
Josselin d6b51cef66
Initial public commit 		6 years ago
docs Initial public commit 6 years ago
examples Initial public commit 6 years ago
scripts Initial public commit 6 years ago
slither Initial public commit 6 years ago
.gitattributes Initial public commit 6 years ago
.gitignore Initial public commit 6 years ago
.travis.yml Initial public commit 6 years ago
LICENSE Initial public commit 6 years ago
README.md Initial public commit 6 years ago
requirements.txt Initial public commit 6 years ago
slither.py Initial public commit 6 years ago

README.md

Slither, the Solidity source analyzer

Build Status

Slither is a Solidity static analyzer framework, it provides an API to manipulate Solidity code easily. In addition to exposing a Solidity contracts AST, Slither provides many APIs to quickly check local and state variable usage.

With Slither you can:

  • Detect vulnerabilities.
  • Speed up your code understanding.
  • Build custom analyses to answer specific needs.
  • Quickly prototype a new static analysis technique.

How to install

Use pip to install the dependencies:

$ sudo -H pip install -U -r requirements.txt

You may also want solc, which can be installed using homebrew:

$ brew update
$ brew upgrade
$ brew tap ethereum/ethereum
$ brew install solidity
$ brew linkapps solidity

or with aptitude:

$ sudo add-apt-repository ppa:ethereum/ethereum
$ sudo apt-get update
$ sudo apt-get install solc

How to use

$ slither.py file.sol

$ slither.py examples/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in examples/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]

If Slither is applied on a directory, it will run on every .sol file of the directory.

Options

Configuration

  • --solc SOLC: Path to solc (default 'solc')
  • --disable-solc-warnings: Do not print solc warnings
  • --solc-ast: Use the solc AST file as input (solc file.sol --ast-json > file.ast.json)
  • --json FILE: Export results as JSON
  • --solc-args SOLC_ARGS: Add custom solc arguments. SOLC_ARGS can contain multiple arguments.

Analyses

  • --high: Run only medium/high severity checks with high confidence
  • --medium: Run only medium/high severity checks with medium confidence
  • --low: Run only low severity checks

Printers

  • --print-summary: Print a summary of the contracts
  • --print-quick-summary: Print a quick summary of the contracts
  • --print-inheritance: Print the inheritance graph

For more information about printers, see the Printers documentation

Checks available

Check Purpose Severity Confidence
--uninitialized Detect uninitialized variables High High

License

Slither is licensed and distributed under the AGPLv3 license. Contact us if you're looking for an exception to the terms.ontact us if you're looking for an exception to the terms.