TheDude
/
slither
mirror of https://github.com/crytic/slither
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Static Analyzer for Solidity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 Commits
76 Branches
41 Tags
110 MiB
 
 
 
 
Tag: Branch: Tree: f7d13240f3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f7d13240f3'
${ noResults }
Josselin f7d13240f3
--detect-uninitialized -> --detect-uninitialized-state 		6 years ago
docs Update README 6 years ago
examples Improve uninitialized storage detector 6 years ago
scripts Add uninitialized storage var detector 6 years ago
slither --detect-uninitialized -> --detect-uninitialized-state 6 years ago
.gitattributes Initial public commit 6 years ago
.gitignore Add PyCharm project dir to gitignore 6 years ago
.travis.yml Add dev branch to travis 6 years ago
LICENSE Initial public commit 6 years ago
README.md --detect-uninitialized -> --detect-uninitialized-state 6 years ago
setup.py Plugin architecture works 6 years ago

README.md

Slither, the Solidity source analyzer

Build Status

Slither is a Solidity static analysis framework written in Python 3. It provides an API to easily manipulate Solidity code, and integrates vulnerabilities detectors.

Features

With Slither you can:

  • Detect vulnerabilities
  • Speed up your understanding of code
  • Build custom analyses to answer specific questions
  • Quickly prototype a new static analysis techniques

Slither can analyze contracts written with Solidity > 0.4.

Some of Slither detectors are open-source, contact us to get access to additional detectors.

How to install

Slither uses Python 3.6.

Using Pip

$ pip install slither-analyzer

Using Gihtub

$ git clone https://github.com/trailofbits/slither.git & cd slither
$ python setup.py install

Slither requires solc, the Solidity compiler.

How to use

$ slither file.sol

For example:

$ slither examples/bugs/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in examples/bugs/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]

If Slither is applied on a directory, it will run on every .sol file of the directory.

Checks available

By default, all the checks are run.

Check Purpose Impact Confidence
--detect-uninitialized-state Detect uninitialized state variables High High
--detect-uninitialized-storage Detect uninitialized storage variables High High
--detect-pragma Detect if different pragma directives are used Informational High
--detect-reentrancy Detect if different pragma directives are used High Medium
--detect-solc-version Detect if an old version of Solidity is used (<0.4.23) Informational High

Exclude analyses

  • --exclude-informational: Exclude informational impact analyses
  • --exclude-low: Exclude low impact analyses
  • --exclude-medium: Exclude medium impact analyses
  • --exclude-high: Exclude high impact analyses
  • --exclude-name will exclude the detector name

Configuration

  • --solc SOLC: Path to solc (default 'solc')
  • --solc-args SOLC_ARGS: Add custom solc arguments. SOLC_ARGS can contain multiple arguments.
  • --disable-solc-warnings: Do not print solc warnings
  • --solc-ast: Use the solc AST file as input (solc file.sol --ast-json > file.ast.json)
  • --json FILE: Export results as JSON

Printers

  • --printer-summary: Print a summary of the contracts
  • --printer-quick-summary: Print a quick summary of the contracts
  • --printer-inheritance: Print the inheritance graph
  • --printer-vars-and-auth: Print the variables written and the check on msg.sender of each function.

For more information about printers, see the Printers documentation

How to create analyses

See the API documentation, and the detector documentation.

License

Slither is licensed and distributed under the AGPLv3 license. Contact us if you're looking for an exception to the terms.