Slither, the Solidity source analyzer

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.

Features

• Detects vulnerable Solidity code with low false positives
• Identifies where the error condition occurs in the source code
• Easy integration into continuous integration and Truffle builds
• Built-in ‘printers’ quickly report crucial contract information
• Detector API to write custom analyses in Python
• Ability to analyze contracts written with Solidity >= 0.4
• Intermediate representation (SlithIR) enables simple, high-precision analyses

Changelog

0.6.4 – 2019-05-14

Added

• New detectors:
  • ERC721 incorrect interface: erc721-interface (#215)
  • Conformance to numeric notation best practices: too-many-digits (#216)
  • Unchecked low level call: unchecked-lowlevel (#230)
  • Unchecked send: unchecked-send (#230)
• slither-simil: code similarity using machine learning (see the documentation)

Changed

• Improve unused-return results (#230)
• Improve solc-version results #240
• Update to crytic-compile version 0.1.1
• Add crytic-compile options to slither-check-upgradeability and slither-find-paths (#231)
• The json format was heavily changed. See its documentation for more details. Notable changes:
  • At the top level, the json contains information about the success of the Slither’s run
  • Each element has 3 required information (type, name, source_mapping), and two optional ones: type_specific_fields and additional_fields
  • The source_mapping has not four types of filename, as well as the column information (see Source mapping documentation
• Improvement of the human summary printer: lines and contracts number, ERCs and standard libraries detection (#228)
• Improve parsing of Literals (fbd1ddb), and type propagation
• Remove FPs on the incorrect erc20 interface dettector (#215)
• Clean exception handling (#229)

Fixed

• Re-add --solc-ast flag (12cdcc2)
• Incorrect function ids printer info (#211)
• Several minor bug fixes, including incorrect type propagation if a variable is accessed through the contract’s basename (6834d4c), add bytes.push() support (1d2997b)

Install

Slither requires Python 3.6+ and solc, the Solidity compiler.

Using Pip

$ pip install slither-analyzer

Using Git

Use

Run Slither on a Truffle application:

slither .

Run Slither on a single file:

$ slither tests/uninitialized.sol 
[..]
INFO:Detectors:
Uninitialized.destination (tests/uninitialized.sol#5) is never initialized. It is used in:
	- transfer (tests/uninitialized.sol#7-9)
Reference: https://github.com/trailofbits/slither/wiki/Vulnerabilities-Description#uninitialized-state-variables
[..]

Slither can be run on:

• A .sol file
• A Truffle directory
• A directory containing *.sol files (all the *.sol files will be analyzed)
• A glob (be sure to quote the argument when using a glob)

Configuration

• --solc SOLC: Path to solc (default ‘solc’)
• --solc-args SOLC_ARGS: Add custom solc arguments. SOLC_ARGS can contain multiple arguments
• --disable-solc-warnings: Do not print solc warnings
• --solc-ast: Use the solc AST file as input (solc file.sol --ast-json > file.ast.json)
• --json FILE: Export results as JSON

Detectors

By default, all the detectors are run.

Printers

To run a printer, use –print and a comma-separated list of printers.

Tutorial

Copyright (C) 2018 trailofbits