Programming

slither v0.6.2 releases: Static Analyzer for Solidity

do son April 6, 2019 No Comments SlitherSolidity source analyzer

Slither, the Solidity source analyzer

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.

slither

Features

  • Detects vulnerable Solidity code with low false positives
  • Identifies where the error condition occurs in the source code
  • Easy integration into continuous integration and Truffle builds
  • Built-in ‘printers’ quickly report crucial contract information
  • Detector API to write custom analyses in Python
  • Ability to analyze contracts written with Solidity >= 0.4
  • Intermediate representation (SlithIR) enables simple, high-precision analyses

Changelog

0.6.2 – 2019-03-05

This release brings Embark native support, fixes several bugs, and improves slither-check-upgradeability.

Added

Changed

  • Rename slither-check-upgradability to slither-check-upgradeability (bffa59f)
  • --ignore-truffle-compile flag renamed to --truffle-ignore-compile
  • Improve slither-check-upgradeability output and documentation.
  • API changed: Add framework detection within Slither object; the caller does not need to check for native/truffle/embark (ee1b4c2)

Fixed

  • Incorrect source mapping computation (#194)
  • Incorrect data dependency for return values (#193)
  • Crash related to the support of abi.decode (#177)

Install

Slither requires Python 3.6+ and solc, the Solidity compiler.

Using Pip

$ pip install slither-analyzer

Using Git

$ git clone https://github.com/trailofbits/slither.git && cd slither
$ python setup.py install

Use

Run Slither on a Truffle application:

slither .

Run Slither on a single file:

$ slither tests/uninitialized.sol 
[..]
INFO:Detectors:
Uninitialized.destination (tests/uninitialized.sol#5) is never initialized. It is used in:
	- transfer (tests/uninitialized.sol#7-9)
Reference: https://github.com/trailofbits/slither/wiki/Vulnerabilities-Description#uninitialized-state-variables
[..]

 

 

 

 

 

 

Slither can be run on:

  • .sol file
  • A Truffle directory
  • A directory containing *.sol files (all the *.sol files will be analyzed)
  • A glob (be sure to quote the argument when using a glob)

Configuration

  • --solc SOLC: Path to solc (default ‘solc’)
  • --solc-args SOLC_ARGS: Add custom solc arguments. SOLC_ARGS can contain multiple arguments
  • --disable-solc-warnings: Do not print solc warnings
  • --solc-ast: Use the solc AST file as input (solc file.sol --ast-json > file.ast.json)
  • --json FILE: Export results as JSON

Detectors

By default, all the detectors are run.

NumDetectorWhat it DetectsImpactConfidence
1suicidalFunctions allowing anyone to destruct the contractHighHigh
2uninitialized-localUninitialized local variablesHighHigh
3uninitialized-stateUninitialized state variablesHighHigh
4uninitialized-storageUninitialized storage variablesHighHigh
5arbitrary-sendFunctions that send ether to arbitrary destinationsHighMedium
6controlled-delegatecallControlled delegatecall destinationHighMedium
7reentrancyReentrancy vulnerabilitiesHighMedium
8locked-etherContracts that lock etherMediumHigh
9const-funcConstant functions changing the stateMediumMedium
10tx-originDangerous usage of tx.originMediumMedium
11assemblyAssembly usageInformationalHigh
12constable-statesState variables that could be declared constantInformationalHigh
13external-functionPublic function that could be declared as externalInformationalHigh
14low-level-callsLow level callsInformationalHigh
15naming-conventionConformance to Solidity naming conventionsInformationalHigh
16pragmaIf different pragma directives are usedInformationalHigh
17solc-versionOld versions of Solidity (< 0.4.23)InformationalHigh
18unused-stateUnused state variables

Printers

To run a printer, use –print and a comma-separated list of printers.

NumPrinterDescription
1call-graphExport the call-graph of the contracts to a dot file
2contract-summaryPrint a summary of the contracts
3function-summaryPrint a summary of the functions
4human-summaryPrint a human-readable summary of the contracts
5inheritancePrint the inheritance relations between contracts
6inheritance-graphExport the inheritance graph of each contract to a dot file
7slithirPrint the slithIR representation of the functions
8vars-and-authPrint the state variables written and the authorization of the functions

Tutorial

Copyright (C) 2018 trailofbits

Share