Programming

slither v0.6 releases: Static Analyzer for Solidity

do son February 15, 2019 No Comments SlitherSolidity source analyzer

Slither, the Solidity source analyzer

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.

slither

Features

  • Detects vulnerable Solidity code with low false positives
  • Identifies where the error condition occurs in the source code
  • Easy integration into continuous integration and Truffle builds
  • Built-in ‘printers’ quickly report crucial contract information
  • Detector API to write custom analyses in Python
  • Ability to analyze contracts written with Solidity >= 0.4
  • Intermediate representation (SlithIR) enables simple, high-precision analyses

Changelog v0.6  2019-02-15

This release adds 3 new detectors, 5 new printers, improves the overall usability of Slither, and introduces a new tool: slither-check-upgradability to help to review upradable contracts. A large effort has been made to improve our user documentation and developper documentation. This release brings also several bugfixes, API enhancements and lowers the rate of false positives for several detectors.

Added

Changed:

  • Reduce the false alarms rates of:
    • Unused variables: consider expression oustide of the functions’ scope #167
    • Reentrancy: check if a call to this is reentrancy-safe + don’t consider view/pure calls for Solidity >= 0.5 #127 #126
    • Locked ether: follow libraries calls #163
  • Improve Truffle integration: Slither will automatically switch to the truffle version provided in package.json (#154)
  • Improve SSA conversion: Use of an interprocedural sensitive analysis (follow parameters) (#156 (comment))
  • Improve data dependency: Compute a fix-point on function context (#171)
  • Improve inheritance printer output (#162#166)
  • Add support of staticall (#152)

Fixed

  • Several minors bugs, including:
    • Incorrect SSA conversion on Return (59af388)
    • is_storage property on StateVariableIR/LocalVariableIR (59af388)
    • Crash when two variables have the same name #151
    • Incorrect location for LocalVariableIR (#143)
    • Add constant folding visitor to avoid crash on expression-based length (#144)

Install

Slither requires Python 3.6+ and solc, the Solidity compiler.

Using Pip

$ pip install slither-analyzer

Using Git

$ git clone https://github.com/trailofbits/slither.git && cd slither
$ python setup.py install

Use

Run Slither on a Truffle application:

slither .

Run Slither on a single file:

$ slither tests/uninitialized.sol 
[..]
INFO:Detectors:
Uninitialized.destination (tests/uninitialized.sol#5) is never initialized. It is used in:
	- transfer (tests/uninitialized.sol#7-9)
Reference: https://github.com/trailofbits/slither/wiki/Vulnerabilities-Description#uninitialized-state-variables
[..]

 

 

 

 

Slither can be run on:

  • .sol file
  • A Truffle directory
  • A directory containing *.sol files (all the *.sol files will be analyzed)
  • A glob (be sure to quote the argument when using a glob)

Configuration

  • --solc SOLC: Path to solc (default ‘solc’)
  • --solc-args SOLC_ARGS: Add custom solc arguments. SOLC_ARGS can contain multiple arguments
  • --disable-solc-warnings: Do not print solc warnings
  • --solc-ast: Use the solc AST file as input (solc file.sol --ast-json > file.ast.json)
  • --json FILE: Export results as JSON

Detectors

By default, all the detectors are run.

NumDetectorWhat it DetectsImpactConfidence
1suicidalFunctions allowing anyone to destruct the contractHighHigh
2uninitialized-localUninitialized local variablesHighHigh
3uninitialized-stateUninitialized state variablesHighHigh
4uninitialized-storageUninitialized storage variablesHighHigh
5arbitrary-sendFunctions that send ether to arbitrary destinationsHighMedium
6controlled-delegatecallControlled delegatecall destinationHighMedium
7reentrancyReentrancy vulnerabilitiesHighMedium
8locked-etherContracts that lock etherMediumHigh
9const-funcConstant functions changing the stateMediumMedium
10tx-originDangerous usage of tx.originMediumMedium
11assemblyAssembly usageInformationalHigh
12constable-statesState variables that could be declared constantInformationalHigh
13external-functionPublic function that could be declared as externalInformationalHigh
14low-level-callsLow level callsInformationalHigh
15naming-conventionConformance to Solidity naming conventionsInformationalHigh
16pragmaIf different pragma directives are usedInformationalHigh
17solc-versionOld versions of Solidity (< 0.4.23)InformationalHigh
18unused-stateUnused state variables

Printers

To run a printer, use –print and a comma-separated list of printers.

NumPrinterDescription
1call-graphExport the call-graph of the contracts to a dot file
2contract-summaryPrint a summary of the contracts
3function-summaryPrint a summary of the functions
4human-summaryPrint a human-readable summary of the contracts
5inheritancePrint the inheritance relations between contracts
6inheritance-graphExport the inheritance graph of each contract to a dot file
7slithirPrint the slithIR representation of the functions
8vars-and-authPrint the state variables written and the authorization of the functions

Tutorial

Copyright (C) 2018 trailofbits

Share