Greetings, dear readers! Today we’ll look at the significant news and updates pertaining to our Slitherin project in this article. We at Pessimistic assure you that it will be fascinating — Slitherin, our own set of custom detectors for Slither, got another awesome update!
We’ve applied some significant updates during this time, and we appreciate all of your love and attention. Please let us know if you have discovered an issue/bug/vulnerability via our custom Slither detectors. You may contact us via opening a PR/Issue or directly, whichever is more convenient for you!
You can now install a fresh package: pypi.org/project/slitherin!
If you have any further questions or suggestions, please join our Discord Server or Telegram chat. We hope to see you there, and we intend to support the community and its initiatives.
Thank you, let’s get it started!
I — Slitherin Major Updates
In recent months we at Pessimistic have been actively developing our own Slither detectors to help with code review and audit process. More recently, we have released several new detectors and we encourage you to use them for your initial internal audit!
Reworks and additions
-
pess-uni-v2detector: Added a check of functions wherepathparameter is set through an external invocation. Thx @idrocortisone; -
pess-readonly-reentrancydetector: Added a check of potential vulnerabilities through interfaces. Thx @Yhtiyar; -
pess-dubious-typecastdetector: Complete rework. Looks for typecasts that can break contract logic. Thx @Yhtiyar.
Crucial Fixes
-
All Slitherin detectors work correctly when installed as a Python package;
-
pess-double-entry-tokendetector: Fixed paths to utils files and fixed usage through a Python package; -
pess-nft-approve-warningdetector: Fixed running on contracts with immutable types. Thx name less!
II — Slitherin Minor Updates and Optimization
Minor Fixes
-
OZ dependencies updated to the newest versions;
-
pess-for-continue-incrementdetector: Updated the version to run all tests simultaneously.
Optimization
-
pess-strange-setterdetector: Should produce less FP; -
pess-unprotected-setterdetector: Ignores interfaces. Thx @Yhtiyar; -
pess-unprotected-initializedetector: Ignores interfaces. Thx @Yhtiyar
III — Other Updates
-
Readonly-reentrancy now checks for potential vulnerabilities through interfaces;
-
Don’t forget to pull the changes: github.com/pessimistic-io/slitherin;
-
You can now install a fresh package: pypi.org/project/slitherin;
-
Optimizations to our detectors are coming soon. Much thanks to Idrocortisone and his own tool which helps us to check the FP rate!
-
More detectors to be released soon as well!
Stay tuned!
If you have any further questions or suggestions, please join our Discord Server or Telegram chat! We hope to see you there, and we intend to support the community and its initiatives!
Several audits have been completed successfully! By the way, here are some vacant slots now so if your project needs an audit — feel free to write to us, visit our public reports page here!
Our Pessimistic team would also like to express our deepest gratitude to the Slither tool creators: Josselin Feist, Gustavo Grieco, and Alex Groce, as well as Crytic, Trail of Bits’ blockchain security division, and all the people who believe in the original tool and its evolution:
We at pessimistic.io sincerely hope you find our work useful and appreciate any feedback, so please do not hesitate to contact us! The best answers and questions may be included in the next blog post. We hope that this article was informative and useful for you!
Support is very important to me, with it I can do what I love — educating users!
If you want to support my work, please, consider donating me:
-
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
-
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR