Greetings, dear readers! Today we’ll look at the significant news and updates pertaining to our Slitherin project in this article. We assure you that it will be fascinating — Slitherin, our own set of custom detectors for Slither, got the first community-origin update!
We’ve applied some significant community-origin updates during this time, and we appreciate all of your love and attention.
Thank you, let’s get it started!
In recent months we have been actively developing our own Slither detectors to help with code review and audit process. More recently, we have released several new detectors and we encourage you to use them for your initial internal audit, particularly the Read-Only Reentrancy and For-Continue-Increment detectors!
But let’s now get back to the point of our conversation today… Simply put, our detectors are a kind of automation of the checks implemented in the checklist, their main purpose is to look for issues and assist the code auditor!
This detector highlights the use of getter functions that return a value that theoretically could be manipulated during the execution.
Check: pess-readonly-reentrancy
Severity: High
Confidence: Low
Ensure that getter function values aren’t crucial and can’t be maliciously used in other contract parts during external calls before being updated!
Detector structure:
If you have any further questions or suggestions, please join our Discord Server or Telegram chat. We hope to see you there, and we intend to support the community and its initiatives!
It’s a common practice to use unchecked {++i;} to save gas in for loops. However in this situation a continue statement before the index increase might lead to an infinite loop.
Check: pess-for-continue-increment
Severity: Medium
Confidence: Low
So that, we’ve got a new detector For-Continue-Increment, here is a detector structure:
Also, if you are interested in the related vulnerability, check this resource! Big thanks to ljmanini for the idea and Idrocortisone for the code!
Please let us know if you have discovered an issue/bug/vulnerability via our custom Slither detectors. You may contact us via opening a PR/Issue or directly, whichever is more convenient for you!
We’ve made a proposal to Filecoin Foundation (FileCoin): github.com/filecoin-project/devgrants/issues/1587 — please support our initiative:
We’ve also participated in the HackFs Hackathon! Here is the link:
We also attended the ETH Belgrade conference where we talked about Slitherin & Spotter:
We would like to thank the organizers and everyone we met there!
In the near future, we intend to pitch Spotter at a significant number of conferences and turn on protection for a couple of our cordial DeFi protocols. This year promises to be full with exciting events!
We plan to create a more straightforward installation using a pip package, much thanks Aganinev for the idea!
Optimizations to our detectors are coming soon. Much thanks to Idrocortisone and his own tool which helps us to check the FP rate!
More detectors to be released soon as well!
If you have any further questions or suggestions, please join our Discord Server or Telegram chat! We hope to see you there, and we intend to support the community and its initiatives!
Several audits have been completed successfully! By the way, here are some vacant slots now so if your project needs an audit — feel free to write to us, visit our public reports page here!
Our team would also like to express our deepest gratitude to the Slither tool creators: Josselin Feist, Gustavo Grieco, and Alex Groce, as well as Crytic, Trail of Bits’ blockchain security division, and all the people who believe in the original tool and its evolution:
We sincerely hope you find our work useful and appreciate any feedback, so please do not hesitate to contact us! The best answers and questions may be included in the next blog post. We hope that this article was informative and useful for you!