In recent months we (me: officercia.eth & pessimistic.io) have been actively developing our own Slither detectors to help with code review and audit process!
This repository contains everything you may require to work with them!
This is merely a release article that largely repeats what is stated in our readme; however, this article will serve as the start of a series of articles in which we will explain the development, new detectors, and improvements!
Our team would like to express our deepest gratitude to the Slither tool creators: Josselin Feist, Gustavo Grieco, and Alex Groce, as well as Crytic, Trail of Bits’ blockchain security division, and all the people who believe in the original tool and its evolution!
Our aim was to increase the sensitivity of the detectors to assist our auditors, so they are quite straightforward and not written in the “original style.” As a result, they produce FPs (False Positives) more frequently than original ones.
So that, our detectors are a kind of automation of the checks implemented in the checklist, their main purpose is to look for issues and assist the code auditor.
Please let us know if you have discovered an issue/bug/vulnerability via our custom Slither detectors. You may contact us via opening a PR/Issue or directly, whichever is more convenient for you.
If you have any further questions or suggestions, please join our Discord Server or Telegram chat! We hope to see you there, and we intend to support the community and its initiatives! ❤️
We sincerely hope you find our work useful and appreciate any feedback, so please do not hesitate to contact us!
In short, Slither is a Python-based contract security framework first proposed in a 2019 paper by Josselin Feist, Gustavo Grieco, and Alex Groce. The Slither framework offers automated detection of vulnerabilities and optimizations, as well as codebase summaries to aid developer comprehension.
Born from Crytic, the blockchain security division of Trail of Bits, Slither is compatible with Hardhat and Truffle and supports Solidity code written beginning with V0.4.
Besides its excellent analysis capabilities, it also includes a bunch of printers that summarize different aspects of the contract in a digestible form. One can even use them to quickly build a mental contract model before diving deeply into the code!
However, multiple printers lose their value for more complex projects since their output becomes unmanageable… We tend to think that plugins are actually one of the most important aspects of properly setting up and running Slither because they significantly increase the functionality!
Also, keep in mind that it is the most convenient way to add your own detectors. Check out our recent article about the Slither, if you haven’t already:
This article also has the second purpose: being a systematization of knowledge (SoK) for the Slither tools usage, in which I will rely on authors that I myself trust in this matter and, of course, our pessimistic.io auditors!
With all said, Slither was mentioned in the following research papers (also check out more related resources here):
Small tip: use arxiv-vanity or dangerzone!
Detecting Vulnerable Ethereum Smart Contracts via Abstracted Vulnerability Signatures
Evaluating Smart Contract Static Analysis Tools Using Bug Injection
A Framework and DataSet for Bugs in Ethereum Smart Contracts
A Comprehensive Survey of Upgradeable Smart Contract Patterns
We would also like to invite you to visit our blog and read our article about the Slither
The list of resources you’ll see thereafter will help you learn more about Slither and our version of detectors, Slitherin, and we think you’ll find them to be very helpful:
We have meticulously studied all of the above, performed multiple backtests, and are proud to present our own detectors!
It would be fantastic if you could bookmark, share, star, or fork the following repository. Any attention will help us achieve our common goal of making Web3 a little bit safer than it was before: therefore, we require your support!
For our part, we’ll do everything in our power to ensure that this project continues to grow successfully in terms of both code and technology as well as community and professional interaction!
We sincerely hope you find our work useful and appreciate any feedback, so please do not hesitate to contact us!
We hope that this article was informative and useful for you! Thank you for reading! What instruments should we review? What would you be interested in reading about?
The following links and resources may be useful to you in your work; please carefully check them out:
Be sure to check out our blog as well!
Support is very important to me, with it I can do what I love — educating users!
If you want to support my work, you can send me a donation to the address:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR