Slither is the first open-source static analysis framework for Solidity. Slither is fast and precise; it can find real vulnerabilities in a few seconds without user intervention. It is highly customizable and provides a set of APIs to inspect and analyze Solidity code easily. We use it in all of our security reviews. Now you can integrate it into your code-review process.
We are open sourcing the core analysis engine of Slither. This core provides advanced static-analysis features, including an intermediate representation (SlithIR) with taint tracking capabilities on top of which complex analyses (“detectors”) can be built. We have built many detectors, including ones that detect reentrancy and suicidal contracts. We are open sourcing some as examples.
If you are a smart-contract developer, a security expert, or an academic researcher, then you will find Slither invaluable. Start using it today:
pip install slither-analyzer
Built for continuous integration
Slither has a simple command line interface. To run all of its detectors on a Solidity file, this is all you need: $ slither contract.sol
You can integrate Slither into your development process without any configuration. Run it on each commit to check that you are not adding new bugs.
Helps automate security reviews
Slither provides an API to inspect Solidity code via custom scripts. We use this API to rapidly answer unique questions about the code we’re reviewing. We have used Slither to:
- Identify code that can modify a variable’s value.
- Isolate the conditional logic statements that are influenced by a particular variable’s value.
- Find other functions that are transitively reachable as a result of a call to a particular function.
For example, the following script will show which function(s) in myContract write to the state variable myVar:
# function_writing.py
import sys
from slither.slither import Slither
if len(sys.argv) != 2:
print('python.py function_writing.py file.sol')
exit(-1)
# Init slither
slither = Slither(sys.argv[1])
# Get the contract
contract = slither.get_contract_from_name('myContract')
# Get the variable
myVar = contract.get_state_variable_from_name('myVar')
# Get the functions writing the variable
funcs_writing_myVar = contract.get_functions_writing_to_variable(myVar)
# Print the result
print('Functions that write to "myVar": {}'.format([f.name for f in funcs_writing_myVar]))
Figure 1: Slither API Example
Read the API documentation and the examples to start harnessing Slither.
Aids in understanding contracts
Slither comes with a set of predefined “printers” which show high-level information about the contract. We included four that work out-of-the-box to print essential security information: a contract summary, a function summary, a graph of inheritance, and an authorization overview.
1. Contract summary printer
Gives a quick summary of the contract, showing the functions and their visibility:
Figure 2: Contract Summary Printer
2. Function summary printer
Shows useful information for each function, such as the state variables read and written, or the functions called:
Figure 3: Function Summary Printer
3. Inheritance printer
Outputs a graph highlighting the inheritance dependencies of all the contracts:
Figure 3: Function Summary Printer
4. Authorization printer
Shows what a user with privileges can do on the contract:
Figure 4: Authorization Printer
See Slither’s documentation for information about adding your own printers.
A foundation for research
Slither uses its own intermediate representation, SlithIR, to build innovative vulnerability analyses on Solidity. It provides access to the CFG of the functions, the inheritance of the contracts, and lets you inspect Solidity expressions.
Many academic tools, such as Oyente or MAIAN, advanced the start of the art when they were released. However, each academic team had to invent their own framework, built for only the limited scope of their particular area of interest. Maintenance became a challenge quickly. In contrast, Slither is a generic framework. Because it’s capable of the widest possible range of security analyses, it is regularly maintained and used by our open source community.
If you are an academic researcher, don’t spend time and effort parsing and recovering information from smart contracts. Prototype your new innovations on top of Slither, complete your research sooner, and ensure it maintains its utility over time.
It’s easy to extend Slither’s capabilities with new detector plugins. Read the detector documentation to start writing your own.
Next steps
Slither can find real vulnerabilities in a few seconds with minimal or no user interaction. We use it on all of our Solidity security reviews. You should too!
Many of our ongoing projects will improve Slither, including:
- API enhancements: Now that we have open sourced the core, we intend to provide the most effective static analysis framework possible.
- More precise built-in analyses: We plan to make several new layers of information, such as value tracking, accessible to the API.
- Toolchain integration: We plan to combine Slither with Manticore, Echidna, and Truffle to automate the triage of issues.
Questions about Slither’s API and its core framework? Join the Empire Hacking Slack. Need help integrating Slither into your development process? Want access to our full set of detectors? Contact us.
Interesting! The tools landscape for contract auditing is getting richer: so now, there is Slither for open-source contracts, and just yesterday JEB released their decompiler for opaque Ethereum contracts.
Pingback: We crypto now | Trail of Bits Blog
Pingback: $10,000 research fellowships for underrepresented talent | Trail of Bits Blog