Slither is a Solidity static analysis framework. It provides an API to easily manipulate Solidity code. In addition to exposing a Solidity contracts AST, Slither provides many APIs to quickly check local and state variable usage.
With Slither you can:
- Detect vulnerabilities
- Speed up your understanding of code
- Build custom analyses to answer specific questions
- Quickly prototype a new static analysis techniques
Use pip to install the dependencies:
$ sudo -H pip install -U -r requirements.txtYou may also want solc, which can be installed using homebrew:
$ brew update
$ brew upgrade
$ brew tap ethereum/ethereum
$ brew install solidity
$ brew linkapps solidityor with aptitude:
$ sudo add-apt-repository ppa:ethereum/ethereum
$ sudo apt-get update
$ sudo apt-get install solc$ slither.py file.sol
$ slither.py examples/uninitialized.sol
[..]
INFO:Detectors:Uninitialized state variables in examples/uninitialized.sol, Contract: Uninitialized, Vars: destination, Used in ['transfer']
[..]
If Slither is applied on a directory, it will run on every .sol file of the directory.
--solc SOLC: Path tosolc(default 'solc')--disable-solc-warnings: Do not print solc warnings--solc-ast: Use the solc AST file as input (solc file.sol --ast-json > file.ast.json)--json FILE: Export results as JSON--solc-args SOLC_ARGS: Add custom solc arguments.SOLC_ARGScan contain multiple arguments.
--high: Run only medium/high severity checks with high confidence--medium: Run only medium/high severity checks with medium confidence--low: Run only low severity checks
--print-summary: Print a summary of the contracts--print-quick-summary: Print a quick summary of the contracts--print-inheritance: Print the inheritance graph
For more information about printers, see the Printers documentation
| Check | Purpose | Severity | Confidence |
|---|---|---|---|
--uninitialized |
Detect uninitialized variables | High | High |
Slither is licensed and distributed under AGPLv3. Contact us if you're looking for an exception to the terms.