Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses.
It enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.
- Detects vulnerable Solidity code with low false positives
- Identifies where the error condition occurs in the source code
- Easily integrates into continuous integration and Truffle builds
- Built-in ‘printers’ quickly report crucial contract information
- Detector API to write custom analyses in Python
- Ability to analyze contracts written with Solidity >= 0.4
- Intermediate representation (SlithIR) enables simple, high-precision analyses
- Correctly parses 99.9% of all public Solidity code
- Average execution time of less than 1 second per contract
Run Slither on a Truffle/Embark/Dapp/Etherlime application:
Run Slither on a single file:
$ slither tests/uninitialized.sol
For additional configuration, see the usage documentation.
Use solc-select if your contracts require older versions of solc.
By default, all the detectors are run.
Contact us to get access to additional detectors.
To run a printer, use
Slither requires Python 3.6+ and solc, the Solidity compiler.
$ pip install slither-analyzer
$ git clone https://github.com/crytic/slither.git && cd slither
$ python setup.py install
We recommend using an Python virtual environment, as detailed in the Developer Installation Instructions, if you prefer to install Slither via git.
eth-security-toolbox docker image. It includes all of our security tools and every major version of Solidity in a single image.
/home/share will be mounted to
/share in the container. Use
solc-select to switch the Solidity version.
docker pull trailofbits/eth-security-toolbox
To share a directory in the container:
docker run -it -v /home/share:/share trailofbits/eth-security-toolbox