SHARE
Slither : Static Analyzer for Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses.

It enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.

Features

  • Detects vulnerable Solidity code with low false positives
  • Identifies where the error condition occurs in the source code
  • Easily integrates into continuous integration and Truffle builds
  • Built-in ‘printers’ quickly report crucial contract information
  • Detector API to write custom analyses in Python
  • Ability to analyze contracts written with Solidity >= 0.4
  • Intermediate representation (SlithIR) enables simple, high-precision analyses
  • Correctly parses 99.9% of all public Solidity code
  • Average execution time of less than 1 second per contract

Usage

Run Slither on a Truffle/Embark/Dapp/Etherlime application:

slither .

Run Slither on a single file:

$ slither tests/uninitialized.sol

For additional configuration, see the usage documentation.

Use solc-select if your contracts require older versions of solc.

Detectors

By default, all the detectors are run.

NumDetectorWhat it DetectsImpactConfidence
1rtloRight-To-Left-Override control character is usedHighHigh
2shadowing-stateState variables shadowingHighHigh
3suicidalFunctions allowing anyone to destruct the contractHighHigh
4uninitialized-stateUninitialized state variablesHighHigh
5uninitialized-storageUninitialized storage variablesHighHigh
6arbitrary-sendFunctions that send ether to arbitrary destinationsHighMedium
7controlled-delegatecallControlled delegatecall destinationHighMedium
8reentrancy-ethReentrancy vulnerabilities (theft of ethers)HighMedium
9erc20-interfaceIncorrect ERC20 interfacesMediumHigh
10erc721-interfaceIncorrect ERC721 interfacesMediumHigh
11incorrect-equalityDangerous strict equalitiesMediumHigh
12locked-etherContracts that lock etherMediumHigh
13shadowing-abstractState variables shadowing from abstract contractsMediumHigh
14constant-functionConstant functions changing the stateMediumMedium
15reentrancy-no-ethReentrancy vulnerabilities (no theft of ethers)MediumMedium
16tx-originDangerous usage of tx.originMediumMedium
17unchecked-lowlevelUnchecked low-level callsMediumMedium
18unchecked-sendUnchecked sendMediumMedium
19uninitialized-localUninitialized local variablesMediumMedium
20unused-returnUnused return valuesMediumMedium
21shadowing-builtinBuilt-in symbol shadowingLowHigh
22shadowing-localLocal variables shadowingLowHigh
23void-cstConstructor called not implementedLowHigh
24calls-loopMultiple calls in a loopLowMedium
25reentrancy-benignBenign reentrancy vulnerabilitiesLowMedium
26timestampDangerous usage of block.timestampLowMedium
27assemblyAssembly usageInformationalHigh
28deprecated-standardsDeprecated Solidity StandardsInformationalHigh
29erc20-indexedUn-indexed ERC20 event parametersInformationalHigh
30low-level-callsLow level callsInformationalHigh
31naming-conventionConformance to Solidity naming conventionsInformationalHigh
32pragmaIf different pragma directives are usedInformationalHigh
33solc-versionIncorrect Solidity version (< 0.4.24 or complex pragma)InformationalHigh
34unused-stateUnused state variablesInformationalHigh
35too-many-digitsConformance to numeric notation best practicesInformationalMedium
36constable-statesState variables that could be declared constantOptimizationHigh
37external-functionPublic function that could be declared as externalOptimizationHigh

Contact us to get access to additional detectors.

Printers

To run a printer, use --print and a comma-separated list of printers.

NumPrinterDescription
1call-graphExport the call-graph of the contracts to a dot file
2cfgExport the CFG of each functions
3constructor-callsPrint the constructors executed
4contract-summaryPrint a summary of the contracts
5data-dependencyPrint the data dependencies of the variables
6echidnaExport Echidna guiding information
7function-idPrint the keccack256 signature of the functions
8function-summaryPrint a summary of the functions
9human-summaryPrint a human-readable summary of the contracts
10inheritancePrint the inheritance relations between contracts
11inheritance-graphExport the inheritance graph of each contract to a dot file
12modifiersPrint the modifiers called by each function
13requirePrint the require and assert calls of each function
14slithirPrint the slithIR representation of the functions
15slithir-ssaPrint the slithIR representation of the functions
16variable-orderPrint the storage order of the state variables
17vars-and-authPrint the state variables written and the authorization of the functions

How to install?

Slither requires Python 3.6+ and solc, the Solidity compiler.

Using Pip

$ pip install slither-analyzer

Using Git

$ git clone https://github.com/crytic/slither.git && cd slither
$ python setup.py install

We recommend using an Python virtual environment, as detailed in the Developer Installation Instructions, if you prefer to install Slither via git.

Using Docker

Use the eth-security-toolbox docker image. It includes all of our security tools and every major version of Solidity in a single image. /home/share will be mounted to /share in the container. Use solc-select to switch the Solidity version.

docker pull trailofbits/eth-security-toolbox

To share a directory in the container:

docker run -it -v /home/share:/share trailofbits/eth-security-toolbox