Home

Awesome

Slither, the smart contract static analyzer

<img src="https://raw.githubusercontent.com/crytic/slither/master/logo.png" alt="Slither Static Analysis Framework Logo" width="500" />

Build Status PyPI Slither - Read the Docs Slither - Wiki

Join the Empire Hacking Slack

Slack Status

<sub><i>- Discussions and Support </i></sub>

Slither is a Solidity & Vyper static analysis framework written in Python3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.

Features

Usage

Run Slither on a Hardhat/Foundry/Dapp/Brownie application:

slither .

This is the preferred option if your project has dependencies as Slither relies on the underlying compilation framework to compile source code.

However, you can run Slither on a single file that does not import dependencies:

slither tests/uninitialized.sol

How to install

Note <br /> Slither requires Python 3.8+. If you're not going to use one of the supported compilation frameworks, you need solc, the Solidity compiler; we recommend using solc-select to conveniently switch between solc versions.

Using Pip

python3 -m pip install slither-analyzer

Using Git

git clone https://github.com/crytic/slither.git && cd slither
python3 -m pip install .

We recommend using a Python virtual environment, as detailed in the Developer Installation Instructions, if you prefer to install Slither via git.

Using Docker

Use the eth-security-toolbox docker image. It includes all of our security tools and every major version of Solidity in a single image. /home/share will be mounted to /share in the container.

docker pull trailofbits/eth-security-toolbox

To share a directory in the container:

docker run -it -v /home/share:/share trailofbits/eth-security-toolbox

Integration

Detectors

NumDetectorWhat it DetectsImpactConfidence
1abiencoderv2-arrayStorage abiencoderv2 arrayHighHigh
2arbitrary-send-erc20transferFrom uses arbitrary fromHighHigh
3array-by-referenceModifying storage array by valueHighHigh
4encode-packed-collisionABI encodePacked CollisionHighHigh
5incorrect-shiftThe order of parameters in a shift instruction is incorrect.HighHigh
6multiple-constructorsMultiple constructor schemesHighHigh
7name-reusedContract's name reusedHighHigh
8protected-varsDetected unprotected variablesHighHigh
9public-mappings-nestedPublic mappings with nested variablesHighHigh
10rtloRight-To-Left-Override control character is usedHighHigh
11shadowing-stateState variables shadowingHighHigh
12suicidalFunctions allowing anyone to destruct the contractHighHigh
13uninitialized-stateUninitialized state variablesHighHigh
14uninitialized-storageUninitialized storage variablesHighHigh
15unprotected-upgradeUnprotected upgradeable contractHighHigh
16codexUse Codex to find vulnerabilities.HighLow
17arbitrary-send-erc20-permittransferFrom uses arbitrary from with permitHighMedium
18arbitrary-send-ethFunctions that send Ether to arbitrary destinationsHighMedium
19controlled-array-lengthTainted array length assignmentHighMedium
20controlled-delegatecallControlled delegatecall destinationHighMedium
21delegatecall-loopPayable functions using delegatecall inside a loopHighMedium
22incorrect-expIncorrect exponentiationHighMedium
23incorrect-returnIf a return is incorrectly used in assembly mode.HighMedium
24msg-value-loopmsg.value inside a loopHighMedium
25reentrancy-ethReentrancy vulnerabilities (theft of ethers)HighMedium
26return-leaveIf a return is used instead of a leave.HighMedium
27storage-arraySigned storage integer array compiler bugHighMedium
28unchecked-transferUnchecked tokens transferHighMedium
29weak-prngWeak PRNGHighMedium
30domain-separator-collisionDetects ERC20 tokens that have a function whose signature collides with EIP-2612's DOMAIN_SEPARATOR()MediumHigh
31enum-conversionDetect dangerous enum conversionMediumHigh
32erc20-interfaceIncorrect ERC20 interfacesMediumHigh
33erc721-interfaceIncorrect ERC721 interfacesMediumHigh
34incorrect-equalityDangerous strict equalitiesMediumHigh
35locked-etherContracts that lock etherMediumHigh
36mapping-deletionDeletion on mapping containing a structureMediumHigh
37shadowing-abstractState variables shadowing from abstract contractsMediumHigh
38tautological-compareComparing a variable to itself always returns true or false, depending on comparisonMediumHigh
39tautologyTautology or contradictionMediumHigh
40write-after-writeUnused writeMediumHigh
41boolean-cstMisuse of Boolean constantMediumMedium
42constant-function-asmConstant functions using assembly codeMediumMedium
43constant-function-stateConstant functions changing the stateMediumMedium
44divide-before-multiplyImprecise arithmetic operations orderMediumMedium
45out-of-order-retryableOut-of-order retryable transactionsMediumMedium
46reentrancy-no-ethReentrancy vulnerabilities (no theft of ethers)MediumMedium
47reused-constructorReused base constructorMediumMedium
48tx-originDangerous usage of tx.originMediumMedium
49unchecked-lowlevelUnchecked low-level callsMediumMedium
50unchecked-sendUnchecked sendMediumMedium
51uninitialized-localUninitialized local variablesMediumMedium
52unused-returnUnused return valuesMediumMedium
53incorrect-modifierModifiers that can return the default valueLowHigh
54shadowing-builtinBuilt-in symbol shadowingLowHigh
55shadowing-localLocal variables shadowingLowHigh
56uninitialized-fptr-cstUninitialized function pointer calls in constructorsLowHigh
57variable-scopeLocal variables used prior their declarationLowHigh
58void-cstConstructor called not implementedLowHigh
59calls-loopMultiple calls in a loopLowMedium
60events-accessMissing Events Access ControlLowMedium
61events-mathsMissing Events ArithmeticLowMedium
62incorrect-unaryDangerous unary expressionsLowMedium
63missing-zero-checkMissing Zero Address ValidationLowMedium
64reentrancy-benignBenign reentrancy vulnerabilitiesLowMedium
65reentrancy-eventsReentrancy vulnerabilities leading to out-of-order EventsLowMedium
66return-bombA low level callee may consume all callers gas unexpectedly.LowMedium
67timestampDangerous usage of block.timestampLowMedium
68assemblyAssembly usageInformationalHigh
69assert-state-changeAssert state changeInformationalHigh
70boolean-equalComparison to boolean constantInformationalHigh
71cyclomatic-complexityDetects functions with high (> 11) cyclomatic complexityInformationalHigh
72deprecated-standardsDeprecated Solidity StandardsInformationalHigh
73erc20-indexedUn-indexed ERC20 event parametersInformationalHigh
74function-init-stateFunction initializing state variablesInformationalHigh
75incorrect-using-forDetects using-for statement usage when no function from a given library matches a given typeInformationalHigh
76low-level-callsLow level callsInformationalHigh
77missing-inheritanceMissing inheritanceInformationalHigh
78naming-conventionConformity to Solidity naming conventionsInformationalHigh
79pragmaIf different pragma directives are usedInformationalHigh
80redundant-statementsRedundant statementsInformationalHigh
81solc-versionIncorrect Solidity versionInformationalHigh
82unimplemented-functionsUnimplemented functionsInformationalHigh
83unused-importDetects unused importsInformationalHigh
84unused-stateUnused state variablesInformationalHigh
85costly-loopCostly operations in a loopInformationalMedium
86dead-codeFunctions that are not usedInformationalMedium
87reentrancy-unlimited-gasReentrancy vulnerabilities through send and transferInformationalMedium
88too-many-digitsConformance to numeric notation best practicesInformationalMedium
89cache-array-lengthDetects for loops that use length member of some storage array in their loop condition and don't modify it.OptimizationHigh
90constable-statesState variables that could be declared constantOptimizationHigh
91external-functionPublic function that could be declared externalOptimizationHigh
92immutable-statesState variables that could be declared immutableOptimizationHigh
93var-read-using-thisContract reads its own variable using thisOptimizationHigh

For more information, see

Printers

Quick Review Printers

In-Depth Review Printers

To run a printer, use --print and a comma-separated list of printers.

See the Printer documentation for the complete lists.

Tools

See the Tool documentation for additional tools.

Contact us to get help on building custom tools.

API Documentation

Documentation on Slither's internals is available here.

Getting Help

Feel free to stop by our Slack channel (#ethereum) for help using or extending Slither.

FAQ

How do I exclude mocks or tests?

How do I fix "unknown file" or compilation issues?

License

Slither is licensed and distributed under the AGPLv3 license. Contact us if you're looking for an exception to the terms.

Publications

Trail of Bits publication

External publications

TitleUsageAuthorsVenueCode
ReJection: A AST-Based Reentrancy Vulnerability Detection MethodAST-based analysis built on top of SlitherRui Ma, Zefeng Jian, Guangyuan Chen, Ke Ma, Yujia ChenCTCIS 19-
MPro: Combining Static and Symbolic Analysis forScalable Testing of Smart ContractLeverage data dependency through SlitherWilliam Zhang, Sebastian Banescu, Leodardo Pasos, Steven Stewart, Vijay GaneshISSRE 2019MPro
ETHPLOIT: From Fuzzing to Efficient Exploit Generation against Smart ContractsLeverage data dependency through SlitherQingzhao Zhang, Yizhuo Wang, Juanru Li, Siqi MaSANER 20-
Verification of Ethereum Smart Contracts: A Model Checking ApproachSymbolic execution built on top of Slither’s CFGTam Bang, Hoang H Nguyen, Dung Nguyen, Toan Trieu, Tho QuanIJMLC 20-
Smart Contract RepairRely on Slither’s vulnerabilities detectorsXiao Liang Yu, Omar Al-Bataineh, David Lo, Abhik RoychoudhuryTOSEM 20SCRepair
Demystifying Loops in Smart ContractsLeverage data dependency through SlitherBen Mariano, Yanju Chen, Yu Feng, Shuvendu Lahiri, Isil DilligASE 20-
Trace-Based Dynamic Gas Estimation of Loops in Smart ContractsUse Slither’s CFG to detect loopsChunmiao Li, Shijie Nie, Yang Cao, Yijun Yu, Zhenjiang HuIEEE Open J. Comput. Soc. 1 (2020)-
SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in SecondsRely on SlithIR to build a storage dependency graphPriyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, and Giovanni VignaS&P 22Sailfish
SolType: Refinement Types for Arithmetic Overflow in SolidityUse Slither as frontend to build refinement type systemBryan Tan, Benjamin Mariano, Shuvendu K. Lahiri, Isil Dillig, Yu FengPOPL 22-
Do Not Rug on Me: Leveraging Machine Learning Techniques for Automated Scam DetectionUse Slither to extract tokens' features (mintable, pausable, ..)Mazorra, Bruno, Victor Adan, and Vanesa DazaMathematics 10.6 (2022)-
MANDO: Multi-Level Heterogeneous Graph Embeddings for Fine-Grained Detection of Smart Contract VulnerabilitiesUse Slither to extract the CFG and call graphHoang Nguyen, Nhat-Minh Nguyen, Chunyao Xie, Zahra Ahmadi, Daniel Kudendo, Thanh-Nam Doan and Lingxiao JiangIEEE 9th International Conference on Data Science and Advanced Analytics (DSAA, 2022)ge-sc
Automated Auditing of Price Gouging TOD Vulnerabilities in Smart ContractsUse Slither to extract the CFG and data dependenciesSidi Mohamed Beillahi, Eric Keilty, Keerthi Nelaturu, Andreas Veneris, and Fan Long2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)Smart-Contract-Repair
Modeling and Enforcing Access Control Policies for Smart ContractsExtend Slither's data dependenciesJan-Philipp Toberg, Jonas Schiffl, Frederik Reiche, Bernhard Beckert, Robert Heinrich, Ralf ReussnerIEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), 2022SolidityAccessControlEnforcement
Smart Contract Vulnerability Detection Based on Deep Learning and Multimodal Decision FusionUse Slither to extract the CFGWeichu Deng, Huanchun Wei, Teng Huang, Cong Cao, Yun Peng, and Xuan HuSensors 2023, 23, 7246-
Semantic-enriched Code Knowledge Graph to Reveal Unknowns in Smart Contract Code ReuseUse Slither to extract the code features (CFG, function, parameters types, ..)Qing Huang, Dianshu Liao, Zhenchang Xing, Zhengkang Zuo, Changjing Wang, Xin XiaACM Transactions on Software Engineering and Methodology, 2023-
Smart Contract Parallel Execution with Fine-Grained State AccessesUse Slither to build state access graphsXiaodong Qi, Jiao Jiao, Yi LiInternational Conference on Distributed Computing Systems (ICDCS), 2023-
Bad Apples: Understanding the Centralized Security Risks in Decentralized EcosystemsImplement an internal analysis on top of SlitherKailun Yan , Jilian Zhang , Xiangyu Liu , Wenrui Diao , Shanqing GuoACM Web Conference April 2023-
Identifying Vulnerabilities in Smart Contracts using Interval AnalysisCreate 4 detectors on top of SlitherŞtefan-Claudiu Susan, Andrei ArusoaieFROM 2023-
Storage State Analysis and Extraction of Ethereum Blockchain Smart Contracts (no PDF in open access)Rely on Slither's CFG and ASTMaha Ayub , Tania Saleem , Muhammad Janjua , Talha AhmadTOSEM 2023SmartMuv

If you are using Slither on an academic work, consider applying to the Crytic $10k Research Prize.