Slither Explained
officercia.ethWhat is Slither?
In short, Slither is a Python-based contract security framework first proposed in a 2019 paper by Josselin Feist, Gustavo Grieco, and Alex Groce. The Slither framework offers automated detection of vulnerabilities and optimizations, as well as codebase summaries to aid developer comprehension. Born from Crytic, the blockchain security division of Trail of Bits, Slither is compatible with Hardhat and Truffle and supports Solidity code written beginning with V0.4.
Besides its excellent analysis capabilities, it also includes a bunch of printers that summarize different aspects of the contract in a digestible form. One can even use them to quickly build a mental contract model before diving deeply into the code! However, multiple printers lose their value for more complex projects since their output becomes unmanageable.
With all said, we tend to think that plugins are actually one of the most important aspects of properly setting up and running Slither because they significantly increase the functionality. Also, keep in mind that it is the most convenient way to add your own detectors. Check out our recent article about the Slither, if you haven't already!
It was also mentioned in the following research papers:
Small tip: use arxiv-vanity or dangerzone
- Slither: A Static Analysis Framework For Smart Contracts
- Detecting Vulnerable Ethereum Smart Contracts via Abstracted Vulnerability Signatures
- Evaluating Smart Contract Static Analysis Tools Using Bug Injection
- A Framework and DataSet for Bugs in Ethereum Smart Contracts
- A Comprehensive Survey of Upgradeable Smart Contract Patterns
- We would also like to invite you to visit our blog and read our article about the Slither!