Slither

The objective of this tutorial is to demonstrate how to use Slither to automatically find bugs in smart contracts.

• Installation
• Command line usage
• Introduction to static analysis: A concise introduction to static analysis
• API: Python API description

Once you feel confident with the material in this README, proceed to the exercises:

• Exercise 1: Function override protection
• Exercise 2: Check for access controls
• Exercise 3: Find variable used in conditional statements

Watch Slither's code walkthrough, or API walkthrough to learn about its code structure.

Installation

Slither requires Python >= 3.8. You can install it through pip or by using Docker.

Installing Slither through pip:

pip3 install --user slither-analyzer

Docker

Installing Slither through Docker:

docker pull trailofbits/eth-security-toolbox
docker run -it -v "$PWD":/home/trufflecon trailofbits/eth-security-toolbox

The last command runs the eth-security-toolbox in a Docker container that has access to your current directory. You can modify the files from your host, and run the tools on the files from the Docker container.

Inside the Docker container, run:

solc-select 0.5.11
cd /home/trufflecon/

Command Line

Command line vs. user-defined scripts. Slither comes with a set of pre-defined detectors that can identify many common bugs. Running Slither from the command line will execute all the detectors without requiring detailed knowledge of static analysis:

slither project_paths

Besides detectors, Slither also offers code review capabilities through its printers and tools.