The objective of this tutorial is to demonstrate how to use Slither to automatically find bugs in smart contracts.
- Command line usage
- Introduction to static analysis: A concise introduction to static analysis
- API: Python API description
Once you feel confident with the material in this README, proceed to the exercises:
Watch Slither's code walkthrough to learn about its code structure.
Slither requires Python >= 3.8. You can install it through pip or by using Docker.
Installing Slither through pip:
pip3 install --user slither-analyzer
Installing Slither through Docker:
docker pull trailofbits/eth-security-toolbox docker run -it -v "$PWD":/home/trufflecon trailofbits/eth-security-toolbox
The last command runs the eth-security-toolbox in a Docker container that has access to your current directory. You can modify the files from your host, and run the tools on the files from the Docker container.
Inside the Docker container, run:
solc-select 0.5.11 cd /home/trufflecon/
Command line vs. user-defined scripts. Slither comes with a set of pre-defined detectors that can identify many common bugs. Running Slither from the command line will execute all the detectors without requiring detailed knowledge of static analysis: