The objective of this tutorial is to demonstrate how to use Slither to automatically find bugs in smart contracts.

Once you feel confident with the material in this README, proceed to the exercises:

Watch Slither's code walkthrough, or API walkthrough to learn about its code structure.


Slither requires Python >= 3.8. You can install it through pip or by using Docker.

Installing Slither through pip:

pip3 install --user slither-analyzer


Installing Slither through Docker:

docker pull trailofbits/eth-security-toolbox
docker run -it -v "$PWD":/home/trufflecon trailofbits/eth-security-toolbox

The last command runs the eth-security-toolbox in a Docker container that has access to your current directory. You can modify the files from your host, and run the tools on the files from the Docker container.

Inside the Docker container, run:

solc-select 0.5.11
cd /home/trufflecon/

Command Line

Command line vs. user-defined scripts. Slither comes with a set of pre-defined detectors that can identify many common bugs. Running Slither from the command line will execute all the detectors without requiring detailed knowledge of static analysis:

slither project_paths

Besides detectors, Slither also offers code review capabilities through its printers and tools.