Slither: Smart Contract Validation
Smart contracts have become a cornerstone of blockchain technology, offering a decentralized way to execute logic on the blockchain. However, the immutable nature of smart contracts also means that any bugs or vulnerabilities can have irreversible consequences. This is where smart contract validation tools like Slither come into play.
Slither is a static analysis framework for Ethereum smart contracts. It helps developers identify vulnerabilities, optimize code, and understand the contract’s behavior. In this article, we’ll delve into the intricacies of Slither, explore its features, and walk through examples to demonstrate its utility.
Why Slither?
Slither GitHub Repository Before we dive into the how-to, let’s discuss why Slither is worth your attention as a developer, especially if you’re working with languages like Solidity for Ethereum smart contracts.
-
Comprehensive Analysis: Slither performs a thorough examination of the smart contract’s codebase, identifying a wide range of vulnerabilities.
-
Optimization Suggestions: It not only identifies issues but also suggests optimizations to make the contract more gas-efficient.
-
Developer-Friendly: With its easy-to-use CLI and detailed output, Slither is designed to be developer-friendly.
-
Integration: It can easily be integrated into your development pipeline, offering continuous analysis.
Installation
Slither can be installed via pip. Open your terminal and run:
pip install slither-analyzer
Basic Usage
After installation, navigate to your Solidity project directory and run:
slither .
This will analyze all Solidity files in the directory and output any issues it finds.
Example: Simple Smart Contract
Let’s consider a simple Solidity smart contract that stores and retrieves a number.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract SimpleStorage {
uint256 private number;
function setNumber(uint256 _number) public {
number = _number;
}
function getNumber() public view returns (uint256) {
return number;
}
}
Run Slither on this contract:
slither SimpleStorage.sol
Slither will analyze the contract and provide feedback. For this simple example, you might not get any warnings, but for more complex contracts, Slither can identify a multitude of issues.
Advanced Features
Slither also comes with advanced features like:
- Detectors: Specific checks for vulnerabilities.
- Printers: Modules that print information such as contract inheritance, function information, etc.
- Configuration: Ability to configure Slither using
.slither-config.json.
For example, to use a specific detector, you can run:
slither . --detect reentrancy
Detectors
It is most importent part of project that constantly updating. it is main asset of project
| Num | Detector | What it Detects | Impact | Confidence |
|---|---|---|---|---|
| 1 | abiencoderv2-array |
Storage abiencoderv2 array | High | High |
| 2 | arbitrary-send-erc20 |
transferFrom uses arbitrary from |
High | High |
| 3 | array-by-reference |
Modifying storage array by value | High | High |
| 4 | encode-packed-collision |
ABI encodePacked Collision | High | High |
| 5 | incorrect-shift |
The order of parameters in a shift instruction is incorrect. | High | High |
| 6 | multiple-constructors |
Multiple constructor schemes | High | High |
| 7 | name-reused |
Contract’s name reused | High | High |
| 8 | protected-vars |
Detected unprotected variables | High | High |
| 9 | public-mappings-nested |
Public mappings with nested variables | High | High |
| 10 | rtlo |
Right-To-Left-Override control character is used | High | High |
| 11 | shadowing-state |
State variables shadowing | High | High |
| 12 | suicidal |
Functions allowing anyone to destruct the contract | High | High |
| 13 | uninitialized-state |
Uninitialized state variables | High | High |
| 14 | uninitialized-storage |
Uninitialized storage variables | High | High |
| 15 | unprotected-upgrade |
Unprotected upgradeable contract | High | High |
| 16 | codex |
Use Codex to find vulnerabilities. | High | Low |
| 17 | arbitrary-send-erc20-permit |
transferFrom uses arbitrary from with permit | High | Medium |
| 18 | arbitrary-send-eth |
Functions that send Ether to arbitrary destinations | High | Medium |
| 19 | controlled-array-length |
Tainted array length assignment | High | Medium |
| 20 | controlled-delegatecall |
Controlled delegatecall destination | High | Medium |
| 21 | delegatecall-loop |
Payable functions using delegatecall inside a loop |
High | Medium |
| 22 | msg-value-loop |
msg.value inside a loop | High | Medium |
| 23 | reentrancy-eth |
Reentrancy vulnerabilities (theft of ethers) | High | Medium |
| 24 | storage-array |
Signed storage integer array compiler bug | High | Medium |
| 25 | unchecked-transfer |
Unchecked tokens transfer | High | Medium |
| 26 | weak-prng |
Weak PRNG | High | Medium |
| 27 | domain-separator-collision |
Detects ERC20 tokens that have a function whose signature collides with EIP-2612’s DOMAIN_SEPARATOR() | Medium | High |
| 28 | enum-conversion |
Detect dangerous enum conversion | Medium | High |
| 29 | erc20-interface |
Incorrect ERC20 interfaces | Medium | High |
| 30 | erc721-interface |
Incorrect ERC721 interfaces | Medium | High |
| 31 | incorrect-equality |
Dangerous strict equalities | Medium | High |
| 32 | locked-ether |
Contracts that lock ether | Medium | High |
| 33 | mapping-deletion |
Deletion on mapping containing a structure | Medium | High |
| 34 | shadowing-abstract |
State variables shadowing from abstract contracts | Medium | High |
| 35 | tautology |
Tautology or contradiction | Medium | High |
| 36 | write-after-write |
Unused write | Medium | High |
| 37 | boolean-cst |
Misuse of Boolean constant | Medium | Medium |
| 38 | constant-function-asm |
Constant functions using assembly code | Medium | Medium |
| 39 | constant-function-state |
Constant functions changing the state | Medium | Medium |
| 40 | divide-before-multiply |
Imprecise arithmetic operations order | Medium | Medium |
| 41 | reentrancy-no-eth |
Reentrancy vulnerabilities (no theft of ethers) | Medium | Medium |
| 42 | reused-constructor |
Reused base constructor | Medium | Medium |
| 43 | tx-origin |
Dangerous usage of tx.origin |
Medium | Medium |
| 44 | unchecked-lowlevel |
Unchecked low-level calls | Medium | Medium |
| 45 | unchecked-send |
Unchecked send | Medium | Medium |
| 46 | uninitialized-local |
Uninitialized local variables | Medium | Medium |
| 47 | unused-return |
Unused return values | Medium | Medium |
| 48 | incorrect-modifier |
Modifiers that can return the default value | Low | High |
| 49 | shadowing-builtin |
Built-in symbol shadowing | Low | High |
| 50 | shadowing-local |
Local variables shadowing | Low | High |
| 51 | uninitialized-fptr-cst |
Uninitialized function pointer calls in constructors | Low | High |
| 52 | variable-scope |
Local variables used prior their declaration | Low | High |
| 53 | void-cst |
Constructor called not implemented | Low | High |
| 54 | calls-loop |
Multiple calls in a loop | Low | Medium |
| 55 | events-access |
Missing Events Access Control | Low | Medium |
| 56 | events-maths |
Missing Events Arithmetic | Low | Medium |
| 57 | incorrect-unary |
Dangerous unary expressions | Low | Medium |
| 58 | missing-zero-check |
Missing Zero Address Validation | Low | Medium |
| 59 | reentrancy-benign |
Benign reentrancy vulnerabilities | Low | Medium |
| 60 | reentrancy-events |
Reentrancy vulnerabilities leading to out-of-order Events | Low | Medium |
| 61 | timestamp |
Dangerous usage of block.timestamp |
Low | Medium |
| 62 | assembly |
Assembly usage | Informational | High |
| 63 | assert-state-change |
Assert state change | Informational | High |
| 64 | boolean-equal |
Comparison to boolean constant | Informational | High |
| 65 | cyclomatic-complexity |
Detects functions with high (> 11) cyclomatic complexity | Informational | High |
| 66 | deprecated-standards |
Deprecated Solidity Standards | Informational | High |
| 67 | erc20-indexed |
Un-indexed ERC20 event parameters | Informational | High |
| 68 | function-init-state |
Function initializing state variables | Informational | High |
| 69 | incorrect-using-for |
Detects using-for statement usage when no function from a given library matches a given type | Informational | High |
| 70 | low-level-calls |
Low level calls | Informational | High |
| 71 | missing-inheritance |
Missing inheritance | Informational | High |
| 72 | naming-convention |
Conformity to Solidity naming conventions | Informational | High |
| 73 | pragma |
If different pragma directives are used | Informational | High |
| 74 | redundant-statements |
Redundant statements | Informational | High |
| 75 | solc-version |
Incorrect Solidity version | Informational | High |
| 76 | unimplemented-functions |
Unimplemented functions | Informational | High |
| 77 | unused-state |
Unused state variables | Informational | High |
| 78 | costly-loop |
Costly operations in a loop | Informational | Medium |
| 79 | dead-code |
Functions that are not used | Informational | Medium |
| 80 | reentrancy-unlimited-gas |
Reentrancy vulnerabilities through send and transfer | Informational | Medium |
| 81 | similar-names |
Variable names are too similar | Informational | Medium |
| 82 | too-many-digits |
Conformance to numeric notation best practices | Informational | Medium |
| 83 | cache-array-length |
Detects for loops that use length member of some storage array in their loop condition and don’t modify it. |
Optimization | High |
| 84 | constable-states |
State variables that could be declared constant | Optimization | High |
| 85 | external-function |
Public function that could be declared external | Optimization | High |
| 86 | immutable-states |
State variables that could be declared immutable | Optimization | High |
| 87 | var-read-using-this |
Contract reads its own variable using this |
Optimization | High |
For more information, see
Conclusion
Slither offers a robust set of features for smart contract validation, making it an indispensable tool for Ethereum developers. Its comprehensive analysis, optimization suggestions, and developer-friendly interface make it a go-to choice for smart contract validation.
Write a comment