Solidity Detectors is an open source tool to assist Solidity developers and auditors in the detection of smart contract vulnerabilities. It modifies the Slither Static Analyzer by adding 3 new detectors and modifying an existing one.
Solidity Detectors is built upon the Slither Static Analyzer. Installing Solidity Detectors requires the user to install Slither.
Note
Slither requires Python 3.8+. If you're not going to use one of the supported compilation frameworks, you need solc, the Solidity compiler; we recommend using solc-select to conveniently switch between solc versions.
It is recommended to use a Python virtual environment to prevent version conflicts. For more information on Python environments for Slither, you can consult the Developer Installation Instructions.
You will need to install virtualenv to create and manage your Python virtual environments.
pip install virtualenvYou should set up the virtual environment in the parent directory of Solidity Detectors or in any higher-level directory within the directory tree.
Navigate to the folder where you wish to create your virtual environment. It is advisable to create a project directory where you will create your virtual environment and clone Solidity Detectors. Then, create your environment with the following command:
python -m venv virtual-environment-nameEvery time you wish to activate the virtual environment, you can run this command:
source virtual-environment-name/bin/activateTo deactivate the virtual environment, simply run
deactivateAll the necessary installations to run Slither and Solidity Detectors will be managed from the virtual environment.
Navigate to the project directory. Then, clone Solidity Detectors.
git clone https://github.com/crytic/slither.git && cd slither
python3 -m pip install .To analyze your smart contracts, you will need to install and use the necessary solc version. First, make sure that solc is installed.
npm install solcThen, identify the solc version used by your contract and install it using the following commands.
solc-select install your-version
solc-select use your-versionOnce you've cloned the repository and installed the necessary dependencies to run Slither, you can start running the static analyzer on your smart contracts.
⚠️ Important
Solidity Detectors is to be run from the root of the cloned solidity-detectors repository. Running the tool from another directory will result in errors or will use Slither without our Solidity Detectors if a global version of Slither is installed.
You can run the tool on repositories and .sol files alike. Consider the following example for running the tool on a file by using the slither command:
python3 -m slither path/to/your/directory/or/file.solTo run files that use dependencies, add the --solc-remaps parameter:
python3 -m slither path/to/your/directory/or/file.sol --solc-remaps "@dependencies=path/to/your/dependencies/@dependencies"This project is a public-private initiative between the Fundación Sadosky, the LAFHIS laboratory of the Faculty of Exact and Natural Sciences at the University of Buenos Aires (UBA), and CoinFabrik). While the LAFHIS laboratory researches cutting-edge techniques for vulnerability detection, CoinFabrik brings its extensive experience in the blockchain industry and the development of static analyzers. The support of Fundación Sadosky is key to advancing this research and development initiative.
This project is licensed and distributed under a AGPLv3 license. Contact us if you're looking for an exception to the terms.