From 905a70a3071ab76bd912318a981ac857a1af547f Mon Sep 17 00:00:00 2001
From: Maxime Vanmeerbeck <maxime.vanmeerbeck@gmail.com>
Date: Fri, 6 Oct 2023 15:42:42 +0200
Subject: [PATCH 1/2] slither config, ci

---
 .github/workflows/main.yml               | 16 ++++++++++++++++
 README.md                                |  6 ++++++
 package.json                             |  4 +++-
 packages/marketplace/package.json        |  1 +
 packages/marketplace/slither.config.json |  4 ++++
 requirements.txt                         |  1 +
 6 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 packages/marketplace/slither.config.json
 create mode 100644 requirements.txt

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 8c940538d7..9e74cf9b70 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -19,6 +19,22 @@ jobs:
       - name: Formatting
         run: yarn format:ci
 
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: "./.github/setup"
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+
+      - name: Install slither
+        run: pip3 install slither-analyzer
+
+      - name: Running Slither
+        run: yarn analyze:ci
+
   test:
     runs-on: ubuntu-latest
     steps:
diff --git a/README.md b/README.md
index dcf1e4ac03..fdb0ecc313 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,7 @@ This mono-repo contains The Sandbox smart contracts, underpinning The Sandbox me
 
 - ⚙️ [NodeJS](https://nodejs.org/)
 - 🧰 [Yarn](https://yarnpkg.com/)
+- 🐍 [Python](https://www.python.org/)
 
 ## Tech stack and getting started
 
@@ -45,6 +46,11 @@ Each package should follow the [audit best practices](./audit-best-practices.md)
 yarn install
 ```
 
+Install Slither (optional)
+```bash
+pip3 install -r requirements.txt
+```
+
 ## Architecture Overview
 
 - 📦 This mono-repository contains a suite of smart contract packages.
diff --git a/package.json b/package.json
index 6e8d07cb73..b678339a6a 100644
--- a/package.json
+++ b/package.json
@@ -14,12 +14,14 @@
         "lint": "nx run-many --target=lint",
         "format": "nx run-many --target=format",
         "deploy": "nx run-many --target=deploy",
-        "all": "nx run-many --all --parallel --targets=lint,format,test,deploy && nx run-many --all --targets=coverage",
+        "analyze": "nx run-many --target=analyze",
+        "all": "nx run-many --all --parallel --targets=lint,format,analyze,test,deploy && nx run-many --all --targets=coverage",
         "test:ci": "nx affected --target=test --parallel=1",
         "coverage:ci": "nx affected --target=coverage --parallel=1 && istanbul-combine -r lcov -r html 'packages/*/coverage.json'",
         "lint:ci": "nx affected --target=lint",
         "format:ci": "nx affected --target=format",
         "deploy:ci": "nx affected --target=deploy --parallel=1",
+        "analyze:ci": "nx affected --target=analyze",
         "clean": "rimraf coverage/* && nx run-many --target=clean"
     },
     "repository": "https://github.com/thesandboxgame/sandbox-smart-contracts",
diff --git a/packages/marketplace/package.json b/packages/marketplace/package.json
index 3bcc7b9e42..7312ad7fb3 100644
--- a/packages/marketplace/package.json
+++ b/packages/marketplace/package.json
@@ -48,6 +48,7 @@
     "format:fix": "prettier --write \"**/*.{ts,js,sol}\"",
     "test": "hardhat test",
     "coverage": "hardhat coverage --testfiles 'test/*.ts''test/*.js'",
+    "analyze": "slither .",
     "hardhat": "hardhat",
     "compile": "hardhat compile"
   },
diff --git a/packages/marketplace/slither.config.json b/packages/marketplace/slither.config.json
new file mode 100644
index 0000000000..c7a0e1e75d
--- /dev/null
+++ b/packages/marketplace/slither.config.json
@@ -0,0 +1,4 @@
+{
+    "detectors_to_exclude": "naming-convention",  
+    "filter_paths": "(mocks/|@openzeppelin/|@sandbox-smart-contracts/)"
+}
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000000..2607b01137
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1 @@
+slither-analyzer==0.9.6
\ No newline at end of file

From 844f0d302b232475f219cff83bedfae4bf99fa76 Mon Sep 17 00:00:00 2001
From: Maxime Vanmeerbeck <maxime.vanmeerbeck@gmail.com>
Date: Fri, 6 Oct 2023 17:44:03 +0200
Subject: [PATCH 2/2] slither summary for now

---
 .github/workflows/main.yml               | 2 +-
 packages/marketplace/slither.config.json | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 9e74cf9b70..08fb293b93 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -29,7 +29,7 @@ jobs:
         with:
           python-version: '3.10'
 
-      - name: Install slither
+      - name: Install Slither
         run: pip3 install slither-analyzer
 
       - name: Running Slither
diff --git a/packages/marketplace/slither.config.json b/packages/marketplace/slither.config.json
index c7a0e1e75d..d68a00b92d 100644
--- a/packages/marketplace/slither.config.json
+++ b/packages/marketplace/slither.config.json
@@ -1,4 +1,5 @@
 {
+    "printers_to_run": "human-summary",
     "detectors_to_exclude": "naming-convention",  
     "filter_paths": "(mocks/|@openzeppelin/|@sandbox-smart-contracts/)"
 }
\ No newline at end of file