This release adds support for the latest Solidity features like using a custom error in a require statement and transient storage, adds 7 new detectors, 2 new printers and various other improvements.
NOTE: There are breaking changes to some API in particular the variables properties in the Contract class (see #2588) and the *Calls API (see #2555).
The new detectors are:
pyth-deprecated-functions: Detect Pyth deprecated functionspyth-unchecked-confidence: Detect when the confidence level of a Pyth price is not checkedpyth-unchecked-publishtime: Detect when the publishTime of a Pyth price is not checkedchronicle-unchecked-price: Detect when Chronicle price is not checkedgelato-unprotected-randomness: Call to _requestRandomness within an unprotected functionchainlink-feed-registry: Detect when chainlink feed registry is usedoptimism-deprecation: Detect when deprecated Optimism predeploy or function is used
The new printers are:
entry-points: Print all the state-changing entry point functions of the contractscheatcode: Print the usage of (Foundry) cheatcodes in the code
The following is an example of the entry-points printer for Uniswap v4 core.
We thank all of our external contributors for their effort!
What's Changed
- Enable running slither as pre-commit hook by @dbast in #2521
- Add support custom errors in require by @smonicas in #2550
- bugfix: IR generation when parsing Event as left variable by @hamdiallam in #2567
- Fix #2266 by @DarkaMaul in #2412
- Improve performances of offsets references. by @DarkaMaul in #2481
- CI Improvement by @montyly in #2571
- Add Optimism deprecation detector by @smonicas in #2575
- Add Pyth deprecated functions detector by @smonicas in #2580
- Add StateVariable location by @smonicas in #2585
- Add Chainlink feed registry detector by @smonicas in #2576
- Add Pyth unchecked publishTime and confidence detectors by @smonicas in #2581
- Add Chronicle unchecked price detector by @smonicas in #2584
- Add Gelato VRF unprotected request detector by @smonicas in #2582
- Add instruction in README for how to upgrade slither by @CJ42 in #2498
- Improve transient storage support by @smonicas in #2588
- Fix IR conversion when an Event selector is accessed by @smonicas in #2589
- Echidna printer Improve values extraction by @smonicas in #2574
- Printer cheatcode by @DarkaMaul in #2413
- chore: fix some comments by @withbest in #2518
- fix: mapping to type value lookup with top-level constant by @0xalpharush in #2568
- Add assert information for echidna by @smonicas in #2560
- Fix reorder arguments when a function is overridden with diff param names by @smonicas in #2611
- fix: typos in documentation files by @leopardracer in #2607
- Boxes + horizontal flow makes for more readable call graphs by @DanielVF in #2603
- Fix reorder argument edge case by @smonicas in #2614
- Updated slither-mutate logs by @bohendo in #2625
- incorrect-modifier: Fix infinite loop by @smonicas in #2628
- Fix are_variables_written analysis for named return variables by @smonicas in #2631
- Fix detectors wiki links by @smonicas in #2640
- Pyth detectors: Fix assertion error by @smonicas in #2639
- Typo fix README.md by @dedyshkaPexto in #2641
- slither-mutate: fix AOR mutator by @smonicas in #2653
- Add entry-points printer to identify all externally accessible state-changing functions by @nisedo in #2616
- Update README.md by @hexshire in #2656
New Contributors
- @dbast made their first contribution in #2521
- @hamdiallam made their first contribution in #2567
- @withbest made their first contribution in #2518
- @leopardracer made their first contribution in #2607
- @DanielVF made their first contribution in #2603
- @dedyshkaPexto made their first contribution in #2641
- @nisedo made their first contribution in #2616
- @hexshire made their first contribution in #2656
Full Changelog: 0.10.4...0.11.0
Contributors
DanielVF, dbast, and 12 other contributors