v0.9.2

0.9.2 - 2023-01-11

This release integrates codex into Slither via two features:

• slither-documentation, a tool to auto-generate natspec for every function. See the usage on solmate.
• the codex detector, which uses GPT3 to find vulnerabilities. This detector is not run by default and requires an explicit opt-in by using the --codex flag.

For both features, the environment variable OPENAI_API_KEY must be set. These features are experimental, and we recommend reading OpenAI's ToS, in particular, if you are using it on a private codebase. We will be exploring other areas where we can leverage LLM within Slither, and we would love the community's feedback and ideas.

Additionally, this release contains two new detectors, and refinements to existing detectors. This includes a better handling of nonReentrant for reentrancy detection, lowering the number of false alarms. Finally, this release contains several bug fixes and improvements for Solidity features such as "using for" directives and user defined value types.

We would like to thank all of our external contributors:
-@ardislu
-@bart1e
-@devtooligan
-@devtooligan
-@mds1
-@Pavan-Nambi
-@pcaversaccio
-@plotchy

Thanks to the community effort, slither has now reached 100+ contributors.

Added

• Add Codex vulnerability detector by @montyly and @devtooligan in #1498, #1499
• Use Codex to generate solidity documentation by @montyly in #1494
• New detectors:
  • recommend reading variable without this keyword to reduce STATICCALLs by @0xalpharush in #1484
  • recommend making state variables immutable by @0xalpharush in #1455
• Enable ignore comments for sections of code by @mds1 in #1461, #1483
  • // slither-disable-start [detector] ... // slither-disable-end [detector]
• Mark contract as proxy/ upgradeable with custom comments by @webthethird and @montyly in #1517, #1522
  • @custom:security isDelegatecallProxy, @custom:security isUpgradeable, @custom:security version name=[v1]
• Support ternaries in function call options by @0xalpharush in #1501
• Fold binary expressions with constant operands for fuzzing guidance by @0xalpharush in #1508
• Support abi.encodeCall by @plotchy in #1460
• Add VULNERABLE_SOLC_VERSIONS to detectors by @devtooligan and @montyly in #1477, #1485
• Filter upgradeability checks by name/impact by @webthethird in #1532
• Add --no-fail mode for echidna printer by @montyly in #1571
• Create CODEOWNERS by @montyly in #1561
• slither-doctor: check PATH configuration by @elopez in #1550

Changed

• Improve reentrancy detectors by @montyly in #1351
  • Functions with nonReentrant modifiers will be filtered out unless a risk of cross-function reentrancy is detected
• Improve support using for directive by @smonicas in #1378
• Improve support using for with aliasing by @smonicas in #1563
• Replace pysha3 with pycryptodome by @0xalpharush in #1454
• Remove unused PUSH operation from IR by @0xalpharush in #1489
• Sort printer outputs for determinism by @bart1e in #1513
• Use latest setuptools in CI by @montyly in #1542
• Update to the latest crytic-compile source unit API by @montyly in #1528
• Install only necessary solc versions in CI by @Pavan-Nambi in #1546
• Run tests by specific ID by @0xalpharush in #1555

Fixed

• Fix broken links by @pcaversaccio in #1457
• Fix typo in divide before multiply by @0xalpharush in #1449
• Fix dapp CI integration test by @montyly in #1496
• Improve protected variable detector by @montyly in #1497
• Update missing events wiki by @0xalpharush in #1487
• Copy event arguments during ssa conversion by @0xalpharush in #1488
• Fix ExtraVariablesProxy upgradeability check by @webthethird in #1504
• Fix naming-convention to flag single letter O or I variable by @ardislu in #1470
• Fix top level struct parsing by @smonicas in #1545
• Upgradeability: include inherited private variables, ignore immutables by @0xalpharush in #1451
• Fix and re-enable etherscan test by @elopez in #1556
• Fix using for directives in libraries by @smonicas in #1568
• Remove incomplete submodule by @elopez in #1564
• Handle malformed alias solc<0.6.0 by @0xalpharush in #1547
• Improve Yul parsing by @montyly in #1559
• Fix type conversion of user defined value types by @0xalpharush in #1573
• Resolve error referenced as member of contract by @0xalpharush in #1574

New Contributors

• @ardislu made their first contribution in #1470
• @bart1e made their first contribution in #1513
• @devtooligan made their first contribution in #1477
• @mds1 made their first contribution in #1461
• @Pavan-Nambi made their first contribution in #1546
• @webthethird made their first contribution in #1504

Full Changelog: 0.9.1...0.9.2

v0.9.1

0.9.1 - 2022-11-03

This release contains several bug fixes, and a new tool - slither-doctor - to help debugging slither.

We would like to thank all our external contributors:

• @emretepedev
• @JorgeAtPaladin
• @mds1
• @medariox
• @PatrickAlphaC
• @zhiqiangxu

Added

• slither-doctor: a new tool to help diagnose issues with Slither (#1384)

Changed

• Add contract types in constant optimization detector (#1443)
• Remove redundant calls (#1434)
• Missing text in solc version recommendation (#1406)
• slither-flat support for top level objects (#1441 )

Fixed

• Missing inherited storage slots in slither-read-storage (#1444)
• Triage mode not working properly (#1435)
• An incorrect parsing of library events (#1442)

v0.9.0

0.9.0 - 2022-10-05

This release contains:

• 3 new detectors
• Reduction of false positives in detectors
• Refactoring that will help us adding new features
• Breaking changes in the internal APIs
• Fixes for several bugs and improvements to testing

This release moves the Python requirement to 3.8.

We would like to thank all our external contributors:

• BoboTiG
• CharesFang
• TheStarBoys
• edag94
• h00p30
• htadashi
• jmhickman
• pcaversaccio
• plotchy
• sveitser
• vladyan18
• zjuchenyuan

For Foundry users: we do not support multiple compiler versions at the moment (see foundry-rs/foundry#3450).

Refactored

• The source mapping API, to ease integration with third parties (#877) API breaking change
• Solidity signature API (#1323, #1349, #1356) API breaking change
• slither-read-storage to make it easier to maintain (#1311)

Added

• Detector:
  • arbitrary-send-erc20 (#1025)
  • arbitrary-send-erc20-permit (#1025)
  • domain-separator-collision (#1334)
• Printer
  • Dominator tree (#1342)
• New flags
  • --checklist, to produce a markdown containing slither's results (#1190)
  • --convert-library-to-internal in slither-flat (#1298)
• Hash of known codebase to detect known libraries (#1134)
• Support for ERC1363, ERC4524 in slither-check-erc(#1274)
• Solidity support
  • IdentifierPath(#1227)
  • min/max support for enum (#1276)
  • Top level enum (#1300)
• More python type hints (#1388)
• Testing
  • Tests for unification of path filtering across POSIX and Windows (#1303)
  • Detectors tests (#858)
  • New SSA tests (#1205)
  • Unit tests for new solc version (#1268)
• pip-audit in the CI (#1243)
• Improve setup.py with dev deps (#1178)
• New API to detect if a type is dynamicType.is_dynamic (#1175)

Changed

• Change the exit code returned by Slither (#1278, #1359) If you are using Slither in a CI, check out the new flags --fail-pedantic/--fail-high/--fail-medium/ ... and --no-fail-pedantic. The default behavior is --fail-pedantic, but this will be updated to be --no-fail-pedantic in a future release
• Updated the solc-version recommendations (#1389)
• Remove FPs on the external-functions detectors (#1318)
• Remove FPs on the unprotected_upgradeable detector (#1344)
• Remove immutable variable from the variable order printer (#1184)
• too-many-digits detector: ignore checksummed address (#1193)
• Better python regex (#1200, #1185)
• Improvements to the dockerfile (#1242, #1335, #1369)
• Unify path across POSIX and Windows (#1196)
• Improve debug info in case of name reuse (#870)
• Improvements to the exclude-dependencies flag (#1317)
• Improvements to the function-id printer (#886)
• Improvements to the constant parsing (#1377)
• Improvements to the support of virtual modifier (#1387)
• Use of the latest crytic-compile version (a008df7)

Fixed

• Documentation and typos (#1233, #1149, #1239, #1257, #1339, #1386, #1394, #1310)
• Fail if there is not results in sarif output (#1229)
• Disable coloring if output is not a terminal (#1244)
• slither-check-erc output (#1277)
• Custom error with library support (#1267)
• IR related issues (#1230, #1306, #1188, #1348, #1347)
• Incorrect type in function.entry_point (#1307)
• contract_kind assignment (#1308)
• Support for user defined value (#1271)
• Bugs in yul parsing (#1395)

v0.8.3

0.8.3 - 2022-04-21

This release lets users to enhance Slither through code comments (see example below), adds a new tool to read variable storage values on-chain (slither-read-storage), removes false positives in existing detectors, improves Solidity 0.8 support, and fixes several bugs. Slither also now supports Foundry.

Please use our slither-action for CI integration!

Enhancing Slither through code comments

In the following code:

• @custom:security non-reentrant before the variable declaration will indicate to Slither that the external calls from this variable are non-reentrant
• @custom:security write-protection="onlyOwner()" will indicate to Slither that writing to this variable must be done through onlyOwner

contract ReentrancyAndWrite{

    /// @custom:security non-reentrant
    /// @custom:security write-protection="onlyOwner()"
    I external_contract;

    modifier onlyOwner(){
        // lets assume there is an access control
        _;
    }   

    mapping(address => uint) balances;

    function withdraw() public{
        uint balance = balances[msg.sender];

        external_contract.external_call();

        balances[msg.sender] = 0;
        payable(msg.sender).transfer(balance);
    }
    
    function set_protected() public onlyOwner(){
        external_contract = I(msg.sender);
    }  

    function set_not_protected() public{
        external_contract = I(msg.sender);
    }
}

Please let us know what you think of this code comment feature! Share your ideas on Github, or join us on Slack. We're looking for new use cases and feedback.

Thanks to our contributors for this release:

• @GitHubPang
• @JulissaDantes
• @justforfunya

Added

• Enhanced analyses through code comments (#1089)
• slither-read-storage (#968)
• New printer to identify misuse of whenNotPaused (#1128)
• slither-action in the README (#1053)
• Solidity support
  • user defined types (#1135)
  • top level variables (#1032)
  • string.concat (#1086)
  • .offset/length in yul (#1085)
  • unary operation on constant (#1094)
• Support for ERC4626, 2612 in slither-check-erc (#1111)
• pip-audit in the CI (#1006)
• Template for github issue (#1044, #1083)

Improved

• Remove FPs in detectors:
  • dead-code (#1040)
  • Reentrancy in constructor (#1048)
  • reentrancy-no-eth staticall (#1119)
  • unprotected-upgrade (#1046, #1122)
• Solidity support
  • custom error lookup (#1156)
  • Function lookup for bytes (#1163)
  • ternary operator (#1162)
  • Top-level structure with import (#1068)
  • Top level with custom error (#1131)
• Notification when the config file is missing (#1041, #1054)
• Github super linter improvements (#1023, #1045, #1088, #1157)
• slither-check-erc output (#1016)
• Typo in missing zero validation detector (#1037)
• slither-prop support for builder (#712)
• Improved to the Echidna printer (#878, #1132)
• Improve determinism for detector results (#1049)
• Python type hint (#1055)
• Unit tests for the AST parsing (#1069, #1118, #1101)
• Auto install of solc versions in the CI (#1073)
• Show ignored findings by default for the checklist (#1082)
• Typo in slither-mutate (#1104)
• Move to f-strings (#1107, #1110)
• Multiple minors improvements to slither-flat (#1125)
• Prioritize ignore comment over exclude dependencies (#1120)
• Windows support (#1065, #1137)
• [email protected] - which adds Foundry support

Fixed

• Missing json output for printers #1012
• Infinite loop in the RTLO detector (#1108)
• Infinite recursion in show_ignore_findings (#1092)

v0.8.2

0.8.2 - 2021-12-10

This release adds two new detectors that catch recent vulnerabilities in SushiSwap and Opyn vulnerabilities, and significantly improves Solidity 0.8 support (including top-level functions, custom errors, and immutable variables). Additionally, the code objects have now scope-file information, which improves Slither on codebases where contract or structure name are repeated.

For their contributions, we would like to thank:

• @htadashi,
• @bearpebble,
• @jesus-eff,
• and @axic for his numerous bugs reports.

Added

• Two new detectors
  • delegatecall inside a loop (#992) (SushiSwap vuln)
  • msg.value inside a loop (#991) (Opyn vuln)
• Support for top-level functions (#945, #949, #987)
• Support for immutable variables (#946)
• Support for custom errors (#947)
• Info on how synchronize with crytic-compile in the contributing guidelines (#994)

Changed

• Improve calls-loop detector (#925)
• Improve costly-loop detector (#926)
• Improve support for units and globally available variables (#985)
• Improve strict-equality detector (#952)
• Add a function_language property to the function to determine if its a Solidity or Yul function (#987)
• Validate inputs of --markdown-root flag (#988)
• Refactor the core objects to contain a file scope (#990). This contains breaking changes
• Update Solidity version recommendations (#999)

Fixed

• Docker build (#967)
• call-graph printer output (#973)
• slither-flat --convert-external and --convert-private flags (#964)
• Broken wiki link (#986)
• Multiple minor fixes (#996, #997)

v0.8.1

0.8.1 - 2021-08-16

This release adds the SARIF support, which allows Slither to report issues through Github code scanning app. The github action will be released soon. In addition, the release brings many small issues and improvements to the detectors and tools.

We would like to thank our external contributors:

• @enderphan94
• @noahlitvin
• @bernard-wagner

Added

• Sarif support (#918).
• slither-check-erc add ERC1155 support (34a4ae1)
• Slither Rekt list (a2c5714)
• More type hints (#906)

Changed

• slither-check-upgradeability: improve heuristics to detect init functions (#853)
• is_protected heuristic (#855)
• Improve Abiencoderv2 detector (#848)
• Multiple minor improvements in #856
• Trophies.md list
• Remove crytic.io notice (889d537)
• Use [email protected], which adds BSC support, and fixes multiple bugs

Fixed

• Bug in variable order printer (#849)
• Wrong type in contract.py (#869)
• Wrong wiki links (#876)
• calldata support (#907)

v0.8.0

0.8.0 - 2021-05-07

This release significantly improves the support for Solidity 0.8 and adds detectors for 'unused-return-transfers', 'dead-code', and 'write-after-write'. Slither now supports multiple compilation units which solves many issues when using hardhat.

Thanks @sobolev-igor for his contribution!

Added

• Support for multiple compilation units (#823) (breaking changes)
• Support for nodes scope in the IR (#836) (breaking changes)
• Support for block.chainid (https://github.com/crytic/slither/pull/821/files)
• Support for .slot / .offset in YUL (#833)
• Detectors
  • unused-return-transfers - specialization of the unused-return to help flagging dangerous tokens transfers (#822)
  • dead-code (#838)
  • write-after-write (#841)

Changed

• Improve checklist format (#819)
• Remove global variables (#828)
• Restructure tests folder (#825)
• Improve constant folding (#830)
• Improve AST parsing test (#832)
• Use pylint 2.8.2 (#798)
• Use crytic-compile 0.2.0 (https://github.com/crytic/crytic-compile/releases/tag/0.2.0)

Fixed

• Type parsing for Solidity 0.8 (#817)
• Incorrect type conversion on library lookup (#827)
• Multiple minor fixes introduced since 0.7.1 (#842)

v0.7.1

0.7.1 - 2021-03-29

This release improves the controlled-array-length/solc-version detectors.

We are now listing the public bugs found by Slither in our Trophies list. Please contribute if you found vulnerabilities using Slither. It will help us to improve the tool!

We are currently investigating issues with hardhat support (crytic/crytic-compile#164). In the meantime, hardhat should be considered only partially supported.

Thank @gnattishness for his contribution to this release!

Added

• List of public vulnerabilities found by slither (#764)
• Gwei support (#799)
• Better support for Solidity 0.8 IdentifierPath (#815)

Changed

• Uninitialized local/state variable doc (#801)
• Support for stop() in yul (#802)
• Solc versions recommendations (#812)
• Remove false positive on controlled-array-length detector (#813)
• crytic-compile 0.1.13

Fixed

• Incorrect function._can_send_eth (internal) (#747, #756, #758)
• Inheritance graph output (#729, #766)
• Bug for top-level user-defined types (#786)
• slither-flat entry point (#791)
• Source mapping for parameter/return in function definition (#800)
• Multiple issues with the Echidna printer (#763)
• Support for standalone return; statement with solc > 0.7 (#796)
• Signed integer type propagation (#810)

v0.7.0

0.7.0 - 2020-12-18

This release contains 26 new detectors, including a detector for a recent bug in Aave (unprotected-upgrade), deletion of mapping with structures (mapping-deletion), lack of events (events-access, event-maths), a shift-related issue on YUL (incorrect-shift), modifiers that can return the default value (incorrect-modifier), and multiple informational and compiler-related bugs. Additionally, it introduces the triage of results using inline comments. Use // slither-disable-next-line DETECTOR_NAME before a statement to disable the detector. Finally, we added the support for Solidity top-level objects.

We would like to thanks @josh-richardson for his contributions to the inline comment feature.

Added

• 26 detectors (#725, #732, #736)
  • abiencoderv2-array
  • array-by-reference
  • assert-state-change
  • controlled-array-length
  • costly-loop
  • events-access
  • events-math
  • function-init-state
  • incorrect-modifier
  • incorrect-unary
  • incorrect-shift
  • mapping-deletion
  • missing-inheritance
  • missing-zero-check
  • multiple-constructors
  • public-mappings-nested
  • redundant-statements
  • reused-constructor
  • similar-names
  • storage-array
  • unimplemented-functions
  • uninitialized-fptr-cst
  • unprotected-upgrade
  • variable-scope
  • weak-prng
• Inline comment to suppress findings (#724)
• (Partial) support for Solidity top-level objects (#728) API BREAKING CHANGE. All the related objects are now split between ObjectContract and ObjectTopLevel (ex: FunctionContract and FunctionTopLevel)

Changed

• Use [email protected]

Fixed

• Printers filename related issues (#729, #726)

v0.6.15

0.6.15 - 2020-12-07

This release adds several performance optimizations to Slither. From our limited benchmark on codebases where Slither takes more than 1 minute to run, the optimizations lead to 2x improvements on average and up to x14 in certain cases. We also fixed an indeterministic detector output issue that could interact poorly with CIs and improved legacy AST support. Finally, we made improvements to slither-prop.

Thanks to @elenadimitrova for helping us debug the indeterministic detector output issue.

If you want access to additional detectors, try Crytic. It has 96 total vulnerabilities detectors.

Addded

• Hidden --perf flag (debug) (#701)

Changed

• Optimizations
  • Use of get_line_from_offset from crytic-compile (see [email protected] release note). It impacts codebase with a large number of files
  • Memoization for properties that are frequently used (#703). It impacts all the codebases
  • Rewrote the immediate dominator (#705). It impacts functions with complex cfg
  • Rewrote the fixpoint on the data dependencies (#707). It impacts functions for which the fixpoint is difficult to reach
• Use of [email protected]. Among others, this improves hardhat and dapp support.
• Multiple improvements to slither-prop (#693, #713)

Fixed

• Removed recursion in divide-before-multiply (#706)
• Indeterministic output for multiple detectors (#486). This might lead previously triaged results to appear again (the finding IDs can have been affected)
• Parsing of comments in legacy ast for Solidity 0.6.3 - 0.6.10 (#720). This mostly impacts dapp codebases.