v0.9.0

0.9.0 - 2022-10-05

This release contains:

• 3 new detectors
• Reduction of false positives in detectors
• Refactoring that will help us adding new features
• Breaking changes in the internal APIs
• Fixes for several bugs and improvements to testing

This release moves the Python requirement to 3.8.

We would like to thank all our external contributors:

• BoboTiG
• CharesFang
• TheStarBoys
• edag94
• h00p30
• htadashi
• jmhickman
• pcaversaccio
• plotchy
• sveitser
• vladyan18
• zjuchenyuan

For Foundry users: we do not support multiple compiler versions at the moment (see foundry-rs/foundry#3450).

Refactored

• The source mapping API, to ease integration with third parties (#877) API breaking change
• Solidity signature API (#1323, #1349, #1356) API breaking change
• slither-read-storage to make it easier to maintain (#1311)

Added

• Detector:
  • arbitrary-send-erc20 (#1025)
  • arbitrary-send-erc20-permit (#1025)
  • domain-separator-collision (#1334)
• Printer
  • Dominator tree (#1342)
• New flags
  • --checklist, to produce a markdown containing slither's results (#1190)
  • --convert-library-to-internal in slither-flat (#1298)
• Hash of known codebase to detect known libraries (#1134)
• Support for ERC1363, ERC4524 in slither-check-erc(#1274)
• Solidity support
  • IdentifierPath(#1227)
  • min/max support for enum (#1276)
  • Top level enum (#1300)
• More python type hints (#1388)
• Testing
  • Tests for unification of path filtering across POSIX and Windows (#1303)
  • Detectors tests (#858)
  • New SSA tests (#1205)
  • Unit tests for new solc version (#1268)
• pip-audit in the CI (#1243)
• Improve setup.py with dev deps (#1178)
• New API to detect if a type is dynamicType.is_dynamic (#1175)

Changed

• Change the exit code returned by Slither (#1278, #1359) If you are using Slither in a CI, check out the new flags --fail-pedantic/--fail-high/--fail-medium/ ... and --no-fail-pedantic. The default behavior is --fail-pedantic, but this will be updated to be --no-fail-pedantic in a future release
• Updated the solc-version recommendations (#1389)
• Remove FPs on the external-functions detectors (#1318)
• Remove FPs on the unprotected_upgradeable detector (#1344)
• Remove immutable variable from the variable order printer (#1184)
• too-many-digits detector: ignore checksummed address (#1193)
• Better python regex (#1200, #1185)
• Improvements to the dockerfile (#1242, #1335, #1369)
• Unify path across POSIX and Windows (#1196)
• Improve debug info in case of name reuse (#870)
• Improvements to the exclude-dependencies flag (#1317)
• Improvements to the function-id printer (#886)
• Improvements to the constant parsing (#1377)
• Improvements to the support of virtual modifier (#1387)
• Use of the latest crytic-compile version (a008df7)

Fixed

• Documentation and typos (#1233, #1149, #1239, #1257, #1339, #1386, #1394, #1310)
• Fail if there is not results in sarif output (#1229)
• Disable coloring if output is not a terminal (#1244)
• slither-check-erc output (#1277)
• Custom error with library support (#1267)
• IR related issues (#1230, #1306, #1188, #1348, #1347)
• Incorrect type in function.entry_point (#1307)
• contract_kind assignment (#1308)
• Support for user defined value (#1271)
• Bugs in yul parsing (#1395)

v0.8.3

0.8.3 - 2022-04-21

This release lets users to enhance Slither through code comments (see example below), adds a new tool to read variable storage values on-chain (slither-read-storage), removes false positives in existing detectors, improves Solidity 0.8 support, and fixes several bugs. Slither also now supports Foundry.

Please use our slither-action for CI integration!

Enhancing Slither through code comments

In the following code:

• @custom:security non-reentrant before the variable declaration will indicate to Slither that the external calls from this variable are non-reentrant
• @custom:security write-protection="onlyOwner()" will indicate to Slither that writing to this variable must be done through onlyOwner

contract ReentrancyAndWrite{

    /// @custom:security non-reentrant
    /// @custom:security write-protection="onlyOwner()"
    I external_contract;

    modifier onlyOwner(){
        // lets assume there is an access control
        _;
    }   

    mapping(address => uint) balances;

    function withdraw() public{
        uint balance = balances[msg.sender];

        external_contract.external_call();

        balances[msg.sender] = 0;
        payable(msg.sender).transfer(balance);
    }
    
    function set_protected() public onlyOwner(){
        external_contract = I(msg.sender);
    }  

    function set_not_protected() public{
        external_contract = I(msg.sender);
    }
}

Please let us know what you think of this code comment feature! Share your ideas on Github, or join us on Slack. We're looking for new use cases and feedback.

Thanks to our contributors for this release:

• @GitHubPang
• @JulissaDantes
• @justforfunya

Added

• Enhanced analyses through code comments (#1089)
• slither-read-storage (#968)
• New printer to identify misuse of whenNotPaused (#1128)
• slither-action in the README (#1053)
• Solidity support
  • user defined types (#1135)
  • top level variables (#1032)
  • string.concat (#1086)
  • .offset/length in yul (#1085)
  • unary operation on constant (#1094)
• Support for ERC4626, 2612 in slither-check-erc (#1111)
• pip-audit in the CI (#1006)
• Template for github issue (#1044, #1083)

Improved

• Remove FPs in detectors:
  • dead-code (#1040)
  • Reentrancy in constructor (#1048)
  • reentrancy-no-eth staticall (#1119)
  • unprotected-upgrade (#1046, #1122)
• Solidity support
  • custom error lookup (#1156)
  • Function lookup for bytes (#1163)
  • ternary operator (#1162)
  • Top-level structure with import (#1068)
  • Top level with custom error (#1131)
• Notification when the config file is missing (#1041, #1054)
• Github super linter improvements (#1023, #1045, #1088, #1157)
• slither-check-erc output (#1016)
• Typo in missing zero validation detector (#1037)
• slither-prop support for builder (#712)
• Improved to the Echidna printer (#878, #1132)
• Improve determinism for detector results (#1049)
• Python type hint (#1055)
• Unit tests for the AST parsing (#1069, #1118, #1101)
• Auto install of solc versions in the CI (#1073)
• Show ignored findings by default for the checklist (#1082)
• Typo in slither-mutate (#1104)
• Move to f-strings (#1107, #1110)
• Multiple minors improvements to slither-flat (#1125)
• Prioritize ignore comment over exclude dependencies (#1120)
• Windows support (#1065, #1137)
• [email protected] - which adds Foundry support

Fixed

• Missing json output for printers #1012
• Infinite loop in the RTLO detector (#1108)
• Infinite recursion in show_ignore_findings (#1092)

v0.8.2

0.8.2 - 2021-12-10

This release adds two new detectors that catch recent vulnerabilities in SushiSwap and Opyn vulnerabilities, and significantly improves Solidity 0.8 support (including top-level functions, custom errors, and immutable variables). Additionally, the code objects have now scope-file information, which improves Slither on codebases where contract or structure name are repeated.

For their contributions, we would like to thank:

• @htadashi,
• @bearpebble,
• @jesus-eff,
• and @axic for his numerous bugs reports.

Added

• Two new detectors
  • delegatecall inside a loop (#992) (SushiSwap vuln)
  • msg.value inside a loop (#991) (Opyn vuln)
• Support for top-level functions (#945, #949, #987)
• Support for immutable variables (#946)
• Support for custom errors (#947)
• Info on how synchronize with crytic-compile in the contributing guidelines (#994)

Changed

• Improve calls-loop detector (#925)
• Improve costly-loop detector (#926)
• Improve support for units and globally available variables (#985)
• Improve strict-equality detector (#952)
• Add a function_language property to the function to determine if its a Solidity or Yul function (#987)
• Validate inputs of --markdown-root flag (#988)
• Refactor the core objects to contain a file scope (#990). This contains breaking changes
• Update Solidity version recommendations (#999)

Fixed

• Docker build (#967)
• call-graph printer output (#973)
• slither-flat --convert-external and --convert-private flags (#964)
• Broken wiki link (#986)
• Multiple minor fixes (#996, #997)

v0.8.1

0.8.1 - 2021-08-16

This release adds the SARIF support, which allows Slither to report issues through Github code scanning app. The github action will be released soon. In addition, the release brings many small issues and improvements to the detectors and tools.

We would like to thank our external contributors:

• @enderphan94
• @noahlitvin
• @bernard-wagner

Added

• Sarif support (#918).
• slither-check-erc add ERC1155 support (34a4ae1)
• Slither Rekt list (a2c5714)
• More type hints (#906)

Changed

• slither-check-upgradeability: improve heuristics to detect init functions (#853)
• is_protected heuristic (#855)
• Improve Abiencoderv2 detector (#848)
• Multiple minor improvements in #856
• Trophies.md list
• Remove crytic.io notice (889d537)
• Use [email protected], which adds BSC support, and fixes multiple bugs

Fixed

• Bug in variable order printer (#849)
• Wrong type in contract.py (#869)
• Wrong wiki links (#876)
• calldata support (#907)

v0.8.0

0.8.0 - 2021-05-07

This release significantly improves the support for Solidity 0.8 and adds detectors for 'unused-return-transfers', 'dead-code', and 'write-after-write'. Slither now supports multiple compilation units which solves many issues when using hardhat.

Thanks @sobolev-igor for his contribution!

Added

• Support for multiple compilation units (#823) (breaking changes)
• Support for nodes scope in the IR (#836) (breaking changes)
• Support for block.chainid (https://github.com/crytic/slither/pull/821/files)
• Support for .slot / .offset in YUL (#833)
• Detectors
  • unused-return-transfers - specialization of the unused-return to help flagging dangerous tokens transfers (#822)
  • dead-code (#838)
  • write-after-write (#841)

Changed

• Improve checklist format (#819)
• Remove global variables (#828)
• Restructure tests folder (#825)
• Improve constant folding (#830)
• Improve AST parsing test (#832)
• Use pylint 2.8.2 (#798)
• Use crytic-compile 0.2.0 (https://github.com/crytic/crytic-compile/releases/tag/0.2.0)

Fixed

• Type parsing for Solidity 0.8 (#817)
• Incorrect type conversion on library lookup (#827)
• Multiple minor fixes introduced since 0.7.1 (#842)

v0.7.1

0.7.1 - 2021-03-29

This release improves the controlled-array-length/solc-version detectors.

We are now listing the public bugs found by Slither in our Trophies list. Please contribute if you found vulnerabilities using Slither. It will help us to improve the tool!

We are currently investigating issues with hardhat support (crytic/crytic-compile#164). In the meantime, hardhat should be considered only partially supported.

Thank @gnattishness for his contribution to this release!

Added

• List of public vulnerabilities found by slither (#764)
• Gwei support (#799)
• Better support for Solidity 0.8 IdentifierPath (#815)

Changed

• Uninitialized local/state variable doc (#801)
• Support for stop() in yul (#802)
• Solc versions recommendations (#812)
• Remove false positive on controlled-array-length detector (#813)
• crytic-compile 0.1.13

Fixed

• Incorrect function._can_send_eth (internal) (#747, #756, #758)
• Inheritance graph output (#729, #766)
• Bug for top-level user-defined types (#786)
• slither-flat entry point (#791)
• Source mapping for parameter/return in function definition (#800)
• Multiple issues with the Echidna printer (#763)
• Support for standalone return; statement with solc > 0.7 (#796)
• Signed integer type propagation (#810)

v0.7.0

0.7.0 - 2020-12-18

This release contains 26 new detectors, including a detector for a recent bug in Aave (unprotected-upgrade), deletion of mapping with structures (mapping-deletion), lack of events (events-access, event-maths), a shift-related issue on YUL (incorrect-shift), modifiers that can return the default value (incorrect-modifier), and multiple informational and compiler-related bugs. Additionally, it introduces the triage of results using inline comments. Use // slither-disable-next-line DETECTOR_NAME before a statement to disable the detector. Finally, we added the support for Solidity top-level objects.

We would like to thanks @josh-richardson for his contributions to the inline comment feature.

Added

• 26 detectors (#725, #732, #736)
  • abiencoderv2-array
  • array-by-reference
  • assert-state-change
  • controlled-array-length
  • costly-loop
  • events-access
  • events-math
  • function-init-state
  • incorrect-modifier
  • incorrect-unary
  • incorrect-shift
  • mapping-deletion
  • missing-inheritance
  • missing-zero-check
  • multiple-constructors
  • public-mappings-nested
  • redundant-statements
  • reused-constructor
  • similar-names
  • storage-array
  • unimplemented-functions
  • uninitialized-fptr-cst
  • unprotected-upgrade
  • variable-scope
  • weak-prng
• Inline comment to suppress findings (#724)
• (Partial) support for Solidity top-level objects (#728) API BREAKING CHANGE. All the related objects are now split between ObjectContract and ObjectTopLevel (ex: FunctionContract and FunctionTopLevel)

Changed

• Use [email protected]

Fixed

• Printers filename related issues (#729, #726)

v0.6.15

0.6.15 - 2020-12-07

This release adds several performance optimizations to Slither. From our limited benchmark on codebases where Slither takes more than 1 minute to run, the optimizations lead to 2x improvements on average and up to x14 in certain cases. We also fixed an indeterministic detector output issue that could interact poorly with CIs and improved legacy AST support. Finally, we made improvements to slither-prop.

Thanks to @elenadimitrova for helping us debug the indeterministic detector output issue.

If you want access to additional detectors, try Crytic. It has 96 total vulnerabilities detectors.

Addded

• Hidden --perf flag (debug) (#701)

Changed

• Optimizations
  • Use of get_line_from_offset from crytic-compile (see [email protected] release note). It impacts codebase with a large number of files
  • Memoization for properties that are frequently used (#703). It impacts all the codebases
  • Rewrote the immediate dominator (#705). It impacts functions with complex cfg
  • Rewrote the fixpoint on the data dependencies (#707). It impacts functions for which the fixpoint is difficult to reach
• Use of [email protected]. Among others, this improves hardhat and dapp support.
• Multiple improvements to slither-prop (#693, #713)

Fixed

• Removed recursion in divide-before-multiply (#706)
• Indeterministic output for multiple detectors (#486). This might lead previously triaged results to appear again (the finding IDs can have been affected)
• Parsing of comments in legacy ast for Solidity 0.6.3 - 0.6.10 (#720). This mostly impacts dapp codebases.

v0.6.14

0.6.14 - 2020-11-12

This release improves support for Solidity 0.7 and fixes many bugs. We moved all our tests to pytest and significantly improved our parsing test coverage to help support multiple versions of Solidity.

If you'd like to help us improve Slither, please answer our user survey.

Additionally, we recently hosted a community call where we went through Slither's codebase, and showed its different components (see the recording).

Finally, we would like to thank our contributors for reporting issues and helping us improve Slither:

• @sobolev-igor
• @moodysalem
• @mrice32
• @gorgos
• @f97
• @token-joe

Added

• Support for type(X).min/max (#673)
• Extensive parser tests (#635, #659, #682, #660)

Changed

• Refactor existing detectors test suit to use pytest (#656)
• Use [email protected]. This includes hardhat support, and improvements for waffle and buidler.
• Support for comparison between function pointers (#618)
• Use black 19.10b0 instead of latest for Github's Super Linter (#680)
• IR push conversion (#625)

Fixed

• Multiple solc 0.7 parsing issues (#630, #642, #654)
• Use unique variable names for YUL variables (#648)
• CFG printer filename generation (#633)
• Loop CFG recovery issues (#655)
• Correctly link between nodes in the variables constructor step (#632)
• Wiki link for naming convention (#651)
• Minor Python types issues (#653)

v0.6.13

0.6.13 - 2020-09-08

This releases improves support for Solidity 0.6, adds partial support for YUL, and fixes many bugs. Internally, we improved the parsing architecture, easing the addition of a new parser and added type annotations. Additionally, slither now runs GitHub super-linter, and the regression tests were improved (see the new CONTRIBUTING.md guidelines).

We also want to thanks our contributors for reporting issues, and helping to improve Slither:

• @elenadimitrova
• @elopez
• @priyankabose
• @Pet3ris

If you want access to additional detectors, try Crytic. It now has 96 detectors, including 2 YUL specific detectors.

Added

• Add partial, experimental YUL support (#502, #575, #617). YUL AST is parsed and converted into slithIR. Raw memory access are not supported. Solidity 0.6 is required to enable YUL support.
• Improve 0.6 support:
  • Add support for C{value:1} syntax (#498)
  • Add support for top level structures and enums (#499, #522)
• Add support for type(I).interfaceId (#497)
• List external publications (#512)
• Github super linter, and lgtm (#614, #620, #626)
• Added new tool: slither-mutator. PoC of fault injection based on Using Fault Injection to Assess Blockchain Systems in Presence of Faulty Smart Contracts

Internal

• Add type annotations (#514)
• Add storage layout information (#507, #540)
• Add --disallow-partial flag (#560). This hidden flag will prevent Slither from catching exceptions, and simplify debugging
• Add support for function pointers in the RETURN operator (#601)

Changed

• Copy editing on detectors (#572)
• Use [email protected]
• Improve human-summary printer (#477, #478)
• Improve dupplicate name report (#489)
• slither-flat: Improve utf8 support and mapping/array lookup (#494)
• Filter contract to contract_declarer in call graph printer (#491)
• Several improvements in slither-flat, including new strategies, json/zip export (#496). Read the new documentation.
• Add check on public state variables in slither-erc (#528)
• suicidal detector: add detection on external functions (#527)
• Add padding to function id printer (#546)
• Update the recommended Solidity version in the solc-version detector (#577). This might result in disabling triaged solc-version results with Slither < 0.6.13

Internal

• Change the parsing architecture: parser objects are separate objects and do not inherit from the core. This will ease the creation of new parsers (#514)
• Improve support for tuple (#536, #539, #541, #548, #563, #564, #576)
• Improve abi.decode support (#475, #548, #551, #567, #598)
• Temporary array slice support (#550)
• Allow converting library to address (#561)
• Allow total ordering on Constant (#565)
• Improve fixpoint on are_variables_written (#480)
• Improve support for type() (#569)
• Increase the default python stack depth limit (#599)
• Refactor regression tests (#610)

Fixed

• Fix incorrect sons information on loop (#524)
• Fix numpy error on slither-simil (#484)
• Fix infinite loop on try statements (#535)
• Fix incorrect parsing in case of variables name reused (#538)
• Linting issue (#555)
• Issues on this. usage (#600, #623)
• Out of memory on large exponent (#608)
• All pylint issues (#616)
• Incorrect support of using for on functions pointers (#624)