Slither 一个Solidity静态分析框架,提供了一个API来轻松操作Solidity代码
Slither 一个Solidity静态分析框架,提供了一个API来轻松操作Solidity代码0.6.15 - 2020-12-07
This release adds several performance optimizations to Slither. From our limited benchmark on codebases where Slither takes more than 1 minute to run, the optimizations lead to 2x improvements on average and up to x14 in certain cases. We also fixed an indeterministic detector output issue that could interact poorly with CIs and improved legacy AST support. Finally, we made improvements to slither-prop
.
Thanks to @elenadimitrova for helping us debug the indeterministic detector output issue.
If you want access to additional detectors, try Crytic. It has 96 total vulnerabilities detectors.
Addded
- Hidden
--perf
flag (debug) (#701)
Changed
- Optimizations
- Use of
get_line_from_offset
from crytic-compile (see crytic-compile@0.1.11 release note). It impacts codebase with a large number of files - Memoization for properties that are frequently used (#703). It impacts all the codebases
- Rewrote the immediate dominator (#705). It impacts functions with complex cfg
- Rewrote the fixpoint on the data dependencies (#707). It impacts functions for which the fixpoint is difficult to reach
- Use of
- Use of crytic-compile@0.1.11. Among others, this improves hardhat and dapp support.
- Multiple improvements to
slither-prop
(#693, #713)
Fixed
- Removed recursion in
divide-before-multiply
(#706) - Indeterministic output for multiple detectors (#486). This might lead previously triaged results to appear again (the finding IDs can have been affected)
- Parsing of comments in legacy ast for Solidity 0.6.3 - 0.6.10 (#720). This mostly impacts
dapp
codebases.
Assets
2
0.6.14 - 2020-11-12
This release improves support for Solidity 0.7 and fixes many bugs. We moved all our tests to pytest
and significantly improved our parsing test coverage to help support multiple versions of Solidity.
If you'd like to help us improve Slither, please answer our user survey.
Additionally, we recently hosted a community call where we went through Slither's codebase, and showed its different components (see the recording).
Finally, we would like to thank our contributors for reporting issues and helping us improve Slither:
Added
Changed
- Refactor existing detectors test suit to use pytest (#656)
- Use
crytic-compile@0.1.10
. This includes hardhat support, and improvements for waffle and buidler. - Support for comparison between function pointers (#618)
- Use black
19.10b0
instead of latest for Github's Super Linter (#680) - IR push conversion (#625)
Fixed
- Multiple solc 0.7 parsing issues (#630, #642, #654)
- Use unique variable names for YUL variables (#648)
- CFG printer filename generation (#633)
- Loop CFG recovery issues (#655)
- Correctly link between nodes in the variables constructor step (#632)
- Wiki link for naming convention (#651)
- Minor Python types issues (#653)
Assets
2
0.6.13 - 2020-09-08
This releases improves support for Solidity 0.6, adds partial support for YUL, and fixes many bugs. Internally, we improved the parsing architecture, easing the addition of a new parser and added type annotations. Additionally, slither now runs GitHub super-linter, and the regression tests were improved (see the new CONTRIBUTING.md guidelines).
We also want to thanks our contributors for reporting issues, and helping to improve Slither:
If you want access to additional detectors, try Crytic. It now has 96 detectors, including 2 YUL specific detectors.
Added
- Add partial, experimental YUL support (#502, #575, #617). YUL AST is parsed and converted into slithIR. Raw memory access are not supported. Solidity 0.6 is required to enable YUL support.
- Improve 0.6 support:
- Add support for
type(I).interfaceId
(#497) - List external publications (#512)
- Github super linter, and lgtm (#614, #620, #626)
- Added new tool:
slither-mutator
. PoC of fault injection based on Using Fault Injection to Assess Blockchain Systems in Presence of Faulty Smart Contracts
Internal
- Add type annotations (#514)
- Add storage layout information (#507, #540)
- Add
--disallow-partial
flag (#560). This hidden flag will prevent Slither from catching exceptions, and simplify debugging - Add support for function pointers in the RETURN operator (#601)
Changed
- Copy editing on detectors (#572)
- Use crytic-compile@0.1.9
- Improve human-summary printer (#477, #478)
- Improve dupplicate name report (#489)
slither-flat
: Improve utf8 support and mapping/array lookup (#494)- Filter contract to contract_declarer in call graph printer (#491)
- Several improvements in
slither-flat
, including new strategies, json/zip export (#496). Read the new documentation. - Add check on public state variables in
slither-erc
(#528) suicidal
detector: add detection on external functions (#527)- Add padding to function id printer (#546)
- Update the recommended Solidity version in the
solc-version
detector (#577). This might result in disabling triagedsolc-version
results with Slither < 0.6.13
Internal
- Change the parsing architecture: parser objects are separate objects and do not inherit from the
core
. This will ease the creation of new parsers (#514) - Improve support for tuple (#536, #539, #541, #548, #563, #564, #576)
- Improve
abi.decode
support (#475, #548, #551, #567, #598) - Temporary array slice support (#550)
- Allow converting library to address (#561)
- Allow total ordering on
Constant
(#565) - Improve fixpoint on
are_variables_written
(#480) - Improve support for
type()
(#569) - Increase the default python stack depth limit (#599)
- Refactor regression tests (#610)
Fixed
- Fix incorrect sons information on loop (#524)
- Fix numpy error on
slither-simil
(#484) - Fix infinite loop on try statements (#535)
- Fix incorrect parsing in case of variables name reused (#538)
- Linting issue (#555)
- Issues on
this.
usage (#600, #623) - Out of memory on large exponent (#608)
- All pylint issues (#616)
- Incorrect support of
using for
on functions pointers (#624)
Assets
2
0.6.12 - 2020-04-24
This release fixes a bug that was found in 0.6.11 preventing Slither to work on several codebases. Additional this release contains several minor fixes, and support for buidler.
We would like to thanks @elenadimitrova for quickly reporting issues #456 and #457.
Consider using crytic.io to get access to 48 additional detectors and GitHub integration.
Added
- zip export (#453)
Changed
- Use crytic-compile 0.1.8, which adds buidler support.
- Human summary printer: run the detectors only once, and add their results to the printer's json (#451)
- Echidna printer: export the constant values as string to facilitate Echidna's parsing (#454) [BREAKING CHANGE]
Fixed
Assets
2
0.6.11 - 2020-04-17
This release introduces slither-prop
, a tool that will automatically generate properties to be tested through unit tests and Echidna. In this release, slither-prop
can generate 18 tests for ERC20 contracts; More tests, and support for other ERCs are planned. Additionally, the support for Solidity 0.6 was improved, and the release fixes multiple minor bugs.
Consider using crytic.io to get access to additional detectors and GitHub integration.
Added
slither-prop
(#428). See its documentation.- New Solidity call syntax support (#424)
- Number of assembly lines in the human summary printer (#438)
--convert-private
inslither-flat
, allowing to change private variables to internal (#446)- API: true/false branch for IF nodes (#433)
Changed
- Echidna printer: several new features are extracted (#431, #437).
- Reentrancy: better support of constant function called with Solidity 0.6 (#441)
- Add support for
now
in timestamp detector (#447)
Fixed
Assets
2
0.6.10 - 2020-03-23
This release adds 5 new detectors, improves the support of codebase with contract's name duplicate, and the support for Solidity 0.6. Additionally, several internal improvements lead existing detectors to report less false alarms. slither-check-upgradeability
was refactored and it has now 17 documented upgradeability checks.
Consider using https://crytic.io/ to get access to additional detectors and GitHub integration.
Added
- 5 new detectors (#396)
boolean-cst
tautology
boolean-equal
divide-before-multiply
name-reused
- Codebase with contract name dupplicates will not anymore throw an error, slither will do a partial analysis and report the issue as a contract's bug (#413)
- Improve support for Solidity 0.6 (
receive()
andtry/catch
) (#415) - New data dependencies user-API (#409)
contract.functions_signatures_declared
: return the signatures of the function declared in the contract (#391)
Changed
- Refactor slither-check-upgradeability: the checks follow the same coding pattern than the bug detectors (#410)
- Change how modifiers and constructor calls are integrated in the CFG. This removes false positives created because of unreachable nodes (#406)
- Use
crytic-compile
0.1.7 - Remove false positives in
uninitialized-state
(#407)
Fixed
Assets
2
0.6.9 - 2019-12-20
This release fixes minor bugs and updates Slither to crytic-compile 0.1.6
. Additionally, we moved from Travis CI to GitHub actions.
Thanks to our external contributors:
Added
--remove-assert
flag toslither-flat
. Use this feature to write custom properties for Echidna withassert
and have them automatically removed byslither-flat
when the code is deployed. (#366)
Changed
constant-function
detector is split intoconstant-function-asm
andconstant-function-state
and will not raise an issue if solc >= 0.5 is used (#380)- Use GitHub Actions instead of Travis CI (#381, #385)
- Use upper and lower bounds for the
solc-version
detector (#378) solc-version
now recommends solc 0.5.11 over 0.5.3 (#390)
Fixed
Assets
2
0.6.8 - 2019-11-22
This release introduces two new utilities: slither-check-erc
to check ERC conformance, and slither-check-kspec
to report the coverage of a K specification. New types of reentrancy are detected (send
/transfer
and event-based) and several improvements were made to slither-check-upgradeability
. Internally, this release introduces a new JSON output API. All printers and most of the utilities now have JSON output.
Thanks to our external contributors:
Added
slither-check-erc
: check for conformance to the most used ERCs #350slither-check-kspec
: report K specification coverage #364- Each detector result has a unique ID, allowing for duplicate removal (#367)
- pop to SlithIR conversion (#359)
- New printer:
evm
to print the source code that matches EVM bytecode (#281) - New reentrancy detectors:
send
/transfer
and event-based (#375)
Changed
- The JSON output API was replaced with a simpler and standardized API (#355, #362)
- All the printers have JSON output (#356)
slither-check-upgradeability
: several improvements (#354), including:- Check for constant conformance
- Remove false positive on fallback function
- Allow the CLI to work without the proxy contract. Note: the CLI flags were changed [BREAKING CHANGE]
- JSON output
- Contract summary printer: add upgradeability info (#369) and
remove shadowed function (#353) - Docker improvements (#244)
- Remove false positive on uninitialized state variable detector due to
delegatecall
proxy (#370)
Fixed
slither-flat
: handle cycles (#373)
Assets
2
0.6.7 - 2019-10-04
This release introduces slither-format
, a tool that automatically generates patches for discovered vulnerabilities, and slither-flat
, which flattens the codebase. Thanks to crytic-compile, slither-flat
enables contract flattening for nearly all available smart contract development frameworks.
If you like Slither, consider subscribing to crytic.io for access to additional private detectors and GitHub integrations. Follow @CryticCI for more information.
Added
slither-format
: automatic patch generation. Features:- Supports issues discovered by the
unused-state
,solc-version
,pragma
,naming-convention
,external-function
,constable-states
, andconstant-function
detectors. - Generates
git
patches - JSON integration
- Supports issues discovered by the
slither-flat
: flatten a codebase. Features:--contract contract_name
: outputs only the contracts necessary to compilecontract_name
--convert-external
: converts an external function to public. This is meant to help developers use Echidna.
- Echidna printer: Displays information useful for guiding fuzzing.
- IR conversion for constant variables declaration (#333, #338)
Changed:
- Update to crytic-compile 0.1.4 (which adds support for Brownie)
- CLI: print the number of detectors run (#322)
- Dapp test: use cache to seep up travis (#339)
- External function detectors: merge shadowed functions (#334)
- Add optimization detection to human summary printer (#330)
- Silence reports about
_echidna
or_crytic
properties in the naming convention detector (#317)
Fixed
Assets
2
0.6.6 - 2019-08-16
This release changes internal functions and how modifiers are represented, improves the JSON format, removes detectors' false positives, and fixes numerous bugs.
Thanks to our external contributors:
Thanks to our users for reporting numerous bugs, in particular @elenadimitrova, @yxliang01, and @sobolev-igor.
Added
- Add
exclude-dependencies
flag (#269) - Add Optimization type and
--exclude-optimization
flag (#265), #269) - AragonOS detection (#276)
- New printer: constructor calls (#299)
Changed
- [Breaking change] Remove the instance sharing for functions and modifiers. Each function or modifier has now
contract
andcontract_declarer
properties, where contract points to the contract's instance and the contract declarer to the contract where the function was originally declared (#213). - [Breaking change] Use unique JSON element per detector finding (#263)
- [Breaking change] Add type to JSON result and improve the log in console/file (#266)
- Move third parties tools to
slither.tools
(#313) - Remove false positive in external function detector in case of parameter written (#257)
- Remove false positive in naming convention in case of unnamed parameters (#260)
- Remove false positive in naming convention for constructor (aec680c)
- Improve ternary operators support (#301)
- Late conversion of the subdenomination value (#305)
- Refactor reentrancy detector and add support for create-based reentrancy (#311)
Fixed
- Incorrect source mapping for if/while/for condition (#245)
- Incorrect variable order in printer (#254)
- Incorrect source mapping due to text conversion (#252)
- Incorrect type for constant with implicit conversion (#283)
- Incorrect arguments to crytic-compile (4cbe048)
Note: 0.6.5 contained a bug in the reentrancy detector. Please avoid this version since it unnecessarily reported false-positives.
Assets
2
0.6.4 - 2019-05-14
This release brings new detectors, several bugfixes, and a new util slither-simil
, to perform code similarity. Additionally, the json output was heavily improved.
This release is also the first one compatible with our new Visual Studio Code plugin, try it out!
Thanks to your external contributors, for their work and their suggestions!
@GillesdeB
@sobolev-igor
@yxliang01
Added
- New detectors:
slither-simil
: code similarity using machine learning (see the documentation)
Changed
- Improve
unused-return
results (#230) - Improve
solc-version
results #240 - Update to
crytic-compile
version0.1.1
- Add
crytic-compile
options toslither-check-upgradeability
andslither-find-paths
(#231) - The json format was heavily changed. See its documentation for more details. Notable changes:
- At the top level, the json contains information about the success of the Slither's run
- Each element has 3 required information (
type
,name
,source_mapping
), and two optional ones:type_specific_fields
andadditional_fields
- The
source_mapping
has not four types of filename, as well as the column information (see Source mapping documentation
- Improvement of the human summary printer: lines and contracts number, ERCs and standard libraries detection (#228)
- Improve parsing of Literals (fbd1ddb), and type propagation
- Remove FPs on the incorrect erc20 interface dettector (#215)
- Clean exception handling (#229)
Fixed
Assets
2
montyly released this
0.6.3 - 2019-04-24
This release is the first one based on crytic-compile
, the library standardizes smart contracts compilation and allows Slither to work natively on new platforms. Additionally, this release brings one new detector.
Thanks to our external contributor, @shshzi, who worked on the Right-To-Left-Override character
detector
For Embark users: make sure to update embark-contract-info to 1.1.0
Added
- Native support to Dapp, Etherlime, and Etherscan (see the documentation)
- New detector:
Right-To-Left-Override character
#201
Changed
- Json output: source mappings contain now four filenames (absolute/relative/short/used)
- The command line options now match
crytic-compile
options (ex:--disable-solc-warnings
is renamed--solc-disable-warnings
). See thecrytic-compile
Documentation for more details.
Assets
2
0.6.2 - 2019-03-05
This release brings Embark native support, fixes several bugs, and improves slither-check-upgradeability
.
Added
- Embark support (see the documentation) (#196)
- Support for Solidity
selector
keyword (605ea7f) --truffle-build-directory
flag to support custom build directory (#187)
Changed
- Rename
slither-check-upgradability
toslither-check-upgradeability
(bffa59f) --ignore-truffle-compile
flag renamed to--truffle-ignore-compile
- Improve
slither-check-upgradeability
output and documentation. - API changed: Add framework detection within
Slither
object; the caller does not need to check for native/truffle/embark (ee1b4c2)
Fixed
Assets
2
0.6.1 - 2019-03-04
This release brings a new utility: slither-find-paths
to review complex codebase, adds a new check to slither-check-upgradability
, and fixes minor bugs.
Added
slither-find-paths
: Utility to review complex contracts (see the Finding Paths Utility Documentation)slither-check-upgradability
: Add checks on correct contract's initialization #182- Improve Windows support #179
Changed
- Calls in loop detector: remove duplicate results ( 39500c0)
- Call graph printer: export functions individually (833e390)
- API changed: make GENERIC_TAINT optional on
is_tainted
call #181
Fixed
Assets
2
0.6.0 - 2019-02-15
This release adds 3 new detectors, 5 new printers, improves the overall usability of Slither, and introduces a new tool: slither-check-upgradability
to help to review upradable contracts. User and developer documentation has dramatically improved. This release brings also several bugfixes, API enhancements and lowers the rate of false positives for several detectors.
Thanks to our external contributors @cty12, @mrice32 and @ptare for their numerous bug reports.
Added
- Detectors:
erc20-interface
: Incorrect ERC20 interfaceserc20-indexed
: Un-indexed ERC20 event parametersdeprecated-standards
: Deprecated Solidity Standards
- Printers:
data-dependency
: Print the data dependencies of the variablesfunction-id
: Print the keccack256 signature of the functionsmodifiers
: Print the modifiers called by each functionrequire
: Print the require and assert calls of each functionvariable-order
: Print the storage order of the state variables
- Command line usage:
--ignore-truffle-compile
: do not runtruffle compile
--disable-color
: disable output colorization--triage-mode
: run slither in its triage mode. For every finding, Slither will ask if the result should be shown for the next run.--filter-paths
: exclude all the results that are only related to the given paths.- Configuration file: Slither options can be configured through a JSON file. See the documentation
slither-check-upgradability
: Utility to help reviewing upgradable contracts- Dependency: require
pysha3>=1.0.2
Changed:
- Reduce the false alarms rates of:
- Improve Truffle integration: Slither will automatically switch to the truffle version provided in
package.json
(#154) - Improve SSA conversion: Use of an interprocedural sensitive analysis (follow parameters) (#156 (comment))
- Improve data dependency: Compute a fix-point on function context (#171)
- Improve inheritance printer output (#162, #166)
- Add support of
staticall
(#152)
Fixed
- Several minors bugs, including:
Assets
2
Assets
2
0.5.2 - 2019-01-31
This release improves performance, fixes minor bugs, and simplifies the generation of our documentation.
Added
- Add a vulnerability description to all the detectors, then use that to auto-generate the wiki documentation.
Changed
- Improve the reentrancy heuristics: the reentrancy information is computed only one time, and its information is shared across all the reentrancy variants.
- Use a cache system for the
function.all_*
properties - Re-add the
Length
SlithIR operator (ed7afe0)
Fixed
- Incorrect read information in case of ReferenceVariable (1cdc34e)
Assets
2
0.5.1 - 2019-01-25
This release fixes minor bugs and adds support for a handful of missing operations.
We gave a presentation about Slither during our last office hours. We discussed the framework, how it works and its future evolution. The video is available here.
Added
- Support for constructors declared as a modifier and in the contract's definition (
contract B is A(10){
) (#132) - Support for
gas
andvalue
in dynamic function calls (#132) - Support for ternary conversions in modifiers (#140)
- Support for hexadecimal in subdenominations (#147)
- Support for user-defined types in functions (#136)
- Support for indexed information in events (c032328)
Fixed
Assets
2
0.5.0 - 2019-01-14
This release adds support for static single assignment (SSA) to SlithIR for both local and state variables. The use of SSA facilitates the tracking data dependencies and will enable more precise detectors. There are three new detectors: incorrect-equality
, shadowing-builtin
, shadowing-local
, and one new printer: cfg
. Detection of reentrancy was improved and now has three levels of severity. This release also includes bugfixes and lowers the rate of false positives for several detectors.
Thanks to our external contributors @mrice32 and @ptare for their numerous bug reports.
Added
- Detectors:
incorrect-equality
: Dangerous strict equalities, such asthis.balance == 0 ether
.shadowing-builtin
: Shadowing of builtin symbolsshadowing-local
: Local variables shadowing the contract's elements
- SSA on SlithIR:
- Add
Phi
operator - Add
LocalIRVariable
andStateIRVariable
(they contain the SSA index) - Follow Cooper, Harvey, Kennedy to compute minimal SSA
- Add additional
Phi
operators at function entrance and after external calls to handle state variables
- Add
- Alias Analysis to track storage references
- Integrate alias analysis info into the SSA engine for precise SSA construction (note there is a limitation: alias analysis is not yet interprocedural and has no support for functions returning a storage reference)
- Add new printer:
cfg
, which exports the CFG of each function (8452b32) - Add dominators information
- List of dominator nodes
- Dominator tree
- Dominance frontier
Changed
- The
reentrancy
detector is split into three variants to facilitate the triage of results:reentrancy-eth
: theft of ether and read before writing (high severity)reentrancy-no-eth
: no theft of ether and read before writing (medium severity)reentrancy-benign
: no read before writing (low severity)
- The data dependency is now computed using the SSA
- Multiple new contract and function helpers (b549a3e, 57a0918, a704635)
- Improve subdenomination support (
ether
,wei
,days
, ..) bdca730 - Lower false positive for several detectors:
Bugfixes
Assets
2
0.4.0 - 2018-12-14
This release brings 4 new detectors, improves the support for Solidity >=0.5, and fixes several minor issues.
Thanks to our external contributors!
@adamhos
@mattaereal
@mihairaulea
Added
- New detectors:
shadowing-state
: Detect state variables shadowedshadowing-abstrac
t: Detect state variables shadowed from abstract contractstimestamp
: Detect dangerous usage ofblock.timestamp
calls-loop
: Detect dangerous calls inside a loop
--trufle-version version
flag: Allow to install and run a local version of truffle (#105)slither --truffle-version truffle@beta .
: Run truffle with Solidity 0.5slither --truffle-version truffle@4.1.14 .
: Run truffle with Solidity 0.4
Changed
Fixed
Assets
2
0.3.1 - 2018-12-03
This release fixes minor bugs and improves the json output.
Changed
- Improve json ouput:
- Add helpers to
abstract_detector
- Use more detailed output for each detector and more precise source mapping information
- Document the json: https://github.com/trailofbits/slither/wiki/JSON-output
- Add helpers to
- Add support for Truffle projects using a
truffle-config.js
file instead oftruffle.js
- Fix incorrect slithIR conversion for mapping of mapping (#83)
- Fix minor bugs (remove duplicate constructors, fix incorrect
is_implemented
attribute inModifier
)
Assets
2
0.3.0 - 2018-11-20
This release brings 4 new detectors, 1 new printer, improved UX, and several bug fixes.
Thanks to the Ethereum Community Fund for funding Gitcoin bounties!
Thanks also to our external contributors!
@anukul
@benstew
@rmi7
@rluijk
@samparsky
Added
- New detectors:
controlled-delegatecall
: Detect user-controlled delegatecall destinationconstant-function
: Detect constant functions that change stateuninitialized-local
: Detect uninitialized local variablesunused-return-value
: Detect unused return values
- New printer:
human-summary
: Print a human readable summary of the contracts
Changed
- Refactored the output of the detectors:
- Bug descriptions are more verbose
- Add line number information
- Create vulnerability descriptions with short descriptions, exploit scenarios, and recommendations
- Refactored unit tests to output to JSON
- Simplified integration with Truffle (slither now runs
truffle compile
automatically when applied to a Truffle directory)
Recommendation
- Use the
constant-function
detector to ensure correct interactions between contracts compiled with Solidity <0.5 and >=0.5
Assets
2
0.2.0 - 2018-10-30
This release brings 2 new detectors, 2 new printers, integration with Truffle, and enhancements to SlithIR and the detector API.
Thanks to the Ethereum Community Fund for funding many Gitcoin bounties!
Thanks also to our external contributors!
@cryptomental
@evgeniuz
@pvgupta24
@redshark1802
@samparsky
Added
- Truffle integration. Slither can be run on a Truffle directory:
truffle compile && slither .
- new detectors:
constable-states
: Detect state variables that could be declared constantexternal-function
: Detect public functions that could be declared as external
- new printers:
call-graph
: Export the call-graph of the contracts to a dot fileinheritance
: Print the inheritance relations between contracts
- Support for solc's compact AST
Changed
- The original
inheritance
printer is now calledinheritance-graph
- Command line arguments are easier to use
- SlithIR bugfixes and improvements
- Internal API changes: #58
Watchers:34 |
Star:730 |
Fork:174 |
创建时间: 2018-09-06 05:56:35 |
最后Commits: 9天前 |
许可协议:AGPL-3.0 |
7751cba
Compare
0.7.0 - 2020-12-18
This release contains 26 new detectors, including a detector for a recent bug in Aave (
unprotected-upgrade
), deletion of mapping with structures (mapping-deletion
), lack of events (events-access
,event-maths
), a shift-related issue on YUL (incorrect-shift
), modifiers that can return the default value (incorrect-modifier
), and multiple informational and compiler-related bugs. Additionally, it introduces the triage of results using inline comments. Use// slither-disable-next-line DETECTOR_NAME
before a statement to disable the detector. Finally, we added the support for Solidity top-level objects.We would like to thanks @josh-richardson for his contributions to the inline comment feature.
Added
abiencoderv2-array
array-by-reference
assert-state-change
controlled-array-length
costly-loop
events-access
events-math
function-init-state
incorrect-modifier
incorrect-unary
incorrect-shift
mapping-deletion
missing-inheritance
missing-zero-check
multiple-constructors
public-mappings-nested
redundant-statements
reused-constructor
similar-names
storage-array
unimplemented-functions
uninitialized-fptr-cst
unprotected-upgrade
variable-scope
weak-prng
ObjectContract
andObjectTopLevel
(ex:FunctionContract
andFunctionTopLevel
)Changed
Fixed