0.4.0 - 2018-12-14

This release brings 4 new detectors, improves the support for Solidity >=0.5, and fixes several minor issues.

Thanks to our external contributors!

@adamhos
@mattaereal
@mihairaulea

Added

• New detectors:
  • shadowing-state: Detect state variables shadowed
  • shadowing-abstract: Detect state variables shadowed from abstract contracts
  • timestamp: Detect dangerous usage of block.timestamp
  • calls-loop: Detect dangerous calls inside a loop
• --trufle-version version flag: Allow to install and run a local version of truffle (#105)
  • slither --truffle-version truffle@beta . : Run truffle with Solidity 0.5
  • slither --truffle-version truffle@4.1.14 . : Run truffle with Solidity 0.4

Changed

• Improve Solidity 0.5.0 and 0.5.1 support (#102)
• Json output format (#108)

Fixed

• Variable unpacking issue for the contract printer (#104)
• Multiple minor parsing bugs (#98, #99, #100)
• Incorrect do-while recovery (#97)
• SlithIR: incorrect return tuple conversion (#89)

0.3.1 - 2018-12-03

This release fixes minor bugs and improves the json output.

Changed

• Improve json ouput:
  • Add helpers to abstract_detector
  • Use more detailed output for each detector and more precise source mapping information
  • Document the json: https://github.com/trailofbits/slither/wiki/JSON-output
• Add support for Truffle projects using a truffle-config.js file instead of truffle.js
• Fix incorrect slithIR conversion for mapping of mapping (#83)
• Fix minor bugs (remove duplicate constructors, fix incorrect is_implemented attribute in Modifier)

0.3.0 - 2018-11-20

This release brings 4 new detectors, 1 new printer, improved UX, and several bug fixes.

Thanks to the Ethereum Community Fund for funding Gitcoin bounties!

Thanks also to our external contributors!
@anukul
@benstew
@rmi7
@rluijk
@samparsky

Added

• New detectors:
  • controlled-delegatecall: Detect user-controlled delegatecall destination
  • constant-function : Detect constant functions that change state
  • uninitialized-local : Detect uninitialized local variables
  • unused-return-value : Detect unused return values
• New printer:
  • human-summary: Print a human readable summary of the contracts

Changed

• Refactored the output of the detectors:
  • Bug descriptions are more verbose
  • Add line number information
  • Create vulnerability descriptions with short descriptions, exploit scenarios, and recommendations
• Refactored unit tests to output to JSON
• Simplified integration with Truffle (slither now runs truffle compile automatically when applied to a Truffle directory)

Recommendation

• Use the constant-function detector to ensure correct interactions between contracts compiled with Solidity <0.5 and >=0.5

0.2.0 - 2018-10-30

This release brings 2 new detectors, 2 new printers, integration with Truffle, and enhancements to SlithIR and the detector API.

Thanks to the Ethereum Community Fund for funding many Gitcoin bounties!

Thanks also to our external contributors!
@cryptomental
@evgeniuz
@pvgupta24
@redshark1802
@samparsky

Added

• Truffle integration. Slither can be run on a Truffle directory: truffle compile && slither .
• new detectors:
  • constable-states: Detect state variables that could be declared constant
  • external-function: Detect public functions that could be declared as external
• new printers:
  • call-graph: Export the call-graph of the contracts to a dot file
  • inheritance: Print the inheritance relations between contracts
• Support for solc's compact AST

Changed

• The original inheritance printer is now called inheritance-graph
• Command line arguments are easier to use
• SlithIR bugfixes and improvements
• Internal API changes: #58