0.6.1 - 2019-03-04

This release brings a new utility: slither-find-paths to review complex codebase, adds a new check to slither-check-upgradability, and fixes minor bugs.

Added

• slither-find-paths: Utility to review complex contracts (see the Finding Paths Utility Documentation)
• slither-check-upgradability: Add checks on correct contract's initialization #182
• Improve Windows support #179

Changed

• Calls in loop detector: remove duplicate results ( 39500c0)
• Call graph printer: export functions individually (833e390)
• API changed: make GENERIC_TAINT optional on is_tainted call #181

Fixed

• Incorrect SlithIR conversion in case of explicit base contract usage (8a94a6e, c6e090e, b992010)
• Use referenced declaration for functions to fix reference not found (AST compact only)
  #177
• Fix typo in callcode 8344c4e

0.6.0 - 2019-02-15

This release adds 3 new detectors, 5 new printers, improves the overall usability of Slither, and introduces a new tool: slither-check-upgradability to help to review upradable contracts. User and developer documentation has dramatically improved. This release brings also several bugfixes, API enhancements and lowers the rate of false positives for several detectors.

Thanks to our external contributors @cty12, @mrice32 and @ptare for their numerous bug reports.

Added

• Detectors:
  • erc20-interface: Incorrect ERC20 interfaces
  • erc20-indexed: Un-indexed ERC20 event parameters
  • deprecated-standards: Deprecated Solidity Standards
• Printers:
  • data-dependency: Print the data dependencies of the variables
  • function-id: Print the keccack256 signature of the functions
  • modifiers: Print the modifiers called by each function
  • require: Print the require and assert calls of each function
  • variable-order: Print the storage order of the state variables
• Command line usage:
  • --ignore-truffle-compile: do not run truffle compile
  • --disable-color: disable output colorization
  • --triage-mode: run slither in its triage mode. For every finding, Slither will ask if the result should be shown for the next run.
  • --filter-paths: exclude all the results that are only related to the given paths.
  • Configuration file: Slither options can be configured through a JSON file. See the documentation
• slither-check-upgradability: Utility to help reviewing upgradable contracts
• Dependency: require pysha3>=1.0.2

Changed:

• Reduce the false alarms rates of:
  • Unused variables: consider expression oustide of the functions' scope #167
  • Reentrancy: check if a call to this is reentrancy-safe + don't consider view/pure calls for Solidity >= 0.5 #127 #126
  • Locked ether: follow libraries calls #163
• Improve Truffle integration: Slither will automatically switch to the truffle version provided in package.json (#154)
• Improve SSA conversion: Use of an interprocedural sensitive analysis (follow parameters) (#156 (comment))
• Improve data dependency: Compute a fix-point on function context (#171)
• Improve inheritance printer output (#162, #166)
• Add support of staticall (#152)

Fixed

• Several minors bugs, including:
  • Incorrect SSA conversion on Return (59af388)
  • is_storage property on StateVariableIR/LocalVariableIR (59af388)
  • Crash when two variables have the same name #151
  • Incorrect location for LocalVariableIR (#143)
  • Add constant folding visitor to avoid crash on expression-based length (#144)

0.5.2 - 2019-01-31

This release improves performance, fixes minor bugs, and simplifies the generation of our documentation.

Added

• Add a vulnerability description to all the detectors, then use that to auto-generate the wiki documentation.

Changed

• Improve the reentrancy heuristics: the reentrancy information is computed only one time, and its information is shared across all the reentrancy variants.
• Use a cache system for the function.all_* properties
• Re-add the Length SlithIR operator (ed7afe0)

Fixed

• Incorrect read information in case of ReferenceVariable (1cdc34e)

0.5.1 - 2019-01-25

This release fixes minor bugs and adds support for a handful of missing operations.

We gave a presentation about Slither during our last office hours. We discussed the framework, how it works and its future evolution. The video is available here.

Added

• Support for constructors declared as a modifier and in the contract's definition (contract B is A(10){ ) (#132)
• Support for gas and value in dynamic function calls (#132)
• Support for ternary conversions in modifiers (#140)
• Support for hexadecimal in subdenominations (#147)
• Support for user-defined types in functions (#136)
• Support for indexed information in events (c032328)

Fixed

• UTF8 file encoding (#146)
• Parsing of empty do-while loop (#133)

0.5.0 - 2019-01-14

This release adds support for static single assignment (SSA) to SlithIR for both local and state variables. The use of SSA facilitates the tracking data dependencies and will enable more precise detectors. There are three new detectors: incorrect-equality, shadowing-builtin, shadowing-local, and one new printer: cfg. Detection of reentrancy was improved and now has three levels of severity. This release also includes bugfixes and lowers the rate of false positives for several detectors.

Thanks to our external contributors @mrice32 and @ptare for their numerous bug reports.

Added

• Detectors:
  • incorrect-equality: Dangerous strict equalities, such as this.balance == 0 ether.
  • shadowing-builtin: Shadowing of builtin symbols
  • shadowing-local: Local variables shadowing the contract's elements
• SSA on SlithIR:
  • Add Phi operator
  • Add LocalIRVariable and StateIRVariable (they contain the SSA index)
  • Follow Cooper, Harvey, Kennedy to compute minimal SSA
  • Add additional Phi operators at function entrance and after external calls to handle state variables
• Alias Analysis to track storage references
• Integrate alias analysis info into the SSA engine for precise SSA construction (note there is a limitation: alias analysis is not yet interprocedural and has no support for functions returning a storage reference)
• Add new printer: cfg, which exports the CFG of each function (8452b32)
• Add dominators information
  • List of dominator nodes
  • Dominator tree
  • Dominance frontier

Changed

• The reentrancy detector is split into three variants to facilitate the triage of results:
  • reentrancy-eth: theft of ether and read before writing (high severity)
  • reentrancy-no-eth: no theft of ether and read before writing (medium severity)
  • reentrancy-benign: no read before writing (low severity)
• The data dependency is now computed using the SSA
• Multiple new contract and function helpers (b549a3e, 57a0918, a704635)
• Improve subdenomination support (ether, wei, days, ..) bdca730
• Lower false positive for several detectors:
  • locked-ether: #114
  • external-function: #118
  • constable-states: fc4ac0c

Bugfixes

• Incorrect return nested array #121,
• Support for empty tuple in return 7813fdf
• Support for implicit uint256->int256 conversion on function matching #120
• Support ternary in return statement #115

0.4.0 - 2018-12-14

This release brings 4 new detectors, improves the support for Solidity >=0.5, and fixes several minor issues.

Thanks to our external contributors!

@adamhos
@mattaereal
@mihairaulea

Added

• New detectors:
  • shadowing-state: Detect state variables shadowed
  • shadowing-abstract: Detect state variables shadowed from abstract contracts
  • timestamp: Detect dangerous usage of block.timestamp
  • calls-loop: Detect dangerous calls inside a loop
• --trufle-version version flag: Allow to install and run a local version of truffle (#105)
  • slither --truffle-version truffle@beta . : Run truffle with Solidity 0.5
  • slither --truffle-version truffle@4.1.14 . : Run truffle with Solidity 0.4

Changed

• Improve Solidity 0.5.0 and 0.5.1 support (#102)
• Json output format (#108)

Fixed

• Variable unpacking issue for the contract printer (#104)
• Multiple minor parsing bugs (#98, #99, #100)
• Incorrect do-while recovery (#97)
• SlithIR: incorrect return tuple conversion (#89)

0.3.1 - 2018-12-03

This release fixes minor bugs and improves the json output.

Changed

• Improve json ouput:
  • Add helpers to abstract_detector
  • Use more detailed output for each detector and more precise source mapping information
  • Document the json: https://github.com/trailofbits/slither/wiki/JSON-output
• Add support for Truffle projects using a truffle-config.js file instead of truffle.js
• Fix incorrect slithIR conversion for mapping of mapping (#83)
• Fix minor bugs (remove duplicate constructors, fix incorrect is_implemented attribute in Modifier)

0.3.0 - 2018-11-20

This release brings 4 new detectors, 1 new printer, improved UX, and several bug fixes.

Thanks to the Ethereum Community Fund for funding Gitcoin bounties!

Thanks also to our external contributors!
@anukul
@benstew
@rmi7
@rluijk
@samparsky

Added

• New detectors:
  • controlled-delegatecall: Detect user-controlled delegatecall destination
  • constant-function : Detect constant functions that change state
  • uninitialized-local : Detect uninitialized local variables
  • unused-return-value : Detect unused return values
• New printer:
  • human-summary: Print a human readable summary of the contracts

Changed

• Refactored the output of the detectors:
  • Bug descriptions are more verbose
  • Add line number information
  • Create vulnerability descriptions with short descriptions, exploit scenarios, and recommendations
• Refactored unit tests to output to JSON
• Simplified integration with Truffle (slither now runs truffle compile automatically when applied to a Truffle directory)

Recommendation

• Use the constant-function detector to ensure correct interactions between contracts compiled with Solidity <0.5 and >=0.5

0.2.0 - 2018-10-30

This release brings 2 new detectors, 2 new printers, integration with Truffle, and enhancements to SlithIR and the detector API.

Thanks to the Ethereum Community Fund for funding many Gitcoin bounties!

Thanks also to our external contributors!
@cryptomental
@evgeniuz
@pvgupta24
@redshark1802
@samparsky

Added

• Truffle integration. Slither can be run on a Truffle directory: truffle compile && slither .
• new detectors:
  • constable-states: Detect state variables that could be declared constant
  • external-function: Detect public functions that could be declared as external
• new printers:
  • call-graph: Export the call-graph of the contracts to a dot file
  • inheritance: Print the inheritance relations between contracts
• Support for solc's compact AST

Changed

• The original inheritance printer is now called inheritance-graph
• Command line arguments are easier to use
• SlithIR bugfixes and improvements
• Internal API changes: #58