-
Notifications
You must be signed in to change notification settings - Fork 987
Usage
All the crytic-compile
options are available through Slither.
To run Slither on a Truffle/Dapp/Etherlime directory:
slither .
To run Slither on a Embark directory, on the first run, use:
slither . --embark-overwrite-config
It will:
- install @trailofbits/embark-contract-plugin.
- add
@trailofbits/embark-contract-plugin
toembark.json
plugin list.
Following runs will not need the --embark-overwrite-config
flag, you can run Slither with slither .
.
Alternatively, you can do those two steps manually, and run directly slither .
Ensure that you have embark-contract-info >= 1.1.0
To run Slither from a Solidity file:
slither file.sol
To run Slither from a contract hosted on Etherscan, run
slither 0x7F37f78cBD74481E593F9C737776F7113d76B315
We recommend installing solc-select, so Slither can switch to the expected solc version automatically.
To run Slither on a AST file generated by solc, run:
slither file.ast.json
- To disable the solc warnings:
--disable-solc-warnings
- To disable the output colorization:
--disable-color
- To export the result to a json file:
--json file.json
- To export to stdout instead of a file, simply replace the filename with
-
- To export to stdout instead of a file, simply replace the filename with
By default, slither run all the detectors.
To run only selected detectors, use --detect detector1,detector2
. For example:
slither file.sol --detect arbitrary-send,pragma
To exclude detectors, use --exclude detector1,detector2
. For example:
slither file.sol --exclude naming-convention,unused-state,suicidal
To exclude detectors with an informational or low severity, use --exclude-informational
or --exclude-low
.
--list-detectors
lists available detectors.
By default, no printer are run.
To run selected printers, use --print printer1,printer2
. For example:
slither file.sol --print inheritance-graph
--list-printers
lists available printers.
--filter-paths path1,path2
will exclude all the results that are only related to path1
and path2
. The path specified can be a path directory or a filename. It is used as a direct text comparison, and there is no regular expression supported.
Examples:
slither . --filter-paths openzepellin
Filter all the results only related to openzepellin.
slither . --filter-paths SafeMath.sol
Filter all the results only related to the file SafeMath.sol
.
--triage-mode
run slither in its triage mode. For every finding, Slither will ask if the result should be shown for the next run.
Results are saved in slither.db.json
.
Examples:
slither . --triage-mode
[...]
0: C.destination (test.sol#3) is never initialized. It is used in:
- f (test.sol#5-7)
Reference: https://github.com/trailofbits/slither/wiki/Vulnerabilities-Description#uninitialized-state-variables
Results to hide during next runs: "0,1,..." or "All" (enter to not hide results): 0
[...]
The second run of Slither will hide the above result.
To show the hidden results again, delete slither.db.json
.
Some options can be set through a json configuration file. By default, slither.conf.json
is used if present (it can be changed through --config-file file.conf.json
).
If an option is set by the configuration file and the command line, the command line option is selected;
The following flags are supported:
{
"detectors_to_run": "detector1,detector2",
"printers_to_run": "printer1,printer2",
"detectors_to_exclude": "detector1,detector2",
"exclude_informational": false,
"exclude_low": false,
"exclude_medium": false,
"exclude_high": false,
"solc": "solc",
"solc_args": "",
"disable_solc_warnings": false,
"json": "",
"truffle_build_directory": "custom/path",
"truffle_version": "[email protected]",
"disable_color": false,
"filter_paths": "file1.sol,file2.sol",
"ignore_truffle_compile": false,
"legacy_ast": false
}
- Remix https://github.com/samparsky/remix-plugin-slither (http://remix.ethereum.org/ integration in progress)
- Embark https://github.com/embark-framework/embark-slither (Work in progress)
- Visual studio https://github.com/samparsky/slither-vscode (Work in progress)