Skip to content

Releases: crytic/slither

v0.9.1

03 Nov 20:26
Compare
Choose a tag to compare

0.9.1 - 2022-11-03

This release contains several bug fixes, and a new tool - slither-doctor - to help debugging slither.

We would like to thank all our external contributors:

Added

  • slither-doctor: a new tool to help diagnose issues with Slither (#1384)

Changed

  • Add contract types in constant optimization detector (#1443)
  • Remove redundant calls (#1434)
  • Missing text in solc version recommendation (#1406)
  • slither-flat support for top level objects (#1441 )

Fixed

  • Missing inherited storage slots in slither-read-storage (#1444)
  • Triage mode not working properly (#1435)
  • An incorrect parsing of library events (#1442)

v0.9.0

05 Oct 13:43
Compare
Choose a tag to compare

0.9.0 - 2022-10-05

This release contains:

  • 3 new detectors
  • Reduction of false positives in detectors
  • Refactoring that will help us adding new features
  • Breaking changes in the internal APIs
  • Fixes for several bugs and improvements to testing

This release moves the Python requirement to 3.8.

We would like to thank all our external contributors:

For Foundry users: we do not support multiple compiler versions at the moment (see foundry-rs/foundry#3450).

Refactored

  • The source mapping API, to ease integration with third parties (#877) API breaking change
  • Solidity signature API (#1323, #1349, #1356) API breaking change
  • slither-read-storage to make it easier to maintain (#1311)

Added

  • Detector:
    • arbitrary-send-erc20 (#1025)
    • arbitrary-send-erc20-permit (#1025)
    • domain-separator-collision (#1334)
  • Printer
  • New flags
    • --checklist, to produce a markdown containing slither's results (#1190)
    • --convert-library-to-internal in slither-flat (#1298)
  • Hash of known codebase to detect known libraries (#1134)
  • Support for ERC1363, ERC4524 in slither-check-erc(#1274)
  • Solidity support
    • IdentifierPath(#1227)
    • min/max support for enum (#1276)
    • Top level enum (#1300)
  • More python type hints (#1388)
  • Testing
    • Tests for unification of path filtering across POSIX and Windows (#1303)
    • Detectors tests (#858)
    • New SSA tests (#1205)
    • Unit tests for new solc version (#1268)
  • pip-audit in the CI (#1243)
  • Improve setup.py with dev deps (#1178)
  • New API to detect if a type is dynamicType.is_dynamic (#1175)

Changed

  • Change the exit code returned by Slither (#1278, #1359) If you are using Slither in a CI, check out the new flags --fail-pedantic/--fail-high/--fail-medium/ ... and --no-fail-pedantic. The default behavior is --fail-pedantic, but this will be updated to be --no-fail-pedantic in a future release
  • Updated the solc-version recommendations (#1389)
  • Remove FPs on the external-functions detectors (#1318)
  • Remove FPs on the unprotected_upgradeable detector (#1344)
  • Remove immutable variable from the variable order printer (#1184)
  • too-many-digits detector: ignore checksummed address (#1193)
  • Better python regex (#1200, #1185)
  • Improvements to the dockerfile (#1242, #1335, #1369)
  • Unify path across POSIX and Windows (#1196)
  • Improve debug info in case of name reuse (#870)
  • Improvements to the exclude-dependencies flag (#1317)
  • Improvements to the function-id printer (#886)
  • Improvements to the constant parsing (#1377)
  • Improvements to the support of virtual modifier (#1387)
  • Use of the latest crytic-compile version (a008df7)

Fixed

v0.8.3

21 Apr 17:00
Compare
Choose a tag to compare

0.8.3 - 2022-04-21

This release lets users to enhance Slither through code comments (see example below), adds a new tool to read variable storage values on-chain (slither-read-storage), removes false positives in existing detectors, improves Solidity 0.8 support, and fixes several bugs. Slither also now supports Foundry.

Please use our slither-action for CI integration!

Enhancing Slither through code comments

In the following code:

  • @custom:security non-reentrant before the variable declaration will indicate to Slither that the external calls from this variable are non-reentrant
  • @custom:security write-protection="onlyOwner()" will indicate to Slither that writing to this variable must be done through onlyOwner
contract ReentrancyAndWrite{

    /// @custom:security non-reentrant
    /// @custom:security write-protection="onlyOwner()"
    I external_contract;

    modifier onlyOwner(){
        // lets assume there is an access control
        _;
    }   

    mapping(address => uint) balances;

    function withdraw() public{
        uint balance = balances[msg.sender];

        external_contract.external_call();

        balances[msg.sender] = 0;
        payable(msg.sender).transfer(balance);
    }
    
    function set_protected() public onlyOwner(){
        external_contract = I(msg.sender);
    }  

    function set_not_protected() public{
        external_contract = I(msg.sender);
    }
}

Please let us know what you think of this code comment feature! Share your ideas on Github, or join us on Slack. We're looking for new use cases and feedback.

Thanks to our contributors for this release:

Added

  • Enhanced analyses through code comments (#1089)
  • slither-read-storage (#968)
  • New printer to identify misuse of whenNotPaused (#1128)
  • slither-action in the README (#1053)
  • Solidity support
    • user defined types (#1135)
    • top level variables (#1032)
    • string.concat (#1086)
    • .offset/length in yul (#1085)
    • unary operation on constant (#1094)
  • Support for ERC4626, 2612 in slither-check-erc (#1111)
  • pip-audit in the CI (#1006)
  • Template for github issue (#1044, #1083)

Improved

  • Remove FPs in detectors:
  • Solidity support
    • custom error lookup (#1156)
    • Function lookup for bytes (#1163)
    • ternary operator (#1162)
    • Top-level structure with import (#1068)
    • Top level with custom error (#1131)
  • Notification when the config file is missing (#1041, #1054)
  • Github super linter improvements (#1023, #1045, #1088, #1157)
  • slither-check-erc output (#1016)
  • Typo in missing zero validation detector (#1037)
  • slither-prop support for builder (#712)
  • Improved to the Echidna printer (#878, #1132)
  • Improve determinism for detector results (#1049)
  • Python type hint (#1055)
  • Unit tests for the AST parsing (#1069, #1118, #1101)
  • Auto install of solc versions in the CI (#1073)
  • Show ignored findings by default for the checklist (#1082)
  • Typo in slither-mutate (#1104)
  • Move to f-strings (#1107, #1110)
  • Multiple minors improvements to slither-flat (#1125)
  • Prioritize ignore comment over exclude dependencies (#1120)
  • Windows support (#1065, #1137)
  • Crytic-compile@0.2.3 - which adds Foundry support

Fixed

  • Missing json output for printers #1012
  • Infinite loop in the RTLO detector (#1108)
  • Infinite recursion in show_ignore_findings (#1092)

v0.8.2

10 Dec 10:53
Compare
Choose a tag to compare

0.8.2 - 2021-12-10

This release adds two new detectors that catch recent vulnerabilities in SushiSwap and Opyn vulnerabilities, and significantly improves Solidity 0.8 support (including top-level functions, custom errors, and immutable variables). Additionally, the code objects have now scope-file information, which improves Slither on codebases where contract or structure name are repeated.

For their contributions, we would like to thank:

Added

  • Two new detectors
    • delegatecall inside a loop (#992) (SushiSwap vuln)
    • msg.value inside a loop (#991) (Opyn vuln)
  • Support for top-level functions (#945, #949, #987)
  • Support for immutable variables (#946)
  • Support for custom errors (#947)
  • Info on how synchronize with crytic-compile in the contributing guidelines (#994)

Changed

  • Improve calls-loop detector (#925)
  • Improve costly-loop detector (#926)
  • Improve support for units and globally available variables (#985)
  • Improve strict-equality detector (#952)
  • Add a function_language property to the function to determine if its a Solidity or Yul function (#987)
  • Validate inputs of --markdown-root flag (#988)
  • Refactor the core objects to contain a file scope (#990). This contains breaking changes
  • Update Solidity version recommendations (#999)

Fixed

  • Docker build (#967)
  • call-graph printer output (#973)
  • slither-flat --convert-external and --convert-private flags (#964)
  • Broken wiki link (#986)
  • Multiple minor fixes (#996, #997)

v0.8.1

16 Aug 17:15
Compare
Choose a tag to compare

0.8.1 - 2021-08-16

This release adds the SARIF support, which allows Slither to report issues through Github code scanning app. The github action will be released soon. In addition, the release brings many small issues and improvements to the detectors and tools.

We would like to thank our external contributors:

Added

  • Sarif support (#918).
  • slither-check-erc add ERC1155 support (34a4ae1)
  • Slither Rekt list (a2c5714)
  • More type hints (#906)

Changed

  • slither-check-upgradeability: improve heuristics to detect init functions (#853)
  • is_protected heuristic (#855)
  • Improve Abiencoderv2 detector (#848)
  • Multiple minor improvements in #856
  • Trophies.md list
  • Remove crytic.io notice (889d537)
  • Use crytic-compile@0.2.1, which adds BSC support, and fixes multiple bugs

Fixed

  • Bug in variable order printer (#849)
  • Wrong type in contract.py (#869)
  • Wrong wiki links (#876)
  • calldata support (#907)

v0.8.0

07 May 14:57
Compare
Choose a tag to compare

0.8.0 - 2021-05-07

This release significantly improves the support for Solidity 0.8 and adds detectors for 'unused-return-transfers', 'dead-code', and 'write-after-write'. Slither now supports multiple compilation units which solves many issues when using hardhat.

Thanks @sobolev-igor for his contribution!

Added

  • Support for multiple compilation units (#823) (breaking changes)
  • Support for nodes scope in the IR (#836) (breaking changes)
  • Support for block.chainid (https://github.com/crytic/slither/pull/821/files)
  • Support for .slot / .offset in YUL (#833)
  • Detectors
    • unused-return-transfers - specialization of the unused-return to help flagging dangerous tokens transfers (#822)
    • dead-code (#838)
    • write-after-write (#841)

Changed

Fixed

  • Type parsing for Solidity 0.8 (#817)
  • Incorrect type conversion on library lookup (#827)
  • Multiple minor fixes introduced since 0.7.1 (#842)

v0.7.1

29 Mar 17:44
Compare
Choose a tag to compare

0.7.1 - 2021-03-29

This release improves the controlled-array-length/solc-version detectors.

We are now listing the public bugs found by Slither in our Trophies list. Please contribute if you found vulnerabilities using Slither. It will help us to improve the tool!

We are currently investigating issues with hardhat support (crytic/crytic-compile#164). In the meantime, hardhat should be considered only partially supported.

Thank @gnattishness for his contribution to this release!

Added

Changed

  • Uninitialized local/state variable doc (#801)
  • Support for stop() in yul (#802)
  • Solc versions recommendations (#812)
  • Remove false positive on controlled-array-length detector (#813)
  • crytic-compile 0.1.13

Fixed

  • Incorrect function._can_send_eth (internal) (#747, #756, #758)
  • Inheritance graph output (#729, #766)
  • Bug for top-level user-defined types (#786)
  • slither-flat entry point (#791)
  • Source mapping for parameter/return in function definition (#800)
  • Multiple issues with the Echidna printer (#763)
  • Support for standalone return; statement with solc > 0.7 (#796)
  • Signed integer type propagation (#810)

v0.7.0

18 Dec 19:57
Compare
Choose a tag to compare

0.7.0 - 2020-12-18

This release contains 26 new detectors, including a detector for a recent bug in Aave (unprotected-upgrade), deletion of mapping with structures (mapping-deletion), lack of events (events-access, event-maths), a shift-related issue on YUL (incorrect-shift), modifiers that can return the default value (incorrect-modifier), and multiple informational and compiler-related bugs. Additionally, it introduces the triage of results using inline comments. Use // slither-disable-next-line DETECTOR_NAME before a statement to disable the detector. Finally, we added the support for Solidity top-level objects.

We would like to thanks @josh-richardson for his contributions to the inline comment feature.

Added

  • 26 detectors (#725, #732, #736)
    • abiencoderv2-array
    • array-by-reference
    • assert-state-change
    • controlled-array-length
    • costly-loop
    • events-access
    • events-math
    • function-init-state
    • incorrect-modifier
    • incorrect-unary
    • incorrect-shift
    • mapping-deletion
    • missing-inheritance
    • missing-zero-check
    • multiple-constructors
    • public-mappings-nested
    • redundant-statements
    • reused-constructor
    • similar-names
    • storage-array
    • unimplemented-functions
    • uninitialized-fptr-cst
    • unprotected-upgrade
    • variable-scope
    • weak-prng
  • Inline comment to suppress findings (#724)
  • (Partial) support for Solidity top-level objects (#728) API BREAKING CHANGE. All the related objects are now split between ObjectContract and ObjectTopLevel (ex: FunctionContract and FunctionTopLevel)

Changed

  • Use crytic-compile@0.1.12

Fixed

  • Printers filename related issues (#729, #726)

v0.6.15

07 Dec 19:43
Compare
Choose a tag to compare

0.6.15 - 2020-12-07

This release adds several performance optimizations to Slither. From our limited benchmark on codebases where Slither takes more than 1 minute to run, the optimizations lead to 2x improvements on average and up to x14 in certain cases. We also fixed an indeterministic detector output issue that could interact poorly with CIs and improved legacy AST support. Finally, we made improvements to slither-prop.

Thanks to @elenadimitrova for helping us debug the indeterministic detector output issue.

If you want access to additional detectors, try Crytic. It has 96 total vulnerabilities detectors.

Addded

  • Hidden --perf flag (debug) (#701)

Changed

  • Optimizations
    • Use of get_line_from_offset from crytic-compile (see crytic-compile@0.1.11 release note). It impacts codebase with a large number of files
    • Memoization for properties that are frequently used (#703). It impacts all the codebases
    • Rewrote the immediate dominator (#705). It impacts functions with complex cfg
    • Rewrote the fixpoint on the data dependencies (#707). It impacts functions for which the fixpoint is difficult to reach
  • Use of crytic-compile@0.1.11. Among others, this improves hardhat and dapp support.
  • Multiple improvements to slither-prop (#693, #713)

Fixed

  • Removed recursion in divide-before-multiply (#706)
  • Indeterministic output for multiple detectors (#486). This might lead previously triaged results to appear again (the finding IDs can have been affected)
  • Parsing of comments in legacy ast for Solidity 0.6.3 - 0.6.10 (#720). This mostly impacts dapp codebases.

v0.6.14

12 Nov 19:30
Compare
Choose a tag to compare

0.6.14 - 2020-11-12

This release improves support for Solidity 0.7 and fixes many bugs. We moved all our tests to pytest and significantly improved our parsing test coverage to help support multiple versions of Solidity.

If you'd like to help us improve Slither, please answer our user survey.

Additionally, we recently hosted a community call where we went through Slither's codebase, and showed its different components (see the recording).

Finally, we would like to thank our contributors for reporting issues and helping us improve Slither:

Added

Changed

  • Refactor existing detectors test suit to use pytest (#656)
  • Use crytic-compile@0.1.10. This includes hardhat support, and improvements for waffle and buidler.
  • Support for comparison between function pointers (#618)
  • Use black 19.10b0 instead of latest for Github's Super Linter (#680)
  • IR push conversion (#625)

Fixed

  • Multiple solc 0.7 parsing issues (#630, #642, #654)
  • Use unique variable names for YUL variables (#648)
  • CFG printer filename generation (#633)
  • Loop CFG recovery issues (#655)
  • Correctly link between nodes in the variables constructor step (#632)
  • Wiki link for naming convention (#651)
  • Minor Python types issues (#653)