This academic paper has published in the International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), colocated with ICSE.
The paper provides more details on how the use of a sophisticated intermediate language based on Static Single Assignment (SSA) form, a key advance in the development of modern optimizing compilers, lets Slither go about its work quickly and effectively, and makes it easy to extend Slither to new tasks.
A static analysis framework that provides fine-grained information about smart contract code and has the necessary flexibility to support many applications.
The framework is currently used for the following:
#1. Automated vulnerability detection without user intervention or additional specification effort.
#2. Automated detects code optimizations that the compiler misses.
#3. Code understanding summarizes and displays contracts’ information to aid your study of the codebase.
#4. Assisted code review and A user can interact with Slither through its API.
Slither works as follows:
It takes as initial input the Solidity Abstract Syntax Tree (AST) generated by the Solidity compiler.
Just point a contract to analyze, Slither works out of the box with the most common frameworks, including Truffle, Embark, and Dapp.
It then generates the contract’s inheritance graph, the control flow graph (CFG), and the list of all expressions in the contract.
It then translates the code of the contract into SlithIR, an internal representation language that makes precise and accurate analyses easier to write.
Finally, it runs a set of pre-defined analyses that provide enhanced information to other modules (e.g., computing data flow, protected function calls, etc.).
Fig. 1: How Slither works
contrast Slither (release 0.5.0) with other open-source static analysis tools to detect vulnerabilities in Ethereum smart contracts:
Securify (revision 37e2984), SmartCheck (revision 4d3367a) and Solhint (release 1.1.10) focus on the tools’ reentrancy detectors.
an example of a simple reentrant contract that can be exploited to drain all of its ether by calling withdrawBalance with a fallback function that calls withdrawBalance again Fig. 2: An exploitable reentrant contract
experimented with one thousand of the most used contracts (those with the largest number of transactions) for which Etherscan provides the source code, to obtain the following results: Fig. 3: Slither outperforms the other tools in every category
Using a dataset of one thousand contracts, the tools were run on each contract with a timeout of 120 seconds, using only reentrancy detectors. manually disabled other detection rules to avoid the introduction of bias in the measurements.
The timeout may be one of the conditions that affect the outcome.
Slither false positive rate of 10.9%; followed by Securify with 25%.
SmartCheck and Solhint have extremely high false-positive rates: 73.6% and 91.3% (!) respectively
reentrancy is detected (flagged contracts) and the average number of findings per flagged contract.
#1. SmartCheck flags a larger number of contracts, confirming its high false-positive rate (it flags about seven times as many contracts as Slither).
#2. Securify flags a very small number of contracts, which indicates that the tool fails to detect a number of true positives found by other tools;
Slither is the fastest tool, followed by Solhint, SmartCheck, and, finally, Securify.
Slither failed only for 0.1% of the contracts; meanwhile, Solhint failed around 1.2%. SmartCheck and Securify are less robust, failing 10.22% and 11.20% of the time, respectively.
Surya, the most similar tool for smart contract code understanding, static analyses. Code understanding tools that do not incorporate deeper analyses are limited to superficial information
Slither(recently released the version 0.6.4) is the core of crytic.io, continuous assurance system (think “Travis-CI but for Ethereum”), which unleashes all the Slither analyses to protect smart contracts. https://crytic.io https://www.trailofbits.com/ https://empireslacking.herokuapp.com/ https://blog.trailofbits.com/2018/10/19/slither-a-solidity-static-analysis-framework/