Recent Releases of slither-analyzer

slither-analyzer - 0.11.3

This minor release updates some dependencies.

What's Changed

Update web3, eth-* dependencies by @elopez in https://github.com/crytic/slither/pull/2710

Full Changelog: https://github.com/crytic/slither/compare/0.11.2...0.11.3

- Python
Published by smonicas 10 months ago

slither-analyzer - 0.11.2

This minor release fixes a bug in the storage pointer analysis.

What's Changed

Fix written variables in storage pointer analysis by @smonicas in https://github.com/crytic/slither/pull/2707

Full Changelog: https://github.com/crytic/slither/compare/0.11.1...0.11.2

- Python
Published by smonicas 10 months ago

This release improves the support of unicode character where previously it would have resulted in erroneous source mapping for tools such as slither-flat and slither-mutate, adds function calls stack information to simplify the understanding of the output for certain detectors (calls-loop, costly-loop, delegatecall-loop, msg-value-loop) and other bug fixes.

What's Changed

Fix order yul parsing identifiers by @smonicas in https://github.com/crytic/slither/pull/2671
Fixes issue 2524, Slot Calculation for Variables that Cross 32-Byte by @Jayakumar2812 in https://github.com/crytic/slither/pull/2664
Fix slither-read-storage crash when a structure has only other structs as fields by @smonicas in https://github.com/crytic/slither/pull/2666
Improve the support for sstore/sload with simple slot access by @montyly in https://github.com/crytic/slither/pull/2670
Refactor docs by @montyly in https://github.com/crytic/slither/pull/2685
Dev update entry points printer by @nisedo in https://github.com/crytic/slither/pull/2668
Update MyPrettyTable alignment to left-align all fields by default by @nisedo in https://github.com/crytic/slither/pull/2672
Improved unicode support in mutator, flattener, and more by @bohendo in https://github.com/crytic/slither/pull/2662
chore: fix some typos in comments by @shenpengfeng in https://github.com/crytic/slither/pull/2678
slither-mutate: Check if a contract is an interface properly by @smonicas in https://github.com/crytic/slither/pull/2697
Improve support for storage pointer analysis by @montyly in https://github.com/crytic/slither/pull/2677
Propagate type aliases from base to derived contracts by @smonicas in https://github.com/crytic/slither/pull/2693
Add calls stack information to detectors by @smonicas in https://github.com/crytic/slither/pull/2696

New Contributors

@Jayakumar2812 made their first contribution in https://github.com/crytic/slither/pull/2664
@shenpengfeng made their first contribution in https://github.com/crytic/slither/pull/2678

Full Changelog: https://github.com/crytic/slither/compare/0.11.0...0.11.1

- Python
Published by smonicas 10 months ago

slither-analyzer - 0.11.0

This release adds support for the latest Solidity features like using a custom error in a require statement and transient storage, adds 7 new detectors, 2 new printers and various other improvements. NOTE: There are breaking changes to some API in particular the variables properties in the Contract class (see https://github.com/crytic/slither/pull/2588) and the *Calls API (see https://github.com/crytic/slither/pull/2555).

The new detectors are:

pyth-deprecated-functions: Detect Pyth deprecated functions
pyth-unchecked-confidence: Detect when the confidence level of a Pyth price is not checked
pyth-unchecked-publishtime: Detect when the publishTime of a Pyth price is not checked
chronicle-unchecked-price: Detect when Chronicle price is not checked
gelato-unprotected-randomness: Call to _requestRandomness within an unprotected function
chainlink-feed-registry: Detect when chainlink feed registry is used
optimism-deprecation: Detect when deprecated Optimism predeploy or function is used

The new printers are:

entry-points: Print all the state-changing entry point functions of the contracts
cheatcode: Print the usage of (Foundry) cheatcodes in the code

The following is an example of the entry-points printer for Uniswap v4 core.

Screenshot 2025-02-03 at 20 44 15

We thank all of our external contributors for their effort!

What's Changed

Enable running slither as pre-commit hook by @dbast in https://github.com/crytic/slither/pull/2521
Add support custom errors in require by @smonicas in https://github.com/crytic/slither/pull/2550
bugfix: IR generation when parsing Event as left variable by @hamdiallam in https://github.com/crytic/slither/pull/2567
Fix #2266 by @DarkaMaul in https://github.com/crytic/slither/pull/2412
Improve performances of offsets references. by @DarkaMaul in https://github.com/crytic/slither/pull/2481
CI Improvement by @montyly in https://github.com/crytic/slither/pull/2571
Add Optimism deprecation detector by @smonicas in https://github.com/crytic/slither/pull/2575
Add Pyth deprecated functions detector by @smonicas in https://github.com/crytic/slither/pull/2580
Add StateVariable location by @smonicas in https://github.com/crytic/slither/pull/2585
Add Chainlink feed registry detector by @smonicas in https://github.com/crytic/slither/pull/2576
Add Pyth unchecked publishTime and confidence detectors by @smonicas in https://github.com/crytic/slither/pull/2581
Add Chronicle unchecked price detector by @smonicas in https://github.com/crytic/slither/pull/2584
Add Gelato VRF unprotected request detector by @smonicas in https://github.com/crytic/slither/pull/2582
Add instruction in README for how to upgrade slither by @CJ42 in https://github.com/crytic/slither/pull/2498
Improve transient storage support by @smonicas in https://github.com/crytic/slither/pull/2588
Fix IR conversion when an Event selector is accessed by @smonicas in https://github.com/crytic/slither/pull/2589
Echidna printer Improve values extraction by @smonicas in https://github.com/crytic/slither/pull/2574
Printer cheatcode by @DarkaMaul in https://github.com/crytic/slither/pull/2413
chore: fix some comments by @withbest in https://github.com/crytic/slither/pull/2518
fix: mapping to type value lookup with top-level constant by @0xalpharush in https://github.com/crytic/slither/pull/2568
Add assert information for echidna by @smonicas in https://github.com/crytic/slither/pull/2560
Fix reorder arguments when a function is overridden with diff param names by @smonicas in https://github.com/crytic/slither/pull/2611
fix: typos in documentation files by @leopardracer in https://github.com/crytic/slither/pull/2607
Boxes + horizontal flow makes for more readable call graphs by @DanielVF in https://github.com/crytic/slither/pull/2603
Fix reorder argument edge case by @smonicas in https://github.com/crytic/slither/pull/2614
Updated slither-mutate logs by @bohendo in https://github.com/crytic/slither/pull/2625
incorrect-modifier: Fix infinite loop by @smonicas in https://github.com/crytic/slither/pull/2628
Fix arevariableswritten analysis for named return variables by @smonicas in https://github.com/crytic/slither/pull/2631
Fix detectors wiki links by @smonicas in https://github.com/crytic/slither/pull/2640
Pyth detectors: Fix assertion error by @smonicas in https://github.com/crytic/slither/pull/2639
Typo fix README.md by @dedyshkaPexto in https://github.com/crytic/slither/pull/2641
slither-mutate: fix AOR mutator by @smonicas in https://github.com/crytic/slither/pull/2653
Add entry-points printer to identify all externally accessible state-changing functions by @nisedo in https://github.com/crytic/slither/pull/2616
Update README.md by @hexshire in https://github.com/crytic/slither/pull/2656

New Contributors

@dbast made their first contribution in https://github.com/crytic/slither/pull/2521
@hamdiallam made their first contribution in https://github.com/crytic/slither/pull/2567
@withbest made their first contribution in https://github.com/crytic/slither/pull/2518
@leopardracer made their first contribution in https://github.com/crytic/slither/pull/2607
@DanielVF made their first contribution in https://github.com/crytic/slither/pull/2603
@dedyshkaPexto made their first contribution in https://github.com/crytic/slither/pull/2641
@nisedo made their first contribution in https://github.com/crytic/slither/pull/2616
@hexshire made their first contribution in https://github.com/crytic/slither/pull/2656

Full Changelog: https://github.com/crytic/slither/compare/0.10.4...0.11.0

- Python
Published by smonicas about 1 year ago

slither-analyzer - 0.10.4

This is a minor release that fixes some issues caused by updates to the web3.py library. Also, it contains fixes/improvements for a couple detectors: fix the solc-version detector which was warning on solc versions without bugs, don't report arbitrary-send-eth if the recipient if it's an immutable value, disable unused-import as it was slow and not handling a few edge cases correctly. Finally, slither-check-upgradeability has a new check which identifies the bug that was the cause of the most recent Ronin hack (see https://github.com/crytic/slither/pull/2536).

We thank all of our external contributors for their effort!

What's Changed

arbitrary-send-eth: Don't report if destination is immutable state var by @smonicas in https://github.com/crytic/slither/pull/2488
sync dev <> master by @0xalpharush in https://github.com/crytic/slither/pull/2493
Update WIKIDESCRIPTION for "deadcode.py" by @ThomasHeim11 in https://github.com/crytic/slither/pull/2492
Dockerfile: fix ckzg build by @elopez in https://github.com/crytic/slither/pull/2494
Added length check on bugs_by_version for specific version_number by @MukulKolpe in https://github.com/crytic/slither/pull/2499
Bump docker/build-push-action from 5 to 6 by @dependabot in https://github.com/crytic/slither/pull/2486
Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 by @dependabot in https://github.com/crytic/slither/pull/2485
Improve slither-mutate testing by @DarkaMaul in https://github.com/crytic/slither/pull/2482
Add a new parameter max_width to MyPrettyTable by @DarkaMaul in https://github.com/crytic/slither/pull/2426
slither-mutate: (AOR) Fix for dynamic array operations by @smonicas in https://github.com/crytic/slither/pull/2484
Bump sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0 by @dependabot in https://github.com/crytic/slither/pull/2508
ci: require web3 with <5 eth_typing deps by @0xalpharush in https://github.com/crytic/slither/pull/2537
add upper bound by @0xalpharush in https://github.com/crytic/slither/pull/2541
Revert "Reduce verbosity for InvalidCompilation errors" by @0xalpharush in https://github.com/crytic/slither/pull/2529
disable unused import by @0xalpharush in https://github.com/crytic/slither/pull/2540
tool: add detector for multiple new reinitializers by @QiuhaoLi in https://github.com/crytic/slither/pull/2536
Bump pypa/gh-action-pip-audit from 1.0.8 to 1.1.0 by @dependabot in https://github.com/crytic/slither/pull/2531
sync master <> dev by @0xalpharush in https://github.com/crytic/slither/pull/2506

New Contributors

@ThomasHeim11 made their first contribution in https://github.com/crytic/slither/pull/2492
@MukulKolpe made their first contribution in https://github.com/crytic/slither/pull/2499
@QiuhaoLi made their first contribution in https://github.com/crytic/slither/pull/2536

Full Changelog: https://github.com/crytic/slither/compare/0.10.3...0.10.4

- Python
Published by 0xalpharush over 1 year ago

slither-analyzer - 0.10.3

This is a minor release that fixes several bugs, improves performance, and addresses some false positives. There is a new flag, --include-detectors, to override exclusion rules e.g. run a specific low severity detector while excluding others with --exclude-low. The detector, similar-names, has been removed.

We would like to thank our external contributors: - @careworry - @xiaoxianBoy - @vovikhangcdv - @utx0

What's Changed

Fix: unused state var detector for abstract/library by @0xalpharush in https://github.com/crytic/slither/pull/2419
Remove deprecated flags and their migration. by @DarkaMaul in https://github.com/crytic/slither/pull/2410
Fix #2430 by @DarkaMaul in https://github.com/crytic/slither/pull/2431
Chore: fix some typos in comments by @careworry in https://github.com/crytic/slither/pull/2433
Restore plugin example to working state by @elopez in https://github.com/crytic/slither/pull/2436
Chore: fix some typos in comments by @alwayshang in https://github.com/crytic/slither/pull/2444
Reduce verbosity for InvalidCompilation errors by @DarkaMaul in https://github.com/crytic/slither/pull/2417
Configure coderabbit review to also consider PR on dev branch. by @DarkaMaul in https://github.com/crytic/slither/pull/2441
chore: fix typos and link update by @xiaoxianBoy in https://github.com/crytic/slither/pull/2453
chore: recommend upgrading in issue template by @0xalpharush in https://github.com/crytic/slither/pull/2457
Features/perf improvment by @DarkaMaul in https://github.com/crytic/slither/pull/2438
Fix: use contract declarer's scope for name resolution by @0xalpharush in https://github.com/crytic/slither/pull/2459
Fix bugs in the EVM printer by @DarkaMaul in https://github.com/crytic/slither/pull/2435
Add detectors to include override exclude args by @nsiregar in https://github.com/crytic/slither/pull/2440
Chore/remove unused scripts by @0xalpharush in https://github.com/crytic/slither/pull/2468
Fix inheritance printer rebase by @0xPhaze in https://github.com/crytic/slither/pull/2153
Add more academic references by @montyly in https://github.com/crytic/slither/pull/2270
Update: improve unhandled initializers in unprotected-upgrade detector by @vovikhangcdv in https://github.com/crytic/slither/pull/2203
Write slither.db.json file on each saveresultsto_hide by @utx0 in https://github.com/crytic/slither/pull/2071
Remove similar-names bc it's slow by @0xalpharush in https://github.com/crytic/slither/pull/2469
Improve message error for when Crytic throws a KeyError. by @DarkaMaul in https://github.com/crytic/slither/pull/2418
Fix regex patterns by @DarkaMaul in https://github.com/crytic/slither/pull/2442
Fix: do not flag imports from import container as unused by @0xalpharush in https://github.com/crytic/slither/pull/2471
Fix: filtering of unused-import,incorrect-solc, pragma by @0xalpharush in https://github.com/crytic/slither/pull/2472
Fix ordering and dead-code detector by @0xalpharush in https://github.com/crytic/slither/pull/2476

New Contributors

@careworry made their first contribution in https://github.com/crytic/slither/pull/2433
@alwayshang made their first contribution in https://github.com/crytic/slither/pull/2444
@xiaoxianBoy made their first contribution in https://github.com/crytic/slither/pull/2453
@0xPhaze made their first contribution in https://github.com/crytic/slither/pull/2153
@vovikhangcdv made their first contribution in https://github.com/crytic/slither/pull/2203
@utx0 made their first contribution in https://github.com/crytic/slither/pull/2071

Full Changelog: https://github.com/crytic/slither/compare/0.10.2...0.10.3

- Python
Published by 0xalpharush over 1 year ago

slither-analyzer - 0.10.2

0.10.2 - 2024-04-08

This minor release contains several enhancements and resolves several bugs, most notably: - Revamps slither-mutate with first class support for Foundry projects (see quickstart) - New detector identifies unused imports (slither . --detect unused-import) - Resolves longstanding issues in import resolution and lack of support for aliases (see https://github.com/crytic/slither/issues/1452) - Improves the reference/declaration API in order to facilitate LSP integration - Accurately models implicit returns in the intermediate representation (see https://github.com/crytic/slither/pull/1880)

We would like to thank our external contributors: - @Tiko7454 - @dokzai - @rustrover - @eltociear - @majorteach - @kevinclancy - @nsiregar - @bart1e

New Features

Slither-mutate: fit and finish by @bohendo in https://github.com/crytic/slither/pull/2302
Feat: add detector for unused imports by @0xalpharush in https://github.com/crytic/slither/pull/2392
Add virtual and override attribute in Function by @smonicas in https://github.com/crytic/slither/pull/2333
Feat/virtual override with refs by @0xalpharush in https://github.com/crytic/slither/pull/2376

Bug Fixes

Fix CONTINUE node in the cfg by @Tiko7454 in https://github.com/crytic/slither/pull/2047
Update inheritance graph printer to handle multiple contracts with same names by @dokzai in https://github.com/crytic/slither/pull/2159
Fix parsing of events by @smonicas in https://github.com/crytic/slither/pull/2365
Slither-mutate: bugfix when two files have the same name by @DarkaMaul in https://github.com/crytic/slither/pull/2357
Add support for send builtin by @0xalpharush in https://github.com/crytic/slither/pull/2212
Fix IR for top level functions with using-for by @smonicas in https://github.com/crytic/slither/pull/2367
Update PR#2034 by @0xalpharush in https://github.com/crytic/slither/pull/2384
Fix: preserve empty tuple components during declaration-to-assignment conversion by @kevinclancy in https://github.com/crytic/slither/pull/2034
Fix: guard literal implicit conversion for arrays by @0xalpharush in https://github.com/crytic/slither/pull/2383
Fix: add missing references in the source mapping API by @0xalpharush in https://github.com/crytic/slither/pull/2371
Fix: support aliases for NewContract operation by @0xalpharush in https://github.com/crytic/slither/pull/2370
Fix: add newline to incorrect-modifier output by @0xalpharush in https://github.com/crytic/slither/pull/2386
ArrayType: Check the folded length in eq by @smonicas in https://github.com/crytic/slither/pull/2331
Fix: lookup of type alias as member of contract by @0xalpharush in https://github.com/crytic/slither/pull/2404
Resolve available definitions from import by reference ID by @0xalpharush in https://github.com/crytic/slither/pull/2403
Filter name-reused detector to only run on Truffle projects (#2390) by @nsiregar in https://github.com/crytic/slither/pull/2394

Enhancements

Fix/model named returns by @0xalpharush in https://github.com/crytic/slither/pull/2326
Ci: linter, pylint: upgrade superlinter to v6 by @elopez in https://github.com/crytic/slither/pull/2303
Add funding metadata to repository by @elopez in https://github.com/crytic/slither/pull/2346
Create issue-metrics.yml by @0xalpharush in https://github.com/crytic/slither/pull/2366
Chore: remove repetitive word by @rustrover in https://github.com/crytic/slither/pull/2363
Update node.py by @eltociear in https://github.com/crytic/slither/pull/2358
Support python3.12 by @0xalpharush in https://github.com/crytic/slither/pull/2348
Chore: remove repetitive words by @majorteach in https://github.com/crytic/slither/pull/2373
Implement pytest parameterize on testimplicitreturns (#2350) by @nsiregar in https://github.com/crytic/slither/pull/2381
Wiki/too many digits by @0xalpharush in https://github.com/crytic/slither/pull/2385
Upgrade slither-mutate readme by @bohendo in https://github.com/crytic/slither/pull/2391
Add all variables read/written by @smonicas in https://github.com/crytic/slither/pull/2368
Add test for https://github.com/crytic/slither/pull/2331 by @0xalpharush in https://github.com/crytic/slither/pull/2405
Prepare for 0.10.2 release by @0xalpharush in https://github.com/crytic/slither/pull/2406
Removed unused import by @0xalpharush in https://github.com/crytic/slither/pull/2408

New Contributors

@rustrover made their first contribution in https://github.com/crytic/slither/pull/2363
@DarkaMaul made their first contribution in https://github.com/crytic/slither/pull/2357
@eltociear made their first contribution in https://github.com/crytic/slither/pull/2358
@majorteach made their first contribution in https://github.com/crytic/slither/pull/2373
@nsiregar made their first contribution in https://github.com/crytic/slither/pull/2381

Full Changelog: https://github.com/crytic/slither/compare/0.10.1...0.10.2

- Python
Published by 0xalpharush almost 2 years ago

slither-analyzer - 0.10.1

0.10.1 - 2024-02-29

This is a minor release that adds support for Solidity 0.8.24 and top level events. It includes a new detector, out-of-order-retryable, which detects potential misuse of Arbitrum's retryable transactions. Also, there is a new CLI flag, --include-paths which allows one to only include results from a given path.

We would like to thank all of our external contributors: - @VIELITE - @mds1 - @UsmannK - @ATREAY - @dokzai

What's Changed

New Features

Add support top level events by @smonicas in https://github.com/crytic/slither/pull/2219
Add support Solidity 0.8.24 by @smonicas in https://github.com/crytic/slither/pull/2281
Add --include-pathsoption by @smonicas in https://github.com/crytic/slither/pull/2330
- For example, slither . --include-paths (src/|contracts/) will only include results from files within src or contracts directory. Note, this is uses python-style regex and cannot be used at the same time as --filter-paths.
Feat: out of order retryable detector by @0xalpharush in https://github.com/crytic/slither/pull/2340

Bug Fixes

Fix: is_reentrant for internal vyper functions by @0xalpharush in https://github.com/crytic/slither/pull/2211
Fix: iterative update by @0xalpharush in https://github.com/crytic/slither/pull/2206
Fix: detect selfdestruct in internal calls by @0xalpharush in https://github.com/crytic/slither/pull/2232
Fix using for when used with "this" by @smonicas in https://github.com/crytic/slither/pull/2224
Fix: broken doc links by @mds1 in https://github.com/crytic/slither/pull/2299
Fix: slither: utils: respect colorization state when printing tables by @elopez in https://github.com/crytic/slither/pull/2310
Fix: support inheritance resolution when contract name is reused by @0xalpharush in https://github.com/crytic/slither/pull/2332
Fix: support renaming in base inheritance and base constructor calls by @0xalpharush in https://github.com/crytic/slither/pull/2320
Fix: immediate inheritance by @Tiko7454 in https://github.com/crytic/slither/pull/2306

Enhancements

Update README.md by @VIELITE in https://github.com/crytic/slither/pull/2198
Update installation instrucitons by @0xalpharush in https://github.com/crytic/slither/pull/2189
Update Dockerfile by @0xalpharush in https://github.com/crytic/slither/pull/2188
Raise an error when a missing contract is specified to read-storage by @UsmannK in https://github.com/crytic/slither/pull/2235
Remove unused files by @0xalpharush in https://github.com/crytic/slither/pull/2197
Substituted the letter z with x in pre-declaration by @ATREAY in https://github.com/crytic/slither/pull/2258
Upgraded Slither-mutate by @vishnuram1999 in https://github.com/crytic/slither/pull/2278
Divide-before-multiply: Detect also in modifiers by @smonicas in https://github.com/crytic/slither/pull/2280
Properties, documentation: correct tool descriptions and usage by @elopez in https://github.com/crytic/slither/pull/2311
Fix example by @0xalpharush in https://github.com/crytic/slither/pull/2312
Make triage database path customizable by @elopez in https://github.com/crytic/slither/pull/2298
Create a variable API that filters out constants and immutables by @dokzai in https://github.com/crytic/slither/pull/2323
Add regression test for #2313 by @0xalpharush in https://github.com/crytic/slither/pull/2321
Msg-value-loop: Don't report if msg.value is in a conditional expression by @smonicas in https://github.com/crytic/slither/pull/2239
Incorrect-shift: Detect only assembly blocks by @smonicas in https://github.com/crytic/slither/pull/2315
Track storage variables read/written in assembly by @smonicas in https://github.com/crytic/slither/pull/2329

New Contributors

@VIELITE made their first contribution in https://github.com/crytic/slither/pull/2198
@UsmannK made their first contribution in https://github.com/crytic/slither/pull/2235
@ATREAY made their first contribution in https://github.com/crytic/slither/pull/2258
@vishnuram1999 made their first contribution in https://github.com/crytic/slither/pull/2278

Full Changelog: https://github.com/crytic/slither/compare/0.10.0...0.10.1

- Python
Published by 0xalpharush almost 2 years ago

slither-analyzer - 0.10.0

0.10.0 - 2023-10-18

This release adds support for Vyper 0.3.7 (thanks to the funding from VyperLang)! Currently, Vyper frameworks such as Ape are not supported. To run slither on Vyper codebases, target the source directory e.g. run slither ./contracts if the Vyper contracts are in the contracts/ directory.

Additionally, this release includes 5 new detectors, 3 new printers, and several bugs fixes related to recent solidity features. The echidna/medusa integration was sped up and provides more information to the fuzzers.

With the release of crytic-compile 0.3.5, support for foundry projects is significantly improved: Slither can now be run on a single file from a foundry project and detect the necessary imports automatically (ex: run slither contracts/some_file.sol instead of slither .).

We would like to thank all of our external contributors:

@dokzai
@kevinclancy
@SEJeff
@SheldonHolmgren
@yisun92
@Tiko7454

What's Changed

New Features:

Vyper support by @0xalpharush in PR #2099
5 new detectors by @montyly in PR #2156
- incorrect-return / return-leave / incorrect-exp / tautological-compare / return-bomb
Printers
- ck by @devtooligan in PR #1895
- halstead by @devtooligan in PR #1878
- martin by @devtooligan in PR #1889

Breaking Changes:

Improve name resolution of type aliases by @smonicas in PR #2061
Change return type to UnaryType instead of UnaryOperationType by @dokzai in PR #2124

Enhancements:

Add CustomError as printable output by @smonicas in PR #2063
Improve mapping-deletion detector for nested mappings by @smonicas in PR #2084
Improve constants extraction of ReferenceVariable by @smonicas in PR #2098
Better struct handling in code generation util by @webthethird in PR #2068
Add end assembly node in the cfg by @smonicas in PR #2078
Use crytic-compile 0.3.5

Bug Fixes:

Fix CONTRIBUTING.md by @smonicas in PR #2052
Fix ternary rewrite test and make assertion more strict by @0xalpharush in PR #2067
UnaryOperation: -variable and +variable doesn't make variable an lvalue by @SheldonHolmgren in PR #2027
Fix assertion failure in dominator computation for dead code by @Tiko7454 in PR #1984
Fix typo in Contract.getstatevariablefromcanonical_name() by @yisun92 in PR #1983
Fix divide before multiply detector non deterministic results by @smonicas in PR #2114
Detectors: cachearraylength: include source mapping in finding by @elopez in PR #2076
Fix a typo in the help text by @SEJeff in PR #2155
Fix abi.decode tuple result with udt by @smonicas in PR #2048
Fix parsing super call expression by @smonicas in PR #2151
Fix(convert): do not convert array type to elementary for InitArray by @0xalpharush in PR #2018
Fix: reorder named arguments to match declaration order by @kevinclancy in PR #1949
Fix enum.max/min when enum in other contract by @smonicas in PR #2051

Continuous Integration and Dependencies:

Bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.10 by @dependabot in PR #2049, PR #2086
ci: add problem matchers for yamllint and pylint by @0xalpharush in PR #2070
Bump sigstore to 2.1.0 by @0xalpharush in PR #2081, PR #2154
Fix CI by @montyly in PR #2170
chore: bump sigstore to 2.0.0 by @0xalpharush in PR #2081
Bump actions/upload-pages-artifact, actions/checkout, cachix/install-nix-action, docker/setup-buildx-action, docker/build-push-action, docker/setup-qemu-action, docker/login-action by @dependabot in PR #2044, PR #2112, PR #2111, PR #2132, PR #2133, PR #2134, PR #2135

New Contributors

@SheldonHolmgren made their first contribution in https://github.com/crytic/slither/pull/2027
@yisun92 made their first contribution in https://github.com/crytic/slither/pull/1983
@dokzai made their first contribution in https://github.com/crytic/slither/pull/2110
@SEJeff made their first contribution in https://github.com/crytic/slither/pull/2155

Full Changelog: https://github.com/crytic/slither/compare/0.9.6...0.10.0

- Python
Published by montyly over 2 years ago

slither-analyzer - v0.9.6

0.9.6 - 2023-07-06

This release fixes a regression in the unchecked-lowlevel call detector and a crash in the cache-array-length detector.

What's Changed

fix(cache-array-length): handle when HighLevelCall is a StateVariable by @0xalpharush in https://github.com/crytic/slither/pull/2019
fix regression that caused retdata to be flagged by @0xalpharush in https://github.com/crytic/slither/pull/2029
docs(readme): add new docs link by @sambacha in https://github.com/crytic/slither/pull/2010

New Contributors

@dependabot made their first contribution in https://github.com/crytic/slither/pull/1992
@sambacha made their first contribution in https://github.com/crytic/slither/pull/2010

Full Changelog: https://github.com/crytic/slither/compare/0.9.5...0.9.6

- Python
Published by 0xalpharush over 2 years ago

slither-analyzer - v0.9.5

0.9.5 - 2023-06-28

This is a patch release that fixes forward compatibility with Python 3.11.

What's Changed

Fix execution in Python 3.11 by @elopez in https://github.com/crytic/slither/pull/2002

Full Changelog: https://github.com/crytic/slither/compare/0.9.4...0.9.5

- Python
Published by 0xalpharush over 2 years ago

slither-analyzer - v0.9.4

0.9.4 - 2023-06-26

This release adds initial support of user defined operators, improves support for try catch, reduces false positives, and fixes numerous bugs. Finally three new detectors, one new printer, and one new tool were added.

We would like to thank all of our external contributors: * @0xGusMcCrae * @0xxfu * @A-23187 * @DarrenChangJR * @PaulRBerg * @Tiko7454 * @Troublor * @aga7hokakological * @bossjoker1 * @daog1 * @duelinggalois * @kevinclancy * @ydm

For CI integration: If you were using the fail-high, fail-medium, fail-low, fail-pedantic in slither.conf.json, Slither will warn these configurations are deprecated and recommend migrating to the respective fail-on config e.g. fail-high becomes fail-on: high. These flags are now decoupled from excluding which detectors run, meaning the flags --exclude-informational and --exclude-optimization will be honored without also passing --no-fail-pedantic. Consider using slither-action for CI integration

Added

Detectors
- cache-array-length: Detects for loops that use length member of some storage array in their loop condition and don't modify it by @bart1e in https://github.com/crytic/slither/pull/1694
- encode-packed-collision: Detects collisions caused by use of encode packed on dynamic types by @0xalpharush in https://github.com/crytic/slither/pull/1845
- incorrect-using-for: Detects using-for statement usage when no function from a given library matches a given type by @bart1e in https://github.com/crytic/slither/pull/1653
- Printer
- loc- Count the total number lines of code (LOC), source lines of code (SLOC), and comment lines of code (CLOC) found in source files (SRC), dependencies (DEP), and test files (TEST) - by @devtooligan in https://github.com/crytic/slither/pull/1882
- Tool
- slither-interface generates a Solidity interface for a given contract. by @0xGusMcCrae in https://github.com/crytic/slither/pull/1898
- slither-read-storage can know retrieve custom storage layouts e.g. proxy with the --unstructured flag by @webthethird and @0xalpharush in https://github.com/crytic/slither/pull/1963
- slither-read-storage native POA support by @webthethird in https://github.com/crytic/slither/pull/1843
Solidity
- Support user defined operators by @smonicas in https://github.com/crytic/slither/pull/1684
- Add support for prevrando (solc 0.8.18) by @0xalpharush in https://github.com/crytic/slither/pull/1946
Testing
- Run tests in parallel locally with makefile by @0xalpharush in https://github.com/crytic/slither/pull/1808
- Snapshot testing insta by @0xalpharush in https://github.com/crytic/slither/pull/1820
APIs
- Generate interface code in new slither.utils.code_generation by @webthethird in https://github.com/crytic/slither/pull/1730
- Add upgradeability utils by @webthethird in https://github.com/crytic/slither/pull/1757
Add more types hints by @montyly in https://github.com/crytic/slither/pull/1666

Changed

Remove ExpressionTyped by @montyly in https://github.com/crytic/slither/pull/1672
Remove core.children by @montyly in https://github.com/crytic/slither/pull/1673
Remove unused visitors by @montyly in https://github.com/crytic/slither/pull/1674
Remove istoplevel dead code by @0xalpharush in https://github.com/crytic/slither/pull/1812
Remove modulo binop from can_be_checked_for_overflow by @0xalpharush in https://github.com/crytic/slither/pull/1894
Update CONTRIBUTING.md to explain compiling and adding snapshot tests by @0xalpharush in https://github.com/crytic/slither/pull/1844
Upgrade prettytable, use colored table by @0xalpharush in https://github.com/crytic/slither/pull/1766
Fail-on: rework feature by @elopez in https://github.com/crytic/slither/pull/1462
Changed name of the printer pausable -> not-pausable by @aga7hokakological in https://github.com/crytic/slither/pull/1823

Fixed

Do not detect incorrect-shift when rhs is constant by @0xalpharush in https://github.com/crytic/slither/pull/1891
Reduce false positives for incorrect-equality detector by @0xalpharush in https://github.com/crytic/slither/pull/1890
Incorrect-equality: do not check addresses by @ydm in https://github.com/crytic/slither/pull/1713
Fix is_storage for calldata variables by @smonicas in https://github.com/crytic/slither/pull/1806
Fixed: pausable printer includes checks on constructor() by @aga7hokakological in https://github.com/crytic/slither/pull/1824
Support new bytes expr in ternary by @0xalpharush in https://github.com/crytic/slither/pull/1817
Fix try catch infinite recursion by @smonicas in https://github.com/crytic/slither/pull/1832
Fix abi.decode with a UserDefinedType fixed array by @smonicas in https://github.com/crytic/slither/pull/1855
Preserve the order of sons when splitting ternary node by @Troublor in https://github.com/crytic/slither/pull/1850
Bug Fix: Contract obj isfullyimplemented by @DarrenChangJR in https://github.com/crytic/slither/pull/1848
Remove assertion in unary operation by @smonicas in https://github.com/crytic/slither/pull/1856
Improved interface code generation in slither.utils.code_generation by @webthethird in https://github.com/crytic/slither/pull/1802
Fix abi decode by @daog1 in https://github.com/crytic/slither/pull/1892
Improve reentrancy events documentation by @0xalpharush in https://github.com/crytic/slither/pull/1903
Add tx.gasprice to generic taints by @0xalpharush in https://github.com/crytic/slither/pull/1769
Make slither-flat work for top level errors, structs, enums by @smonicas in https://github.com/crytic/slither/pull/1852
Fix issue #1849: type_str not returning str by @DarrenChangJR in https://github.com/crytic/slither/pull/1914
FIx return variables shadowing compact AST by @smonicas in https://github.com/crytic/slither/pull/1912
Fix pop IR by @smonicas in https://github.com/crytic/slither/pull/1905
Parse assembly in modifier by @smonicas in https://github.com/crytic/slither/pull/1896
Improve tuple analysis for unused-return detector by @smonicas in https://github.com/crytic/slither/pull/1861
Uninitialized-local don't report variable in loop header by @smonicas in https://github.com/crytic/slither/pull/1911
Make type information of NewArray more precise by @Troublor in https://github.com/crytic/slither/pull/1784
Catch AssertionError and log context and raise again while parsing by @duelinggalois in https://github.com/crytic/slither/pull/1873
Fix generatesourcetoevmins_mapping by @A-23187 in https://github.com/crytic/slither/pull/1567
Local variable location fix by @Tiko7454 in https://github.com/crytic/slither/pull/1942
Fix: make converttostructureto_list return a type instead of an ElementaryType's type field by @kevinclancy in https://github.com/crytic/slither/pull/1935
Detect when ether is sent in Yul by @smonicas in https://github.com/crytic/slither/pull/1909
Fix bytes pop ir by @smonicas in https://github.com/crytic/slither/pull/1926
Do not recommend changing mutability for abstract contracts by @0xalpharush in https://github.com/crytic/slither/pull/1952
Improve try-catch parsing by @smonicas in https://github.com/crytic/slither/pull/1862
Fix yul function calls by @smonicas in https://github.com/crytic/slither/pull/1917
Optimizations for similar_variables.py by @0xGusMcCrae in https://github.com/crytic/slither/pull/1945
Inform user if inheritance cannot be resolved by @0xalpharush in https://github.com/crytic/slither/pull/1956
Handle if crytic-compile returns an empty ast by @smonicas in https://github.com/crytic/slither/pull/1961
Reduce false positives on modifying storage array by value detector by @bossjoker1 in https://github.com/crytic/slither/pull/1962
Docs: update recommendation for msg.value-inside-a-loop by @PaulRBerg in https://github.com/crytic/slither/pull/1971
Use current scope instead of parent scope to determine if arith. is checked by @0xalpharush in https://github.com/crytic/slither/pull/1951
Improved is_function_modified in upgradeability util by @webthethird in https://github.com/crytic/slither/pull/1938
Perform cross-contract taint analysis from diff of two upgrade versions by @webthethird in https://github.com/crytic/slither/pull/1816
Additional optimizations for similar_variables.py by @0xGusMcCrae in https://github.com/crytic/slither/pull/1980
Fix/canonical event name by @0xxfu in https://github.com/crytic/slither/pull/1976
Fixed issue which disallowed using operator[] with TopLevelVariables by @Tiko7454 in https://github.com/crytic/slither/pull/1968

New Contributors

@aga7hokakological made their first contribution in https://github.com/crytic/slither/pull/1824
@DarrenChangJR made their first contribution in https://github.com/crytic/slither/pull/1848
@ydm made their first contribution in https://github.com/crytic/slither/pull/1713
@daog1 made their first contribution in https://github.com/crytic/slither/pull/1892
@0xGusMcCrae made their first contribution in https://github.com/crytic/slither/pull/1898
@duelinggalois made their first contribution in https://github.com/crytic/slither/pull/1873
@A-23187 made their first contribution in https://github.com/crytic/slither/pull/1567
@Tiko7454 made their first contribution in https://github.com/crytic/slither/pull/1942
@kevinclancy made their first contribution in https://github.com/crytic/slither/pull/1935
@PaulRBerg made their first contribution in https://github.com/crytic/slither/pull/1971

Full Changelog: https://github.com/crytic/slither/compare/0.9.3...0.9.4

- Python
Published by 0xalpharush over 2 years ago

slither-analyzer - v0.9.3

0.9.3 - 2023-03-20

This release adds a new detector for high complexity functions, improves Echidna's performance (on enums), adds support for less common and new Solidity features (ternary operations, using for, and yul support), and improves slither-read-storage and existing detectors.

Additionally, we're so excited that Slither has been nominated in the latest round of @optimismFND 's RetroPGF's program! If you vote for these projects, please select Slither as one of your favorite tools from now until March 23!

We have also opened a GitHub discussion page for Slither to more easily communicate with our community of users and developers.

Finally, we would like to thank all of our external contributors: * @bart1e * @CodeSandwich * @Troublor * @sidarth16

Added

Detector: High cyclomatic complexity @bart1e in https://github.com/crytic/slither/pull/1618
Clarify requirement of installing solc by @CodeSandwich in https://github.com/crytic/slither/pull/1599
Slither-check-upgradeability: support complex datatypes by @webthethird in https://github.com/crytic/slither/pull/1535
Add enums to echidna printer's list of constants by @samalws in https://github.com/crytic/slither/pull/1665
Add cyclomatic complexity to function-summary by @smonicas in https://github.com/crytic/slither/pull/1685
Add github pages docs by @0xalpharush in https://github.com/crytic/slither/pull/1656
Add issue template for trouble with installation by @0xalpharush in https://github.com/crytic/slither/pull/1623
APIs
- Add unregister_detector by @sidarth16 in https://github.com/crytic/slither/pull/1722
- Add unregister_printer by @sidarth16 in https://github.com/crytic/slither/pull/1724

Changed

Detectors improvements
- Detect local shadowing of return vars by @0xalpharush in https://github.com/crytic/slither/pull/1510
- Consider constants in divide-before-multiply by @0xalpharush in https://github.com/crytic/slither/pull/1641
- Do not recommend to making strings immutable by @0xalpharush in https://github.com/crytic/slither/pull/1639
- Restrict variable-scope detector to only solc 0.4.x by @0xalpharush in https://github.com/crytic/slither/pull/1731
Minor codex improvements by @montyly in https://github.com/crytic/slither/pull/1600
Minor API improvements by @montyly in https://github.com/crytic/slither/pull/1601
Use enum string formatting by @0xalpharush in https://github.com/crytic/slither/pull/1636
Add more types by @montyly in https://github.com/crytic/slither/pull/1624
Update list of external publications by @montyly in https://github.com/crytic/slither/pull/1738
Abstract contract property by @bsamuels453 in https://github.com/crytic/slither/pull/1679
Improve echidna printer for user defined types by @montyly in https://github.com/crytic/slither/pull/1690
Revert "show ignored findings by default for checklist" by @0xalpharush in https://github.com/crytic/slither/pull/1643
Improve tests from 1625 by @montyly in https://github.com/crytic/slither/pull/1741
Improve parsing of contract's comment by @montyly in https://github.com/crytic/slither/pull/1734
Update filter-paths help by @0xalpharush in https://github.com/crytic/slither/pull/1749
Slithir printer improve top level functions format by @smonicas in https://github.com/crytic/slither/pull/1744
Add issue template for false neg. and positive by @0xalpharush in https://github.com/crytic/slither/pull/1753
Make web3 required dependency by @0xalpharush in https://github.com/crytic/slither/pull/1743
Update reentrancy_eth.py by @sidarth16 in https://github.com/crytic/slither/pull/1706
CI
- Run tests in parallel by @0xalpharush in https://github.com/crytic/slither/pull/1637
- Only run python linters when .py changed by @0xalpharush in https://github.com/crytic/slither/pull/1638
- Cancel action on new commits by @montyly in https://github.com/crytic/slither/pull/1661
- Improvements to GH actions by @montyly in https://github.com/crytic/slither/pull/1662
- Further CI improvements by @montyly in https://github.com/crytic/slither/pull/1663
- Update linter.yml name by @0xalpharush in https://github.com/crytic/slither/pull/1770
- Upgrade nix installation to fix CI installation by @0xalpharush in https://github.com/crytic/slither/pull/1711

Fixed

Fix ternary in nested expressions @0xalpharush in https://github.com/crytic/slither/pull/1650
Fix CI badge in README by @elopez in https://github.com/crytic/slither/pull/1603
Bugs fixed in strongly connected components and cyclomatic complexity algorithms by @bart1e in https://github.com/crytic/slither/pull/1617
'Not in UPPERCASEWITH_UNDERSCORES' warning for public constant vars removed by @bart1e in https://github.com/crytic/slither/pull/1530
Missing references fix by @bart1e in https://github.com/crytic/slither/pull/1604
Fix support for constant variable lookup in yul by @montyly in https://github.com/crytic/slither/pull/1611
Uninitialized storage fix by @0xalpharush in https://github.com/crytic/slither/pull/1725
Fix stdout capture by @0xalpharush in https://github.com/crytic/slither/pull/1740
Move assertion to proper branch by @montyly in https://github.com/crytic/slither/pull/1691
Include salt in operation, NewContract, reads by @0xalpharush in https://github.com/crytic/slither/pull/1762
Fix declaration and evm printer by @0xalpharush in https://github.com/crytic/slither/pull/1765
Fix IR operation when initializing array with one-element array literal by @Troublor in https://github.com/crytic/slither/pull/1761
WIKI URL fixed by @bart1e in https://github.com/crytic/slither/pull/1695
Fix using for global function name collision by @0xalpharush in https://github.com/crytic/slither/pull/1625

New Contributors

@CodeSandwich made their first contribution in https://github.com/crytic/slither/pull/1599
@samalws made their first contribution in https://github.com/crytic/slither/pull/1665
@sidarth16 made their first contribution in https://github.com/crytic/slither/pull/1722
@bsamuels453 made their first contribution in https://github.com/crytic/slither/pull/1679
@Troublor made their first contribution in https://github.com/crytic/slither/pull/1761

Full Changelog: https://github.com/crytic/slither/compare/0.9.2...0.9.3

- Python
Published by 0xalpharush almost 3 years ago

slither-analyzer - v0.9.2

0.9.2 - 2023-01-11

This release integrates codex into Slither via two features: - slither-documentation, a tool to auto-generate natspec for every function. See the usage on solmate. - the codex detector, which uses GPT3 to find vulnerabilities. This detector is not run by default and requires an explicit opt-in by using the --codex flag.

For both features, the environment variable OPENAI_API_KEY must be set. These features are experimental, and we recommend reading OpenAI's ToS, in particular, if you are using it on a private codebase. We will be exploring other areas where we can leverage LLM within Slither, and we would love the community's feedback and ideas.

Additionally, this release contains two new detectors, and refinements to existing detectors. This includes a better handling of nonReentrant for reentrancy detection, lowering the number of false alarms. Finally, this release contains several bug fixes and improvements for Solidity features such as "using for" directives and user defined value types.

We would like to thank all of our external contributors: -@ardislu -@bart1e -@devtooligan -@devtooligan -@mds1 -@Pavan-Nambi -@pcaversaccio -@plotchy

Thanks to the community effort, slither has now reached 100+ contributors.

Added

Add Codex vulnerability detector by @montyly and @devtooligan in https://github.com/crytic/slither/pull/1498, https://github.com/crytic/slither/pull/1499
Use Codex to generate solidity documentation by @montyly in https://github.com/crytic/slither/pull/1494
New detectors:
- recommend reading variable without this keyword to reduce STATICCALLs by @0xalpharush in https://github.com/crytic/slither/pull/1484
- recommend making state variables immutable by @0xalpharush in https://github.com/crytic/slither/pull/1455
Enable ignore comments for sections of code by @mds1 in https://github.com/crytic/slither/pull/1461, https://github.com/crytic/slither/pull/1483
- // slither-disable-start [detector] ... // slither-disable-end [detector]
Mark contract as proxy/ upgradeable with custom comments by @webthethird and @montyly in https://github.com/crytic/slither/pull/1517, https://github.com/crytic/slither/pull/1522
- @custom:security isDelegatecallProxy, @custom:security isUpgradeable, @custom:security version name=[v1]
Support ternaries in function call options by @0xalpharush in https://github.com/crytic/slither/pull/1501
Fold binary expressions with constant operands for fuzzing guidance by @0xalpharush in https://github.com/crytic/slither/pull/1508
Support abi.encodeCall by @plotchy in https://github.com/crytic/slither/pull/1460
Add VULNERABLE_SOLC_VERSIONS to detectors by @devtooligan and @montyly in https://github.com/crytic/slither/pull/1477, https://github.com/crytic/slither/pull/1485
Filter upgradeability checks by name/impact by @webthethird in https://github.com/crytic/slither/pull/1532
Add --no-fail mode for echidna printer by @montyly in https://github.com/crytic/slither/pull/1571
Create CODEOWNERS by @montyly in https://github.com/crytic/slither/pull/1561
slither-doctor: check PATH configuration by @elopez in https://github.com/crytic/slither/pull/1550

Changed

Improve reentrancy detectors by @montyly in https://github.com/crytic/slither/pull/1351
- Functions with nonReentrant modifiers will be filtered out unless a risk of cross-function reentrancy is detected
Improve support using for directive by @smonicas in https://github.com/crytic/slither/pull/1378
Improve support using for with aliasing by @smonicas in https://github.com/crytic/slither/pull/1563
Replace pysha3 with pycryptodome by @0xalpharush in https://github.com/crytic/slither/pull/1454
Remove unused PUSH operation from IR by @0xalpharush in https://github.com/crytic/slither/pull/1489
Sort printer outputs for determinism by @bart1e in https://github.com/crytic/slither/pull/1513
Use latest setuptools in CI by @montyly in https://github.com/crytic/slither/pull/1542
Update to the latest crytic-compile source unit API by @montyly in https://github.com/crytic/slither/pull/1528
Install only necessary solc versions in CI by @Pavan-Nambi in https://github.com/crytic/slither/pull/1546
Run tests by specific ID by @0xalpharush in https://github.com/crytic/slither/pull/1555

Fixed

Fix broken links by @pcaversaccio in https://github.com/crytic/slither/pull/1457
Fix typo in divide before multiply by @0xalpharush in https://github.com/crytic/slither/pull/1449
Fix dapp CI integration test by @montyly in https://github.com/crytic/slither/pull/1496
Improve protected variable detector by @montyly in https://github.com/crytic/slither/pull/1497
Update missing events wiki by @0xalpharush in https://github.com/crytic/slither/pull/1487
Copy event arguments during ssa conversion by @0xalpharush in https://github.com/crytic/slither/pull/1488
Fix ExtraVariablesProxy upgradeability check by @webthethird in https://github.com/crytic/slither/pull/1504
Fix naming-convention to flag single letter O or I variable by @ardislu in https://github.com/crytic/slither/pull/1470
Fix top level struct parsing by @smonicas in https://github.com/crytic/slither/pull/1545
Upgradeability: include inherited private variables, ignore immutables by @0xalpharush in https://github.com/crytic/slither/pull/1451
Fix and re-enable etherscan test by @elopez in https://github.com/crytic/slither/pull/1556
Fix using for directives in libraries by @smonicas in https://github.com/crytic/slither/pull/1568
Remove incomplete submodule by @elopez in https://github.com/crytic/slither/pull/1564
Handle malformed alias solc<0.6.0 by @0xalpharush in https://github.com/crytic/slither/pull/1547
Improve Yul parsing by @montyly in https://github.com/crytic/slither/pull/1559
Fix type conversion of user defined value types by @0xalpharush in https://github.com/crytic/slither/pull/1573
Resolve error referenced as member of contract by @0xalpharush in https://github.com/crytic/slither/pull/1574

New Contributors

@ardislu made their first contribution in https://github.com/crytic/slither/pull/1470
@bart1e made their first contribution in https://github.com/crytic/slither/pull/1513
@devtooligan made their first contribution in https://github.com/crytic/slither/pull/1477
@mds1 made their first contribution in https://github.com/crytic/slither/pull/1461
@Pavan-Nambi made their first contribution in https://github.com/crytic/slither/pull/1546
@webthethird made their first contribution in https://github.com/crytic/slither/pull/1504

Full Changelog: https://github.com/crytic/slither/compare/0.9.1...0.9.2

- Python
Published by 0xalpharush about 3 years ago

slither-analyzer - v0.9.1

0.9.1 - 2022-11-03

This release contains several bug fixes, and a new tool - slither-doctor - to help debugging slither.

We would like to thank all our external contributors: - @emretepedev - @JorgeAtPaladin - @mds1 - @medariox - @PatrickAlphaC - @zhiqiangxu

Added

slither-doctor: a new tool to help diagnose issues with Slither (https://github.com/crytic/slither/pull/1384)

Changed

Add contract types in constant optimization detector (https://github.com/crytic/slither/pull/1443)
Remove redundant calls (https://github.com/crytic/slither/pull/1434)
Missing text in solc version recommendation (https://github.com/crytic/slither/pull/1406)
slither-flat support for top level objects (#1441 )

Fixed

Missing inherited storage slots in slither-read-storage (https://github.com/crytic/slither/pull/1444)
Triage mode not working properly (https://github.com/crytic/slither/pull/1435)
An incorrect parsing of library events (https://github.com/crytic/slither/pull/1442)

- Python
Published by 0xalpharush over 3 years ago

slither-analyzer - v0.9.0

0.9.0 - 2022-10-05

This release contains: - 3 new detectors - Reduction of false positives in detectors - Refactoring that will help us adding new features - Breaking changes in the internal APIs - Fixes for several bugs and improvements to testing

This release moves the Python requirement to 3.8.

We would like to thank all our external contributors: - BoboTiG - CharesFang - TheStarBoys - edag94 - h00p30 - htadashi - jmhickman - pcaversaccio - plotchy - sveitser - vladyan18 - zjuchenyuan

For Foundry users: we do not support multiple compiler versions at the moment (see https://github.com/foundry-rs/foundry/issues/3450).

Refactored

The source mapping API, to ease integration with third parties (https://github.com/crytic/slither/pull/877) API breaking change
Solidity signature API (https://github.com/crytic/slither/pull/1323, https://github.com/crytic/slither/pull/1349, https://github.com/crytic/slither/pull/1356) API breaking change
slither-read-storage to make it easier to maintain (https://github.com/crytic/slither/pull/1311)

Added

Detector:
- arbitrary-send-erc20 (https://github.com/crytic/slither/pull/1025)
- arbitrary-send-erc20-permit (https://github.com/crytic/slither/pull/1025)
- domain-separator-collision (https://github.com/crytic/slither/pull/1334)
Printer
- Dominator tree (https://github.com/crytic/slither/pull/1342)
New flags
- --checklist, to produce a markdown containing slither's results (https://github.com/crytic/slither/pull/1190)
- --convert-library-to-internal in slither-flat (https://github.com/crytic/slither/issues/1298)
Hash of known codebase to detect known libraries (https://github.com/crytic/slither/pull/1134)
Support for ERC1363, ERC4524 in slither-check-erc(https://github.com/crytic/slither/pull/1274)
Solidity support
- IdentifierPath(https://github.com/crytic/slither/pull/1227)
- min/max support for enum (https://github.com/crytic/slither/pull/1276)
- Top level enum (https://github.com/crytic/slither/pull/1300)
More python type hints (https://github.com/crytic/slither/pull/1388)
Testing
- Tests for unification of path filtering across POSIX and Windows (https://github.com/crytic/slither/pull/1303)
- Detectors tests (https://github.com/crytic/slither/pull/858)
- New SSA tests (https://github.com/crytic/slither/pull/1205)
- Unit tests for new solc version (https://github.com/crytic/slither/pull/1268)
pip-audit in the CI (https://github.com/crytic/slither/pull/1243)
Improve setup.py with dev deps (https://github.com/crytic/slither/pull/1178)
New API to detect if a type is dynamicType.is_dynamic (https://github.com/crytic/slither/pull/1175)

Changed

Change the exit code returned by Slither (https://github.com/crytic/slither/pull/1278, https://github.com/crytic/slither/pull/1359) If you are using Slither in a CI, check out the new flags --fail-pedantic/--fail-high/--fail-medium/ ... and --no-fail-pedantic. The default behavior is --fail-pedantic, but this will be updated to be --no-fail-pedantic in a future release
Updated the solc-version recommendations (https://github.com/crytic/slither/pull/1389)
Remove FPs on the external-functions detectors (https://github.com/crytic/slither/pull/1318)
Remove FPs on the unprotected_upgradeable detector (https://github.com/crytic/slither/pull/1344)
Remove immutable variable from the variable order printer (https://github.com/crytic/slither/pull/1184)
too-many-digits detector: ignore checksummed address (https://github.com/crytic/slither/pull/1193)
Better python regex (https://github.com/crytic/slither/pull/1200, https://github.com/crytic/slither/pull/1185)
Improvements to the dockerfile (https://github.com/crytic/slither/pull/1242, https://github.com/crytic/slither/pull/1335, https://github.com/crytic/slither/pull/1369)
Unify path across POSIX and Windows (https://github.com/crytic/slither/pull/1196)
Improve debug info in case of name reuse (https://github.com/crytic/slither/pull/870)
Improvements to the exclude-dependencies flag (https://github.com/crytic/slither/pull/1317)
Improvements to the function-id printer (https://github.com/crytic/slither/pull/886)
Improvements to the constant parsing (https://github.com/crytic/slither/pull/1377)
Improvements to the support of virtual modifier (https://github.com/crytic/slither/pull/1387)
Use of the latest crytic-compile version (https://github.com/crytic/slither/commit/a008df72bc8ffd6b220ac775d6fd5b9048d00e1d)

Fixed

Documentation and typos (https://github.com/crytic/slither/pull/1233, https://github.com/crytic/slither/pull/1149, https://github.com/crytic/slither/pull/1239, https://github.com/crytic/slither/pull/1257, https://github.com/crytic/slither/pull/1339, https://github.com/crytic/slither/pull/1386, https://github.com/crytic/slither/pull/1394, https://github.com/crytic/slither/pull/1310)
Fail if there is not results in sarif output (https://github.com/crytic/slither/pull/1229)
Disable coloring if output is not a terminal (https://github.com/crytic/slither/pull/1244)
slither-check-erc output (https://github.com/crytic/slither/pull/1277)
Custom error with library support (https://github.com/crytic/slither/pull/1267)
IR related issues (https://github.com/crytic/slither/pull/1230, https://github.com/crytic/slither/pull/1306, https://github.com/crytic/slither/pull/1188, https://github.com/crytic/slither/pull/1348, https://github.com/crytic/slither/pull/1347)
Incorrect type in function.entry_point (https://github.com/crytic/slither/pull/1307)
contract_kind assignment (https://github.com/crytic/slither/pull/1308)
Support for user defined value (https://github.com/crytic/slither/pull/1271)
Bugs in yul parsing (https://github.com/crytic/slither/pull/1395)

- Python
Published by montyly over 3 years ago

slither-analyzer - v0.8.3

0.8.3 - 2022-04-21

This release lets users to enhance Slither through code comments (see example below), adds a new tool to read variable storage values on-chain (slither-read-storage), removes false positives in existing detectors, improves Solidity 0.8 support, and fixes several bugs. Slither also now supports Foundry.

Please use our slither-action for CI integration!

Enhancing Slither through code comments

In the following code: - @custom:security non-reentrant before the variable declaration will indicate to Slither that the external calls from this variable are non-reentrant - @custom:security write-protection="onlyOwner()" will indicate to Slither that writing to this variable must be done through onlyOwner ```solidity contract ReentrancyAndWrite{

/// @custom:security non-reentrant
/// @custom:security write-protection="onlyOwner()"
I external_contract;

modifier onlyOwner(){
    // lets assume there is an access control
    _;
}   

mapping(address => uint) balances;

function withdraw() public{
    uint balance = balances[msg.sender];

    external_contract.external_call();

    balances[msg.sender] = 0;
    payable(msg.sender).transfer(balance);
}

function set_protected() public onlyOwner(){
    external_contract = I(msg.sender);
}  

function set_not_protected() public{
    external_contract = I(msg.sender);
}

} ```

Please let us know what you think of this code comment feature! Share your ideas on Github, or join us on Slack. We're looking for new use cases and feedback.

Thanks to our contributors for this release: - @GitHubPang - @JulissaDantes - @justforfunya

Added

Enhanced analyses through code comments (https://github.com/crytic/slither/pull/1089)
slither-read-storage (https://github.com/crytic/slither/pull/968)
New printer to identify misuse of whenNotPaused (https://github.com/crytic/slither/pull/1128)
slither-action in the README (https://github.com/crytic/slither/pull/1053)
Solidity support
- user defined types (https://github.com/crytic/slither/pull/1135)
- top level variables (https://github.com/crytic/slither/pull/1032)
- string.concat (https://github.com/crytic/slither/pull/1086)
- .offset/length in yul (https://github.com/crytic/slither/pull/1085)
- unary operation on constant (https://github.com/crytic/slither/pull/1094)
Support for ERC4626, 2612 in slither-check-erc (https://github.com/crytic/slither/pull/1111)
pip-audit in the CI (https://github.com/crytic/slither/pull/1006)
Template for github issue (https://github.com/crytic/slither/pull/1044, https://github.com/crytic/slither/pull/1083)

Improved

Remove FPs in detectors:
- dead-code (https://github.com/crytic/slither/pull/1040)
- Reentrancy in constructor (https://github.com/crytic/slither/pull/1048)
- reentrancy-no-eth staticall (https://github.com/crytic/slither/pull/1119)
- unprotected-upgrade (https://github.com/crytic/slither/pull/1046, https://github.com/crytic/slither/pull/1122)
Solidity support
- custom error lookup (https://github.com/crytic/slither/pull/1156)
- Function lookup for bytes (https://github.com/crytic/slither/pull/1163)
- ternary operator (https://github.com/crytic/slither/pull/1162)
- Top-level structure with import (https://github.com/crytic/slither/pull/1068)
- Top level with custom error (https://github.com/crytic/slither/pull/1131)
Notification when the config file is missing (https://github.com/crytic/slither/pull/1041, https://github.com/crytic/slither/pull/1054)
Github super linter improvements (https://github.com/crytic/slither/pull/1023, https://github.com/crytic/slither/pull/1045, https://github.com/crytic/slither/pull/1088, https://github.com/crytic/slither/pull/1157)
slither-check-erc output (https://github.com/crytic/slither/pull/1016)
Typo in missing zero validation detector (https://github.com/crytic/slither/pull/1037)
slither-prop support for builder (https://github.com/crytic/slither/pull/712)
Improved to the Echidna printer (https://github.com/crytic/slither/pull/878, https://github.com/crytic/slither/pull/1132)
Improve determinism for detector results (https://github.com/crytic/slither/pull/1049)
Python type hint (https://github.com/crytic/slither/pull/1055)
Unit tests for the AST parsing (https://github.com/crytic/slither/pull/1069, https://github.com/crytic/slither/pull/1118, https://github.com/crytic/slither/pull/1101)
Auto install of solc versions in the CI (https://github.com/crytic/slither/pull/1073)
Show ignored findings by default for the checklist (https://github.com/crytic/slither/pull/1082)
Typo in slither-mutate (https://github.com/crytic/slither/pull/1104)
Move to f-strings (https://github.com/crytic/slither/pull/1107, https://github.com/crytic/slither/pull/1110)
Multiple minors improvements to slither-flat (https://github.com/crytic/slither/pull/1125)
Prioritize ignore comment over exclude dependencies (https://github.com/crytic/slither/pull/1120)
Windows support (https://github.com/crytic/slither/pull/1065, https://github.com/crytic/slither/pull/1137)
Crytic-compile@0.2.3 - which adds Foundry support

Fixed

Missing json output for printers https://github.com/crytic/slither/pull/1012
Infinite loop in the RTLO detector (https://github.com/crytic/slither/pull/1108)
Infinite recursion in show_ignore_findings (https://github.com/crytic/slither/pull/1092)

- Python
Published by montyly almost 4 years ago

slither-analyzer - v0.8.2

0.8.2 - 2021-12-10

This release adds two new detectors that catch recent vulnerabilities in SushiSwap and Opyn vulnerabilities, and significantly improves Solidity 0.8 support (including top-level functions, custom errors, and immutable variables). Additionally, the code objects have now scope-file information, which improves Slither on codebases where contract or structure name are repeated.

For their contributions, we would like to thank: - @htadashi, - @bearpebble, - @jesus-eff, - and @axic for his numerous bugs reports.

Added

Two new detectors
- delegatecall inside a loop (https://github.com/crytic/slither/pull/992) (SushiSwap vuln)
- msg.value inside a loop (https://github.com/crytic/slither/pull/991) (Opyn vuln)
Support for top-level functions (https://github.com/crytic/slither/pull/945, https://github.com/crytic/slither/pull/949, https://github.com/crytic/slither/pull/987)
Support for immutable variables (https://github.com/crytic/slither/pull/946)
Support for custom errors (https://github.com/crytic/slither/pull/947)
Info on how synchronize with crytic-compile in the contributing guidelines (https://github.com/crytic/slither/pull/994)

Changed

Improve calls-loop detector (https://github.com/crytic/slither/pull/925)
Improve costly-loop detector (https://github.com/crytic/slither/pull/926)
Improve support for units and globally available variables (https://github.com/crytic/slither/pull/985)
Improve strict-equality detector (https://github.com/crytic/slither/pull/952)
Add a function_language property to the function to determine if its a Solidity or Yul function (https://github.com/crytic/slither/pull/987)
Validate inputs of --markdown-root flag (https://github.com/crytic/slither/pull/988)
Refactor the core objects to contain a file scope (https://github.com/crytic/slither/pull/990). This contains breaking changes
Update Solidity version recommendations (https://github.com/crytic/slither/pull/999)

Fixed

Docker build (https://github.com/crytic/slither/pull/967)
call-graph printer output (https://github.com/crytic/slither/pull/973)
slither-flat --convert-external and --convert-private flags (https://github.com/crytic/slither/pull/964)
Broken wiki link (https://github.com/crytic/slither/pull/986)
Multiple minor fixes (https://github.com/crytic/slither/pull/996, https://github.com/crytic/slither/pull/997)

- Python
Published by montyly about 4 years ago

slither-analyzer - v0.8.1

0.8.1 - 2021-08-16

This release adds the SARIF support, which allows Slither to report issues through Github code scanning app. The github action will be released soon. In addition, the release brings many small issues and improvements to the detectors and tools.

We would like to thank our external contributors: - @enderphan94 - @noahlitvin - @bernard-wagner

Added

Sarif support (https://github.com/crytic/slither/pull/918).
slither-check-erc add ERC1155 support (https://github.com/crytic/slither/commit/34a4ae1c2e2c9f2706319e85d59e431d4c57b62b)
Slither Rekt list (https://github.com/crytic/slither/commit/a2c5714238be910bd9ca2f26eab311acddaa48aa)
More type hints (https://github.com/crytic/slither/pull/906)

Changed

slither-check-upgradeability: improve heuristics to detect init functions (https://github.com/crytic/slither/pull/853)
is_protected heuristic (https://github.com/crytic/slither/pull/855)
Improve Abiencoderv2 detector (https://github.com/crytic/slither/pull/848)
Multiple minor improvements in https://github.com/crytic/slither/pull/856
Trophies.md list
Remove crytic.io notice (https://github.com/crytic/slither/commit/889d537dda0987ecc37de85a2e629580765c0d49)
Use crytic-compile@0.2.1, which adds BSC support, and fixes multiple bugs

Fixed

Bug in variable order printer (https://github.com/crytic/slither/pull/849)
Wrong type in contract.py (https://github.com/crytic/slither/pull/869)
Wrong wiki links (https://github.com/crytic/slither/pull/876)
calldata support (https://github.com/crytic/slither/pull/907)

- Python
Published by montyly over 4 years ago

slither-analyzer - v0.8.0

0.8.0 - 2021-05-07

This release significantly improves the support for Solidity 0.8 and adds detectors for 'unused-return-transfers', 'dead-code', and 'write-after-write'. Slither now supports multiple compilation units which solves many issues when using hardhat.

Thanks @sobolev-igor for his contribution!

Added

Support for multiple compilation units (https://github.com/crytic/slither/pull/823) (breaking changes)
Support for nodes scope in the IR (https://github.com/crytic/slither/pull/836) (breaking changes)
Support for block.chainid (https://github.com/crytic/slither/pull/821/files)
Support for .slot / .offset in YUL (https://github.com/crytic/slither/pull/833)
Detectors
- unused-return-transfers - specialization of the unused-return to help flagging dangerous tokens transfers (https://github.com/crytic/slither/pull/822)
- dead-code (https://github.com/crytic/slither/pull/838)
- write-after-write (https://github.com/crytic/slither/pull/841)

Changed

Improve checklist format (https://github.com/crytic/slither/pull/819)
Remove global variables (https://github.com/crytic/slither/pull/828)
Restructure tests folder (https://github.com/crytic/slither/pull/825)
Improve constant folding (https://github.com/crytic/slither/pull/830)
Improve AST parsing test (https://github.com/crytic/slither/pull/832)
Use pylint 2.8.2 (https://github.com/crytic/slither/pull/798)
Use crytic-compile 0.2.0 (https://github.com/crytic/crytic-compile/releases/tag/0.2.0)

Fixed

Type parsing for Solidity 0.8 (https://github.com/crytic/slither/pull/817)
Incorrect type conversion on library lookup (https://github.com/crytic/slither/pull/827)
Multiple minor fixes introduced since 0.7.1 (https://github.com/crytic/slither/pull/842)

- Python
Published by montyly almost 5 years ago

slither-analyzer - v0.7.1

0.7.1 - 2021-03-29

This release improves the controlled-array-length/solc-version detectors.

We are now listing the public bugs found by Slither in our Trophies list. Please contribute if you found vulnerabilities using Slither. It will help us to improve the tool!

We are currently investigating issues with hardhat support (https://github.com/crytic/crytic-compile/issues/164). In the meantime, hardhat should be considered only partially supported.

Thank @gnattishness for his contribution to this release!

Added

List of public vulnerabilities found by slither (https://github.com/crytic/slither/pull/764)
Gwei support (https://github.com/crytic/slither/pull/799)
Better support for Solidity 0.8 IdentifierPath (https://github.com/crytic/slither/pull/815)

Changed

Uninitialized local/state variable doc (https://github.com/crytic/slither/pull/801)
Support for stop() in yul (https://github.com/crytic/slither/pull/802)
Solc versions recommendations (https://github.com/crytic/slither/pull/812)
Remove false positive on controlled-array-length detector (https://github.com/crytic/slither/pull/813)
crytic-compile 0.1.13

Fixed

Incorrect function._can_send_eth (internal) (https://github.com/crytic/slither/pull/747, https://github.com/crytic/slither/pull/756, https://github.com/crytic/slither/pull/758)
Inheritance graph output (https://github.com/crytic/slither/pull/729, https://github.com/crytic/slither/pull/766)
Bug for top-level user-defined types (https://github.com/crytic/slither/pull/786)
slither-flat entry point (https://github.com/crytic/slither/pull/791)
Source mapping for parameter/return in function definition (https://github.com/crytic/slither/pull/800)
Multiple issues with the Echidna printer (https://github.com/crytic/slither/pull/763)
Support for standalone return; statement with solc > 0.7 (https://github.com/crytic/slither/pull/796)
Signed integer type propagation (https://github.com/crytic/slither/pull/810)

- Python
Published by montyly almost 5 years ago

slither-analyzer - v0.7.0

0.7.0 - 2020-12-18

This release contains 26 new detectors, including a detector for a recent bug in Aave (unprotected-upgrade), deletion of mapping with structures (mapping-deletion), lack of events (events-access, event-maths), a shift-related issue on YUL (incorrect-shift), modifiers that can return the default value (incorrect-modifier), and multiple informational and compiler-related bugs. Additionally, it introduces the triage of results using inline comments. Use // slither-disable-next-line DETECTOR_NAME before a statement to disable the detector. Finally, we added the support for Solidity top-level objects.

We would like to thanks @josh-richardson for his contributions to the inline comment feature.

Added

26 detectors (#725, https://github.com/crytic/slither/pull/732, https://github.com/crytic/slither/pull/736)
- abiencoderv2-array
- array-by-reference
- assert-state-change
- controlled-array-length
- costly-loop
- events-access
- events-math
- function-init-state
- incorrect-modifier
- incorrect-unary
- incorrect-shift
- mapping-deletion
- missing-inheritance
- missing-zero-check
- multiple-constructors
- public-mappings-nested
- redundant-statements
- reused-constructor
- similar-names
- storage-array
- unimplemented-functions
- uninitialized-fptr-cst
- unprotected-upgrade
- variable-scope
- weak-prng
Inline comment to suppress findings (#724)
(Partial) support for Solidity top-level objects (#728) API BREAKING CHANGE. All the related objects are now split between ObjectContract and ObjectTopLevel (ex: FunctionContract and FunctionTopLevel)

Changed

Use crytic-compile@0.1.12

Fixed

Printers filename related issues (#729, #726)

- Python
Published by montyly about 5 years ago

slither-analyzer - v0.6.15

0.6.15 - 2020-12-07

This release adds several performance optimizations to Slither. From our limited benchmark on codebases where Slither takes more than 1 minute to run, the optimizations lead to 2x improvements on average and up to x14 in certain cases. We also fixed an indeterministic detector output issue that could interact poorly with CIs and improved legacy AST support. Finally, we made improvements to slither-prop.

Thanks to @elenadimitrova for helping us debug the indeterministic detector output issue.

If you want access to additional detectors, try Crytic. It has 96 total vulnerabilities detectors.

Addded

Hidden --perf flag (debug) (https://github.com/crytic/slither/pull/701)

Changed

Optimizations
- Use of get_line_from_offset from crytic-compile (see crytic-compile@0.1.11 release note). It impacts codebase with a large number of files
- Memoization for properties that are frequently used (https://github.com/crytic/slither/pull/703). It impacts all the codebases
- Rewrote the immediate dominator (https://github.com/crytic/slither/pull/705). It impacts functions with complex cfg
- Rewrote the fixpoint on the data dependencies (https://github.com/crytic/slither/pull/707). It impacts functions for which the fixpoint is difficult to reach
Use of crytic-compile@0.1.11. Among others, this improves hardhat and dapp support.
Multiple improvements to slither-prop (https://github.com/crytic/slither/pull/693, https://github.com/crytic/slither/pull/713)

Fixed

Removed recursion in divide-before-multiply (https://github.com/crytic/slither/pull/706)
Indeterministic output for multiple detectors (https://github.com/crytic/slither/issues/486). This might lead previously triaged results to appear again (the finding IDs can have been affected)
Parsing of comments in legacy ast for Solidity 0.6.3 - 0.6.10 (https://github.com/crytic/slither/pull/720). This mostly impacts dapp codebases.

- Python
Published by montyly about 5 years ago

slither-analyzer - v0.6.14

0.6.14 - 2020-11-12

This release improves support for Solidity 0.7 and fixes many bugs. We moved all our tests to pytest and significantly improved our parsing test coverage to help support multiple versions of Solidity.

If you'd like to help us improve Slither, please answer our user survey.

Additionally, we recently hosted a community call where we went through Slither's codebase, and showed its different components (see the recording).

Finally, we would like to thank our contributors for reporting issues and helping us improve Slither: - @sobolev-igor - @moodysalem - @mrice32 - @gorgos
- @f97 - @token-joe

Added

Support for type(X).min/max (https://github.com/crytic/slither/pull/673)
Extensive parser tests (https://github.com/crytic/slither/pull/635, https://github.com/crytic/slither/pull/659, https://github.com/crytic/slither/pull/682, https://github.com/crytic/slither/pull/660)

Changed

Refactor existing detectors test suit to use pytest (https://github.com/crytic/slither/pull/656)
Use crytic-compile@0.1.10. This includes hardhat support, and improvements for waffle and buidler.
Support for comparison between function pointers (https://github.com/crytic/slither/pull/618)
Use black 19.10b0 instead of latest for Github's Super Linter (https://github.com/crytic/slither/pull/680)
IR push conversion (https://github.com/crytic/slither/pull/625)

Fixed

Multiple solc 0.7 parsing issues (https://github.com/crytic/slither/pull/630, https://github.com/crytic/slither/pull/642, https://github.com/crytic/slither/pull/654)
Use unique variable names for YUL variables (https://github.com/crytic/slither/pull/648)
CFG printer filename generation (https://github.com/crytic/slither/pull/633)
Loop CFG recovery issues (https://github.com/crytic/slither/pull/655)
Correctly link between nodes in the variables constructor step (https://github.com/crytic/slither/pull/632)
Wiki link for naming convention (https://github.com/crytic/slither/pull/651)
Minor Python types issues (https://github.com/crytic/slither/pull/653)

- Python
Published by montyly over 5 years ago

slither-analyzer - v0.6.13

0.6.13 - 2020-09-08

This releases improves support for Solidity 0.6, adds partial support for YUL, and fixes many bugs. Internally, we improved the parsing architecture, easing the addition of a new parser and added type annotations. Additionally, slither now runs GitHub super-linter, and the regression tests were improved (see the new CONTRIBUTING.md guidelines).

We also want to thanks our contributors for reporting issues, and helping to improve Slither: - @elenadimitrova - @elopez - @PriyankaBose - @Pet3ris

If you want access to additional detectors, try Crytic. It now has 96 detectors, including 2 YUL specific detectors.

Added

Add partial, experimental YUL support (https://github.com/crytic/slither/pull/502, https://github.com/crytic/slither/pull/575, https://github.com/crytic/slither/pull/617). YUL AST is parsed and converted into slithIR. Raw memory access are not supported. Solidity 0.6 is required to enable YUL support.
Improve 0.6 support:
- Add support for C{value:1} syntax (https://github.com/crytic/slither/pull/498)
- Add support for top level structures and enums (https://github.com/crytic/slither/pull/499, https://github.com/crytic/slither/pull/522)
Add support for type(I).interfaceId (https://github.com/crytic/slither/pull/497)
List external publications (https://github.com/crytic/slither/pull/512)
Github super linter, and lgtm (https://github.com/crytic/slither/pull/614, https://github.com/crytic/slither/pull/620, https://github.com/crytic/slither/pull/626)
Added new tool: slither-mutator. PoC of fault injection based on Using Fault Injection to Assess Blockchain Systems in Presence of Faulty Smart Contracts

Internal

Add type annotations (https://github.com/crytic/slither/pull/514)
Add storage layout information (https://github.com/crytic/slither/pull/507, https://github.com/crytic/slither/pull/540)
Add --disallow-partial flag (https://github.com/crytic/slither/pull/560). This hidden flag will prevent Slither from catching exceptions, and simplify debugging
Add support for function pointers in the RETURN operator (https://github.com/crytic/slither/pull/601)

Changed

Copy editing on detectors (https://github.com/crytic/slither/pull/572)
Use crytic-compile@0.1.9
Improve human-summary printer (https://github.com/crytic/slither/pull/477, https://github.com/crytic/slither/pull/478)
Improve dupplicate name report (https://github.com/crytic/slither/pull/489)
slither-flat: Improve utf8 support and mapping/array lookup (https://github.com/crytic/slither/pull/494)
Filter contract to contract_declarer in call graph printer (https://github.com/crytic/slither/pull/491)
Several improvements in slither-flat, including new strategies, json/zip export (https://github.com/crytic/slither/pull/496). Read the new documentation.
Add check on public state variables in slither-erc (https://github.com/crytic/slither/pull/528)
suicidal detector: add detection on external functions (https://github.com/crytic/slither/issues/527)
Add padding to function id printer (https://github.com/crytic/slither/pull/546)
Update the recommended Solidity version in the solc-version detector (https://github.com/crytic/slither/pull/577). This might result in disabling triaged solc-version results with Slither < 0.6.13

Internal

Change the parsing architecture: parser objects are separate objects and do not inherit from the core. This will ease the creation of new parsers (https://github.com/crytic/slither/pull/514)
Improve support for tuple (https://github.com/crytic/slither/pull/536, https://github.com/crytic/slither/pull/539, https://github.com/crytic/slither/pull/541, https://github.com/crytic/slither/pull/548, https://github.com/crytic/slither/pull/563, https://github.com/crytic/slither/pull/564, https://github.com/crytic/slither/pull/576)
Improve abi.decode support (https://github.com/crytic/slither/pull/475, https://github.com/crytic/slither/pull/548, https://github.com/crytic/slither/pull/551, https://github.com/crytic/slither/pull/567, https://github.com/crytic/slither/pull/598)
Temporary array slice support (https://github.com/crytic/slither/pull/550)
Allow converting library to address (https://github.com/crytic/slither/pull/561)
Allow total ordering on Constant (https://github.com/crytic/slither/pull/565)
Improve fixpoint on are_variables_written (https://github.com/crytic/slither/pull/480)
Improve support for type() (https://github.com/crytic/slither/pull/569)
Increase the default python stack depth limit (https://github.com/crytic/slither/pull/599)
Refactor regression tests (https://github.com/crytic/slither/pull/610)

Fixed

Fix incorrect sons information on loop (https://github.com/crytic/slither/pull/524)
Fix numpy error on slither-simil (https://github.com/crytic/slither/pull/484)
Fix infinite loop on try statements (https://github.com/crytic/slither/pull/535)
Fix incorrect parsing in case of variables name reused (https://github.com/crytic/slither/pull/538)
Linting issue (https://github.com/crytic/slither/pull/555)
Issues on this. usage (https://github.com/crytic/slither/pull/600, https://github.com/crytic/slither/pull/623)
Out of memory on large exponent (https://github.com/crytic/slither/pull/608)
All pylint issues (https://github.com/crytic/slither/pull/616)
Incorrect support of using for on functions pointers (https://github.com/crytic/slither/pull/624)

- Python
Published by montyly over 5 years ago

slither-analyzer - v0.6.12

0.6.12 - 2020-04-24

This release fixes a bug that was found in 0.6.11 preventing Slither to work on several codebases. Additional this release contains several minor fixes, and support for buidler.

We would like to thanks @elenadimitrova for quickly reporting issues https://github.com/crytic/slither/issues/456 and https://github.com/crytic/slither/issues/457.

Consider using crytic.io to get access to 48 additional detectors and GitHub integration.

Added

zip export (https://github.com/crytic/slither/pull/453)

Changed

Use crytic-compile 0.1.8, which adds buidler support.
Human summary printer: run the detectors only once, and add their results to the printer's json (https://github.com/crytic/slither/pull/451)
Echidna printer: export the constant values as string to facilitate Echidna's parsing (https://github.com/crytic/slither/pull/454) [BREAKING CHANGE]

Fixed

Revert the changes made in (https://github.com/crytic/slither/pull/445) which lead to incorrectly parse functions with a contract used in a parameter (https://github.com/crytic/slither/pull/458)
Use Decimal instead of float to prevent loss of precision (https://github.com/crytic/slither/pull/454)
Echidna printer: fix incorrect support of state variable calls (https://github.com/crytic/slither/pull/455)

- Python
Published by montyly almost 6 years ago

slither-analyzer - v0.6.11

0.6.11 - 2020-04-17

This release introduces slither-prop, a tool that will automatically generate properties to be tested through unit tests and Echidna. In this release, slither-prop can generate 18 tests for ERC20 contracts; More tests, and support for other ERCs are planned. Additionally, the support for Solidity 0.6 was improved, and the release fixes multiple minor bugs.

Consider using crytic.io to get access to additional detectors and GitHub integration.

Added

slither-prop (https://github.com/crytic/slither/pull/428). See its documentation.
New Solidity call syntax support (https://github.com/crytic/slither/pull/424)
Number of assembly lines in the human summary printer (https://github.com/crytic/slither/pull/438)
--convert-private in slither-flat, allowing to change private variables to internal (https://github.com/crytic/slither/pull/446)
API: true/false branch for IF nodes (https://github.com/crytic/slither/issues/433)

Changed

Echidna printer: several new features are extracted (https://github.com/crytic/slither/pull/431, https://github.com/crytic/slither/pull/437).
Reentrancy: better support of constant function called with Solidity 0.6 (https://github.com/crytic/slither/pull/441)
Add support for now in timestamp detector (https://github.com/crytic/slither/pull/447)

Fixed

Name reused (https://github.com/crytic/slither/pull/423)
Ternary on unary operator conversion (https://github.com/crytic/slither/pull/439)
Incorrect slithir_cfg_to_dot function (https://github.com/crytic/slither/pull/432)
Incorrect function id generated if a parameter is a contract (https://github.com/crytic/slither/pull/445)
slither-check-upgradeability: --list-detectors-json will use the field check instead of detector BREAKING CHANGE

- Python
Published by montyly almost 6 years ago

slither-analyzer - v0.6.10

0.6.10 - 2020-03-23

This release adds 5 new detectors, improves the support of codebase with contract's name duplicate, and the support for Solidity 0.6. Additionally, several internal improvements lead existing detectors to report less false alarms. slither-check-upgradeability was refactored and it has now 17 documented upgradeability checks.

Consider using https://crytic.io/ to get access to additional detectors and GitHub integration.

Added

5 new detectors (https://github.com/crytic/slither/pull/396)
- boolean-cst
- tautology
- boolean-equal
- divide-before-multiply
- name-reused
Codebase with contract name dupplicates will not anymore throw an error, slither will do a partial analysis and report the issue as a contract's bug (https://github.com/crytic/slither/pull/413)
Improve support for Solidity 0.6 (receive() and try/catch) (https://github.com/crytic/slither/pull/415)
New data dependencies user-API (https://github.com/crytic/slither/pull/409)
contract.functions_signatures_declared: return the signatures of the function declared in the contract (https://github.com/crytic/slither/pull/391)

Changed

Refactor slither-check-upgradeability: the checks follow the same coding pattern than the bug detectors (https://github.com/crytic/slither/pull/410)
Change how modifiers and constructor calls are integrated in the CFG. This removes false positives created because of unreachable nodes (https://github.com/crytic/slither/pull/406)
Use crytic-compile 0.1.7
Remove false positives in uninitialized-state (https://github.com/crytic/slither/pull/407)

Fixed

Incorrect get_dependencies (https://github.com/crytic/slither/pull/400, https://github.com/crytic/slither/pull/409)
Incorrect lvalue on Delete (https://github.com/crytic/slither/pull/412)
Incorrect constructor called if the contructor does not exist (https://github.com/crytic/slither/pull/416)

- Python
Published by montyly almost 6 years ago

slither-analyzer - v0.6.9

0.6.9 - 2019-12-20

This release fixes minor bugs and updates Slither to crytic-compile 0.1.6. Additionally, we moved from Travis CI to GitHub actions.

Thanks to our external contributors: - @erib3 - @uivlis - @yxliang01

Added

--remove-assert flag to slither-flat. Use this feature to write custom properties for Echidna with assert and have them automatically removed by slither-flat when the code is deployed. (https://github.com/crytic/slither/issues/366)

Changed

constant-function detector is split into constant-function-asm and constant-function-state and will not raise an issue if solc >= 0.5 is used (https://github.com/crytic/slither/pull/380)
Use GitHub Actions instead of Travis CI (https://github.com/crytic/slither/pull/381, https://github.com/crytic/slither/pull/385)
Use upper and lower bounds for the solc-version detector (https://github.com/crytic/slither/pull/378)
solc-version now recommends solc 0.5.11 over 0.5.3 (https://github.com/crytic/slither/pull/390)

Fixed

Detector ID generation leading to collisions for pragma objects (https://github.com/crytic/slither/pull/388)
FPs on event-based reentrancy (https://github.com/crytic/slither/pull/377)
Non-solidity pragma that were reported as incorrect solidity version by the pragma detector (https://github.com/crytic/slither/pull/387)
Incorrect field access on the contract-summary printer (https://github.com/crytic/slither/pull/384)

- Python
Published by montyly about 6 years ago

slither-analyzer - v0.6.8

0.6.8 - 2019-11-22

This release introduces two new utilities: slither-check-erc to check ERC conformance, and slither-check-kspec to report the coverage of a K specification. New types of reentrancy are detected (send/transfer and event-based) and several improvements were made to slither-check-upgradeability. Internally, this release introduces a new JSON output API. All printers and most of the utilities now have JSON output.

Thanks to our external contributors: - @yxliang01 - @enderphan94

Added

slither-check-erc: check for conformance to the most used ERCs https://github.com/crytic/slither/pull/350
slither-check-kspec: report K specification coverage https://github.com/crytic/slither/pull/364
Each detector result has a unique ID, allowing for duplicate removal (https://github.com/crytic/slither/pull/367)
pop to SlithIR conversion (https://github.com/crytic/slither/issues/359)
New printer: evm to print the source code that matches EVM bytecode (https://github.com/crytic/slither/pull/281)
New reentrancy detectors: send/transfer and event-based (https://github.com/crytic/slither/pull/375)

Changed

The JSON output API was replaced with a simpler and standardized API (https://github.com/crytic/slither/pull/355, https://github.com/crytic/slither/pull/362)
All the printers have JSON output (https://github.com/crytic/slither/pull/356)
slither-check-upgradeability: several improvements (https://github.com/crytic/slither/pull/354), including:
- Check for constant conformance
- Remove false positive on fallback function
- Allow the CLI to work without the proxy contract. Note: the CLI flags were changed [BREAKING CHANGE]
- JSON output
Contract summary printer: add upgradeability info (https://github.com/crytic/slither/pull/369) and remove shadowed function (https://github.com/crytic/slither/pull/353)
Docker improvements (https://github.com/crytic/slither/pull/244)
Remove false positive on uninitialized state variable detector due to delegatecall proxy (https://github.com/crytic/slither/pull/370)

Fixed

slither-flat: handle cycles (https://github.com/crytic/slither/pull/373)

- Python
Published by montyly over 6 years ago

slither-analyzer - v0.6.7

0.6.7 - 2019-10-04

This release introduces slither-format, a tool that automatically generates patches for discovered vulnerabilities, and slither-flat, which flattens the codebase. Thanks to crytic-compile, slither-flat enables contract flattening for nearly all available smart contract development frameworks.

If you like Slither, consider subscribing to crytic.io for access to additional private detectors and GitHub integrations. Follow @CryticCI for more information.

Added

slither-format: automatic patch generation. Features:
- Supports issues discovered by the unused-state, solc-version, pragma, naming-convention, external-function, constable-states, and constant-function detectors.
- Generates git patches
- JSON integration
slither-flat: flatten a codebase. Features:
- --contract contract_name: outputs only the contracts necessary to compile contract_name
- --convert-external: converts an external function to public. This is meant to help developers use Echidna.
Echidna printer: Displays information useful for guiding fuzzing.
IR conversion for constant variables declaration (https://github.com/crytic/slither/pull/333, https://github.com/crytic/slither/pull/338)

Changed:

Update to crytic-compile 0.1.4 (which adds support for Brownie)
CLI: print the number of detectors run (https://github.com/crytic/slither/pull/322)
Dapp test: use cache to seep up travis (https://github.com/crytic/slither/pull/339)
External function detectors: merge shadowed functions (https://github.com/crytic/slither/pull/334)
Add optimization detection to human summary printer (https://github.com/crytic/slither/pull/330)
Silence reports about _echidna or _crytic properties in the naming convention detector (https://github.com/crytic/slither/pull/317)

Fixed

Incorrect parsing of infinite loops (https://github.com/crytic/slither/pull/329)
Incorrect inheritance order
Incorrect abi.decode parsing (https://github.com/crytic/slither/pull/332)

- Python
Published by dguido over 6 years ago

slither-analyzer - v0.6.6

0.6.6 - 2019-08-16

This release changes internal functions and how modifiers are represented, improves the JSON format, removes detectors' false positives, and fixes numerous bugs.

Thanks to our external contributors: - @ChrisChinchilla - @Abhimanyu121

Thanks to our users for reporting numerous bugs, in particular @elenadimitrova, @yxliang01, and @sobolev-igor.

Added

Add exclude-dependencies flag (https://github.com/crytic/slither/pull/269)
Add Optimization type and --exclude-optimization flag (https://github.com/crytic/slither/pull/265), https://github.com/crytic/slither/pull/269)
AragonOS detection (https://github.com/crytic/slither/pull/276)
New printer: constructor calls (https://github.com/crytic/slither/pull/299)

Changed

[Breaking change] Remove the instance sharing for functions and modifiers. Each function or modifier has now contract and contract_declarer properties, where contract points to the contract's instance and the contract declarer to the contract where the function was originally declared (https://github.com/crytic/slither/pull/213).
[Breaking change] Use unique JSON element per detector finding (https://github.com/crytic/slither/pull/263)
[Breaking change] Add type to JSON result and improve the log in console/file (https://github.com/crytic/slither/pull/266)
Move third parties tools to slither.tools (https://github.com/crytic/slither/pull/313)
Remove false positive in external function detector in case of parameter written (https://github.com/crytic/slither/pull/257)
Remove false positive in naming convention in case of unnamed parameters (https://github.com/crytic/slither/pull/260)
Remove false positive in naming convention for constructor (https://github.com/crytic/slither/commit/aec680c5feee219094357bef251cd07d7212411c)
Improve ternary operators support (https://github.com/crytic/slither/pull/301)
Late conversion of the subdenomination value (https://github.com/crytic/slither/pull/305)
Refactor reentrancy detector and add support for create-based reentrancy (https://github.com/crytic/slither/pull/311)

Fixed

Incorrect source mapping for if/while/for condition (https://github.com/crytic/slither/issues/245)
Incorrect variable order in printer (https://github.com/crytic/slither/pull/254)
Incorrect source mapping due to text conversion (https://github.com/crytic/slither/pull/252)
Incorrect type for constant with implicit conversion (https://github.com/crytic/slither/pull/283)
Incorrect arguments to crytic-compile (https://github.com/crytic/slither/commit/4cbe048ce71850c793006fc7858f287829b51b5a)

Note: 0.6.5 contained a bug in the reentrancy detector. Please avoid this version since it unnecessarily reported false-positives.

- Python
Published by montyly over 6 years ago

slither-analyzer - v0.6.4

0.6.4 - 2019-05-14

This release brings new detectors, several bugfixes, and a new util slither-simil, to perform code similarity. Additionally, the json output was heavily improved.

This release is also the first one compatible with our new Visual Studio Code plugin, try it out!

Thanks to your external contributors, for their work and their suggestions! @GillesdeB @sobolev-igor @yxliang01

Added

New detectors:
- ERC721 incorrect interface: erc721-interface (https://github.com/crytic/slither/pull/215)
- Conformance to numeric notation best practices: too-many-digits (https://github.com/crytic/slither/pull/216)
- Unchecked low level call: unchecked-lowlevel (https://github.com/crytic/slither/pull/230)
- Unchecked send: unchecked-send (https://github.com/crytic/slither/pull/230)
slither-simil: code similarity using machine learning (see the documentation)

Changed

Improve unused-return results (https://github.com/crytic/slither/pull/230)
Improve solc-version results https://github.com/crytic/slither/pull/240
Update to crytic-compile version 0.1.1
Add crytic-compile options to slither-check-upgradeability and slither-find-paths (https://github.com/crytic/slither/pull/231)
The json format was heavily changed. See its documentation for more details. Notable changes:
- At the top level, the json contains information about the success of the Slither's run
- Each element has 3 required information (type, name, source_mapping), and two optional ones: type_specific_fields and additional_fields
- The source_mapping has not four types of filename, as well as the column information (see Source mapping documentation
Improvement of the human summary printer: lines and contracts number, ERCs and standard libraries detection (https://github.com/crytic/slither/pull/228)
Improve parsing of Literals (https://github.com/crytic/slither/commit/fbd1ddb5fc7199aaff0a6f1dd73440b1d29f046b), and type propagation
Remove FPs on the incorrect erc20 interface dettector (https://github.com/crytic/slither/pull/215)
Clean exception handling (https://github.com/crytic/slither/pull/229)

Fixed

Re-add --solc-ast flag (https://github.com/crytic/slither/commit/12cdcc2e8783b0c7161ee9baacdc7caebe0c5928)
Incorrect function ids printer info (https://github.com/crytic/slither/pull/211)
Several minor bug fixes, including incorrect type propagation if a variable is accessed through the contract's basename (https://github.com/crytic/slither/commit/6834d4c78767d21efea51e557125066629bc3d23), add bytes.push() support (https://github.com/crytic/slither/commit/1d2997b67fc48cf6fedb43f16f027d6536c6dcf7)

- Python
Published by montyly almost 7 years ago

slither-analyzer - v0.6.3

0.6.3 - 2019-04-24

This release is the first one based on crytic-compile, the library standardizes smart contracts compilation and allows Slither to work natively on new platforms. Additionally, this release brings one new detector.

Thanks to our external contributor, @shshzi, who worked on the Right-To-Left-Override character detector

For Embark users: make sure to update embark-contract-info to 1.1.0

Added

Native support to Dapp, Etherlime, and Etherscan (see the documentation)
New detector: Right-To-Left-Override character https://github.com/crytic/slither/pull/201

Changed

Json output: source mappings contain now four filenames (absolute/relative/short/used)
The command line options now match crytic-compile options (ex: --disable-solc-warnings is renamed --solc-disable-warnings). See the crytic-compileDocumentation for more details.

- Python
Published by montyly almost 7 years ago

slither-analyzer - v0.6.2

0.6.2 - 2019-03-05

This release brings Embark native support, fixes several bugs, and improves slither-check-upgradeability.

Added

Embark support (see the documentation) (https://github.com/crytic/slither/pull/196)
Support for Solidity selector keyword (https://github.com/crytic/slither/commit/605ea7f847d52bc19f254d4c2c605d816b2d2eb9)
--truffle-build-directory flag to support custom build directory (https://github.com/crytic/slither/issues/187)

Changed

Rename slither-check-upgradability to slither-check-upgradeability (https://github.com/crytic/slither/commit/bffa59f6c516b50d74f530d832c2662698cb400c)
--ignore-truffle-compile flag renamed to --truffle-ignore-compile
Improve slither-check-upgradeability output and documentation.
API changed: Add framework detection within Slither object; the caller does not need to check for native/truffle/embark (https://github.com/crytic/slither/commit/ee1b4c251d2fe180af6c58ff2a4d3d4b5c781827)

Fixed

Incorrect source mapping computation (https://github.com/crytic/slither/pull/194)
Incorrect data dependency for return values (https://github.com/crytic/slither/pull/193)
Crash related to the support of abi.decode (https://github.com/crytic/slither/issues/177)

- Python
Published by montyly almost 7 years ago

slither-analyzer - v0.6.1

0.6.1 - 2019-03-04

This release brings a new utility: slither-find-paths to review complex codebase, adds a new check to slither-check-upgradability, and fixes minor bugs.

Added

slither-find-paths: Utility to review complex contracts (see the Finding Paths Utility Documentation)
slither-check-upgradability: Add checks on correct contract's initialization https://github.com/trailofbits/slither/issues/182
Improve Windows support https://github.com/trailofbits/slither/pull/179

Changed

Calls in loop detector: remove duplicate results ( https://github.com/trailofbits/slither/commit/39500c092e512c14c462b7e541cd887548e7b59e)
Call graph printer: export functions individually (https://github.com/trailofbits/slither/commit/833e390707e3542cd6ed907eddd8dad93523c30c)
API changed: make GENERICTAINT optional on `istainted` call https://github.com/trailofbits/slither/pull/181

Fixed

Incorrect SlithIR conversion in case of explicit base contract usage (https://github.com/trailofbits/slither/commit/8a94a6e66b6d1da7b95ce7853e3e14b52f1ed766, https://github.com/trailofbits/slither/commit/c6e090e0923eb99b39a31c03b2586010016ac764, https://github.com/trailofbits/slither/commit/b992010ee68fbb037489a98ab4c3af46276e136e)
Use referenced declaration for functions to fix reference not found (AST compact only) https://github.com/trailofbits/slither/issues/177
Fix typo in callcode https://github.com/trailofbits/slither/commit/8344c4edf371a87e50e821e1b25e419a7d4fc09c

- Python
Published by montyly almost 7 years ago

slither-analyzer - v0.6.0

0.6.0 - 2019-02-15

This release adds 3 new detectors, 5 new printers, improves the overall usability of Slither, and introduces a new tool: slither-check-upgradability to help to review upradable contracts. User and developer documentation has dramatically improved. This release brings also several bugfixes, API enhancements and lowers the rate of false positives for several detectors.

Thanks to our external contributors @cty12, @mrice32 and @ptare for their numerous bug reports.

Added

Detectors:
- erc20-interface: Incorrect ERC20 interfaces
- erc20-indexed: Un-indexed ERC20 event parameters
- deprecated-standards: Deprecated Solidity Standards
Printers:
- data-dependency: Print the data dependencies of the variables
- function-id: Print the keccack256 signature of the functions
- modifiers: Print the modifiers called by each function
- require: Print the require and assert calls of each function
- variable-order: Print the storage order of the state variables
Command line usage:
- --ignore-truffle-compile: do not run truffle compile
- --disable-color: disable output colorization
- --triage-mode: run slither in its triage mode. For every finding, Slither will ask if the result should be shown for the next run.
- --filter-paths: exclude all the results that are only related to the given paths.
- Configuration file: Slither options can be configured through a JSON file. See the documentation
slither-check-upgradability: Utility to help reviewing upgradable contracts
Dependency: require pysha3>=1.0.2

Changed:

Reduce the false alarms rates of:
- Unused variables: consider expression oustide of the functions' scope https://github.com/trailofbits/slither/issues/167
- Reentrancy: check if a call to this is reentrancy-safe + don't consider view/pure calls for Solidity >= 0.5 https://github.com/trailofbits/slither/issues/127 https://github.com/trailofbits/slither/issues/126
- Locked ether: follow libraries calls https://github.com/trailofbits/slither/issues/163
Improve Truffle integration: Slither will automatically switch to the truffle version provided in package.json (https://github.com/trailofbits/slither/issues/154)
Improve SSA conversion: Use of an interprocedural sensitive analysis (follow parameters) (https://github.com/trailofbits/slither/issues/156#issuecomment-462095241)
Improve data dependency: Compute a fix-point on function context (https://github.com/trailofbits/slither/issues/171)
Improve inheritance printer output (https://github.com/trailofbits/slither/pull/162, https://github.com/trailofbits/slither/pull/166)
Add support of staticall (https://github.com/trailofbits/slither/issues/152)

Fixed

Several minors bugs, including:
- Incorrect SSA conversion on Return (https://github.com/trailofbits/slither/commit/59af3887a4fda502d88bd0b447fc86a87fcfc012)
- is_storage property on StateVariableIR/LocalVariableIR (https://github.com/trailofbits/slither/commit/59af3887a4fda502d88bd0b447fc86a87fcfc012)
- Crash when two variables have the same name https://github.com/trailofbits/slither/issues/151
- Incorrect location for LocalVariableIR (https://github.com/trailofbits/slither/issues/143)
- Add constant folding visitor to avoid crash on expression-based length (https://github.com/trailofbits/slither/issues/144)

- Python
Published by montyly about 7 years ago

slither-analyzer - v0.5.2

0.5.2 - 2019-01-31

This release improves performance, fixes minor bugs, and simplifies the generation of our documentation.

Added

Add a vulnerability description to all the detectors, then use that to auto-generate the wiki documentation.

Changed

Improve the reentrancy heuristics: the reentrancy information is computed only one time, and its information is shared across all the reentrancy variants.
Use a cache system for the function.all_* properties
Re-add the Length SlithIR operator (https://github.com/trailofbits/slither/commit/ed7afe0049bcf3ec5b1b115e2ec62ec0bd6e3bd3)

Fixed

Incorrect read information in case of ReferenceVariable (https://github.com/trailofbits/slither/commit/1cdc34ec775a9e853a79c7fec67638e311d67b00)

- Python
Published by montyly about 7 years ago

slither-analyzer - v0.5.1

0.5.1 - 2019-01-25

This release fixes minor bugs and adds support for a handful of missing operations.

We gave a presentation about Slither during our last office hours. We discussed the framework, how it works and its future evolution. The video is available here.

Added

Support for constructors declared as a modifier and in the contract's definition (contract B is A(10){) (https://github.com/trailofbits/slither/pull/132)
Support for gas and value in dynamic function calls (https://github.com/trailofbits/slither/pull/132)
Support for ternary conversions in modifiers (https://github.com/trailofbits/slither/issues/140)
Support for hexadecimal in subdenominations (https://github.com/trailofbits/slither/pull/147)
Support for user-defined types in functions (https://github.com/trailofbits/slither/issues/136)
Support for indexed information in events (https://github.com/trailofbits/slither/commit/c0323282d65971e96b9bdf4e5825a9200447e785)

Fixed

UTF8 file encoding (https://github.com/trailofbits/slither/pull/146)
Parsing of empty do-while loop (https://github.com/trailofbits/slither/issues/133)

- Python
Published by montyly about 7 years ago

slither-analyzer - v0.5.0

0.5.0 - 2019-01-14

This release adds support for static single assignment (SSA) to SlithIR for both local and state variables. The use of SSA facilitates the tracking data dependencies and will enable more precise detectors. There are three new detectors: incorrect-equality, shadowing-builtin, shadowing-local, and one new printer: cfg. Detection of reentrancy was improved and now has three levels of severity. This release also includes bugfixes and lowers the rate of false positives for several detectors.

Thanks to our external contributors @mrice32 and @ptare for their numerous bug reports.

Added

Detectors:
- incorrect-equality: Dangerous strict equalities, such as this.balance == 0 ether.
- shadowing-builtin: Shadowing of builtin symbols
- shadowing-local: Local variables shadowing the contract's elements
SSA on SlithIR:
- Add Phi operator
- Add LocalIRVariable and StateIRVariable (they contain the SSA index)
- Follow Cooper, Harvey, Kennedy to compute minimal SSA
- Add additional Phi operators at function entrance and after external calls to handle state variables
- Alias Analysis to track storage references
- Integrate alias analysis info into the SSA engine for precise SSA construction (note there is a limitation: alias analysis is not yet interprocedural and has no support for functions returning a storage reference)
Add new printer: cfg, which exports the CFG of each function (8452b32)
Add dominators information
- List of dominator nodes
- Dominator tree
- Dominance frontier

Changed

The reentrancy detector is split into three variants to facilitate the triage of results:
- reentrancy-eth: theft of ether and read before writing (high severity)
- reentrancy-no-eth: no theft of ether and read before writing (medium severity)
- reentrancy-benign: no read before writing (low severity)
The data dependency is now computed using the SSA
Multiple new contract and function helpers (b549a3e, 57a0918, a704635)
Improve subdenomination support (ether, wei, days, ..) bdca730
Lower false positive for several detectors:
- locked-ether: #114
- external-function: #118
- constable-states: fc4ac0c

Bugfixes

Incorrect return nested array #121,
Support for empty tuple in return 7813fdf
Support for implicit uint256->int256 conversion on function matching #120
Support ternary in return statement #115

- Python
Published by montyly about 7 years ago

slither-analyzer - v0.4.0

0.4.0 - 2018-12-14

This release brings 4 new detectors, improves the support for Solidity >=0.5, and fixes several minor issues.

Thanks to our external contributors!

@adamhos @mattaereal @mihairaulea

Added

New detectors:
- shadowing-state: Detect state variables shadowed
- shadowing-abstract: Detect state variables shadowed from abstract contracts
- timestamp: Detect dangerous usage of block.timestamp
- calls-loop: Detect dangerous calls inside a loop
--trufle-version version flag: Allow to install and run a local version of truffle (#105)
- slither --truffle-version truffle@beta . : Run truffle with Solidity 0.5
- slither --truffle-version truffle@4.1.14 . : Run truffle with Solidity 0.4

Changed

Improve Solidity 0.5.0 and 0.5.1 support (#102)
Json output format (#108)

Fixed

Variable unpacking issue for the contract printer (#104)
Multiple minor parsing bugs (#98, #99, #100)
Incorrect do-while recovery (#97)
SlithIR: incorrect return tuple conversion (#89)

- Python
Published by montyly about 7 years ago

slither-analyzer - v0.3.1

0.3.1 - 2018-12-03

This release fixes minor bugs and improves the json output.

Changed

Improve json ouput:
- Add helpers to abstract_detector
- Use more detailed output for each detector and more precise source mapping information
- Document the json: https://github.com/trailofbits/slither/wiki/JSON-output
Add support for Truffle projects using a truffle-config.js file instead of truffle.js
Fix incorrect slithIR conversion for mapping of mapping (#83)
Fix minor bugs (remove duplicate constructors, fix incorrect is_implemented attribute in Modifier)

- Python
Published by montyly about 7 years ago

slither-analyzer - v0.3.0

0.3.0 - 2018-11-20

This release brings 4 new detectors, 1 new printer, improved UX, and several bug fixes.

Thanks to the Ethereum Community Fund for funding Gitcoin bounties!

Thanks also to our external contributors! @anukul @benstew @rmi7 @Rluijk @Samparsky

Added

New detectors:
- controlled-delegatecall: Detect user-controlled delegatecall destination
- constant-function : Detect constant functions that change state
- uninitialized-local : Detect uninitialized local variables
- unused-return-value : Detect unused return values
New printer:
- human-summary: Print a human readable summary of the contracts

Changed

Refactored the output of the detectors:
- Bug descriptions are more verbose
- Add line number information
- Create vulnerability descriptions with short descriptions, exploit scenarios, and recommendations
Refactored unit tests to output to JSON
Simplified integration with Truffle (slither now runs truffle compile automatically when applied to a Truffle directory)

Recommendation

Use the constant-function detector to ensure correct interactions between contracts compiled with Solidity <0.5 and >=0.5

- Python
Published by montyly over 7 years ago

slither-analyzer - v0.2.0

0.2.0 - 2018-10-30

This release brings 2 new detectors, 2 new printers, integration with Truffle, and enhancements to SlithIR and the detector API.

Thanks to the Ethereum Community Fund for funding many Gitcoin bounties!

Thanks also to our external contributors! @cryptomental @evgeniuz @pvgupta24 @redshark1802 @samparsky

Added

Truffle integration. Slither can be run on a Truffle directory: truffle compile && slither .
new detectors:
- constable-states: Detect state variables that could be declared constant
- external-function: Detect public functions that could be declared as external
new printers:
- call-graph: Export the call-graph of the contracts to a dot file
- inheritance: Print the inheritance relations between contracts
Support for solc's compact AST

Changed

The original inheritance printer is now called inheritance-graph
Command line arguments are easier to use
SlithIR bugfixes and improvements
Internal API changes: https://github.com/trailofbits/slither/pull/58

- Python
Published by montyly over 7 years ago

slither-analyzer - v0.1.0

First public release of slither

Features

Detects vulnerable Solidity code with low false positives
Identifies where the error condition occurs in the source code
Easy integration into continuous integration pipelines
Built-in 'printers' quickly report crucial contract information
Detector API to write custom analyses in Python
Ability to analyze contracts written with Solidity >= 0.4
Intermediate representation (SlithIR) enables simple, high-precision analyses

- Python
Published by montyly over 7 years ago

Recent Releases of slither-analyzer

slither-analyzer - 0.11.3

What's Changed

slither-analyzer - 0.11.2

What's Changed

slither-analyzer - 0.11.1

What's Changed

New Contributors

slither-analyzer - 0.11.0

What's Changed

New Contributors

slither-analyzer - 0.10.4

What's Changed

New Contributors

slither-analyzer - 0.10.3

What's Changed

New Contributors

slither-analyzer - 0.10.2

0.10.2 - 2024-04-08

New Features

Bug Fixes

Enhancements

New Contributors

slither-analyzer - 0.10.1

0.10.1 - 2024-02-29

What's Changed

New Features

Bug Fixes

Enhancements

New Contributors

slither-analyzer - 0.10.0

0.10.0 - 2023-10-18

What's Changed

New Features:

Breaking Changes:

Enhancements:

Bug Fixes:

Continuous Integration and Dependencies:

New Contributors

slither-analyzer - v0.9.6

0.9.6 - 2023-07-06

What's Changed

New Contributors

slither-analyzer - v0.9.5

0.9.5 - 2023-06-28

What's Changed

slither-analyzer - v0.9.4

0.9.4 - 2023-06-26

Added

Changed

Fixed

New Contributors

slither-analyzer - v0.9.3

0.9.3 - 2023-03-20

Added

Changed

Fixed

New Contributors

slither-analyzer - v0.9.2

0.9.2 - 2023-01-11

Added

Changed

Fixed

New Contributors

slither-analyzer - v0.9.1

0.9.1 - 2022-11-03

Added

Changed

Fixed

slither-analyzer - v0.9.0

0.9.0 - 2022-10-05

Refactored

Added

Changed

Fixed

slither-analyzer - v0.8.3

0.8.3 - 2022-04-21

Enhancing Slither through code comments

Added

Improved