fix
spherex Blog

Working with Slither for Fun, for Profit, or for Useful Information

3 min read ・ Sep 30, 2024 ・by Shira Shalev

Slither is a powerful static analysis framework for Solidity and Vyper smart contracts, created by trail of bits and written in Python. It provides comprehensive tools for identifying vulnerabilities, understanding contract structures, and prototyping custom analyses.

Beyond Security Audits: Analyzing Smart Contracts with Slither

Slither's utility extends beyond vulnerability detection. While most users leverage Slither for security audits, it also offers valuable insights that can be visualized to enhance your understanding of smart contract architecture. By leveraging its output, you can analyze the desired smart contract.

When Slither analyzes a Solidity project, it constructs an abstract representation of the code by identifying and cataloging all the contracts and their components. Each contract is represented as a node in the tree. For example, if a contract Token inherits from another contract ERC20, Token and ERC20 become nodes in this tree, with an edge connecting Token to ERC20 to indicate inheritance. This relationship helps visualize how contract functionality is built upon or extended.

Furthermore, Slither enriches each node with valuable metadata. For instance, nodes corresponding to functions might include details about their visibility (e.g., public, external), mutability (e.g., view, pure), and whether they modify the contract state. This information is critical for understanding the contract’s behavior and security characteristics. For example, a function node for transfer in a Token contract will include its function signature, visibility, and any security annotations, such as whether it is subject to reentrancy attacks or has access control modifiers.

Example: Visualizing Contract Inheritance

One powerful way to utilize Slither is by visualizing the inheritance structure of your smart contracts. This can help you understand how different contracts are related and identify potential issues with contract composition.

Here’s a python script that create a visual graph of your protocol’s smart contracts inheritance:

Let’s use it step-by-step:

For this example we will be using https://github.com/OlympusDAO/olympus-contracts

  1. Before running the script, ensure you have the python installed:
  2. Clone this repository
  3. Install required Python packages
  4. Change the target_path variable to the path to your protocol
  5. Run script

Extract Contract Data

Use Slither’s Python API or JSON output to extract contract details.

Example Chart output:

The full chart can be found here

Slither provides more than just inheritance data. You can also create charts for functions, modifiers, and other aspects of your smart contracts.

Conclusion

Slither is not only a tool for detecting vulnerabilities but also a powerful framework for gaining deeper insights into your smart contracts. By leveraging its output, you can create various charts and visualizations that provide a clearer understanding of contract structures, relationships, and metrics. Whether you're analyzing contract inheritance or visualizing function metrics, Slither offers a wealth of information to enhance your development and analysis workflows.

Additional links

Conclusion

About the author

Shira Shalev
Software Developer
Follow

Shira has over 6 years of experience in software development. Before joining spherex, Shira served in an elite Israeli intelligence unit leading teams in software development.

Tags
spherex Blog
Continue your reading with these value-packed posts
spherex Blog
DORA: The New Guardian of Digital Finance
DORA mandates cybersecurity measures, including risk management and incident reporting, for smart contract owners, ensuring compliance.
Read more
next icon
4 min read ・ Sep 05, 2024 ・by Eilon Morag
spherex Blog
MiCA: The Regulatory Wave Reshaping Crypto's Future
MiCA is a comprehensive EU regulation that mandates compliance in crypto, affecting smart contracts and blockchain-based operations
Read more
next icon
4 min read ・ Sep 05, 2024 ・by Eilon Morag
News
Why Crypto Protocols Need Preventative Tools to Mitigate Attacks
Monitoring and audits aren't enough to avoid hacks: Spherex Technologies CEO Eyal Meron explains why crypto protocols must rethink security.
Read more
next icon
3 min read ・ Sep 05, 2024 ・by

Get Bulletproof Protection From Web3 Zero-Day Attacks

Image