Skip to content

crytic/slither-workshop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
detectors
detectors
 
 
evaluation
evaluation
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 
slides.pdf
slides.pdf
 
 

Repository files navigation

Slither secureum workshop

The goals of this workshop are to:

  • Learn about Slither's API
  • Write your first detectors
  • Experiment with writing new detectors rules
  • Experiment with how to evaluate static analyzers

Detector list

For each detector:

  • Use the example.sol file in the evaluation/NAME directory
  • Create more test cases, and try your detector on various codebases
  • Highlight any edge-case that is properly detected by your detector in its documentation
ID Name What it detects Examples
0 unused-event Events that are not used example.sol
1 isContract Incorrect isContract function/modifier example.sol
2 divide-by-total-supply Division by the total supply example.sol
3 storage-read Unnecessary storage read example.sol
4 mul-reduction Mul can be replaced by add example.sol
5 copy-propagation Costly operations can be replaced example.sol
6 read-only-reentrancy Read only vulnerability No example provided
7 NAME1 Your own detector :) N/A
8 NAME2 Your own detector :) N/A
9 NAME3 Your own detector :) N/A

The list does not follow a particular order. The read-only-reentrancy is considered as the most challenging detector to write (you might take inspiration from the existing detectors). We would recommend trying to write your own detector's idea after writing 2-3 of the provided ones.

Judging criteria

  • Novelty and complexity handling
  • False alarms rate
  • Code quality
  • Test quality

Setup

  • Fork this repo
  • Update the detectors in detectors/NAME/detector_name.py
    • For a new detector, update detectors/all_detectors.py to import the class
  • Add more tests in evaluation/NAME/. Ensure the code compile with solc 0.8.20 (if another version is needed, precise it)

Python tips

  • Use a python virtual environement.
  • From the virtual env, run pip install -e .. This will add the detectors in slither.
  • You can then run you new detector with slither path/to/file.sol --detect NAME

Ask in discord if you have problems

Submission

Send your fork of this repo to [email protected] by Sunday 23th end of day (no timezone requirement):

  • Either with a zipfile
  • Or if you use a private github repo, add montyly to the repo

You can provide a readme with any relevant details (ex: highligting specific edge case handled, showing the different tests)

References

About

Slither workshop (secureum)

Resources

Readme

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages