Things You Need To Know About Slither Static Analyzer For Smart Contracts

author

Calibraint

Author

October 3, 2023

Last updated: October 9, 2023

Slither for smart contracts

Every smart contract developer or auditor will know the importance of ensuring the security, efficiency, and quality of the code. However, reviewing the code manually can be tedious, time-consuming, and error-prone. That’s why a tool is necessary in order to automate and improve the code analysis process.

Slither is a solidity static analyzer for smart contracts that can detect vulnerabilities, optimize code, improve comprehension, and assist review. It can analyze any solidity project, whether it is a single file or a complex application. It can also integrate with popular frameworks such as Hardhat, Foundry, Dapp, and Brownie.

Slither solidity static analyzer is an open-source project developed by Trail of Bits, a leading security research and consulting firm. Learn more from the official GitHub repository of Slither. We will further dive deeper into its installation, usage, and components.

Installation and Usage of Slither Solidity Static Analyzer for Smart Contracts

Slither is easy to install and use. You can choose one of the following methods to install Slither on your system:

Using pip:

You can install Slither using pip, a package manager for Python. To do so, run the following command in your terminal:

pip install slither-analyzer 

Using git:

You can clone the Slither GitHub repository and install it from the source. To do so, run the following commands in your terminal:

git clone https://github.com/crytic/slither.git && cd slither  
python setup.py install

Using docker:

You can use Docker to run Slither without installing it on your system. To do so, run the following command in your terminal:

docker run -v $(pwd):/home/trailofbits/slither -it trailofbits/slither 

Once you have installed Slither, you can run it on any Solidity project or file. Slither supports various frameworks such as Hardhat, Foundry, Dapp, and Brownie. You can also specify the solo version to use for compilation.

To run Slither on a Hardhat/Foundry/Dapp/Brownie application, use the following command:

slither

To run Slither on a single file, use the following command:

slither file.sol

Slither will analyze your code and display the results in your terminal. You can also use various options and arguments to customize your analysis. For example, you can use –json to output the results in JSON format, or –triage-mode to interactively triage the results.

Detectors and Printers

Slither has two main components that perform different types of analysis on your code: detectors and printers.

Detectors are modules that identify specific issues or vulnerabilities in your code. Slither has a variety of built-in detectors that cover common security risks, such as reentrancy, integer overflow, unused state variables, and more. You can also enable or disable detectors according to your needs.

For example, you can use –detect to run only the specified detectors, or –exclude to skip the specified detectors.

Printers are modules that output information or statistics about your code. Slither has a number of built-in printers that help you optimize your code, visualize your contract details, and review your code.

For example, you can use –print human-summary to get a human-readable summary of your contracts, or –print inheritance-graph to generate a graph of the inheritance relationships among your contracts.

You can use detectors and printers to improve the quality and security of your code. For example, you can use the shadowing-state detector to find state variables that are shadowed by inherited contracts, or the cfg printer to generate a control flow graph of each function in your contracts.

Custom Analyses

Slither also allows you to write your own custom analyses using the Slither API. You can use the Slither API to access and manipulate various aspects of your code, such as contracts, functions, variables, expressions, and more.

One of the key features of the Slither API is the intermediate representation (SlithIR) that Slither uses to preserve semantic information. SlithIR is a low-level representation of Solidity code that consists of simple and atomic instructions. Each instruction has a set of operands and a result. You can use SlithIR to perform dataflow and taint tracking analyses on your code.

Dataflow analysis

Dataflow analysis is a technique that tracks how data flows through your code. For example, you can use dataflow analysis to find out which variables are read or written by a function, or which instructions affect the return value of a function.

Taint Analysis

Taint analysis is a technique that tracks how tainted data propagates through your code. Tainted data is data that comes from an untrusted source, such as user input or external calls. For example, you can use taint analysis to find out which instructions are influenced by tainted data, or which tainted data reaches a sensitive instruction, such as a self-destruct or a transfer.

You can use the Slither API to write custom analyses that leverage dataflow and taint tracking techniques on SlithIR. You can also use the built-in detectors and printers as examples or templates for your custom analyses.

Conclusion

Slither is a powerful and versatile tool that can help you improve the security, efficiency, and quality of your smart contract code. Since it is an open-source project that is constantly updated and improved by the Trail of Bits team and the community, we can expect more iterations in the near future.

Related Articles

field image

Did you know that Dogecoin, initially created as a joke in 2013, reached a market capitalization of over $85 billion in 2021? Meme coins have taken the crypto world by storm, from Dogecoin to Shiba Inu, proving that even internet jokes can turn into lucrative investments. In fact, Shiba Inu saw a staggering 50,000,000% increase […]

author-image

Calibraint

Author

31 Mar 2025

field image

​In the fourth quarter of 2024, the number of active cryptocurrency mobile wallets surged to 36 million, marking a significant shift in how users interact with digital assets. This rapid growth underscores the increasing importance of integrating cryptocurrency wallets into business operations. Understanding the crypto wallet development cost is important for companies aiming to stay […]

author-image

Calibraint

Author

28 Mar 2025

field image

The healthcare industry has experienced revolutionary changes from vaccines to widely life-saving treatments.  However, the secure and efficient management of patient data remains a significant challenge. The U.S. Department of Health and Human Services Office for Civil Rights (2024) reported a significant increase to the number of large healthcare data breaches with nearly 725 breaches […]

author-image

Calibraint

Author

25 Mar 2025

field image

Did you know that Cardano (ADA) ranked among the top 10 cryptocurrencies by market capitalization in 2024? With its continuous technological advancements, can it reach new highs by 2030? The Cardano ADA price prediction has been a topic of discussion among investors looking for long-term growth opportunities, as many seek insights into ADA’s future value. […]

author-image

Calibraint

Author

20 Mar 2025

field image

Cryptocurrency has revolutionized the financial world since the launch of Bitcoin in 2009. The introduction of Ethereum in 2015 further transformed the landscape, enabling decentralized applications and smart contracts. As of 2025, Ethereum stands as the second-largest cryptocurrency by market capitalization and serves as the backbone of the DeFi and NFT ecosystems. With a vast […]

author-image

Calibraint

Author

17 Mar 2025

field image

Did you know that Wattpad started as a simple mobile reading app in 2006, but today, it has over 90 million users worldwide? Some authors who started on Wattpad even landed major publishing and film deals! If you want to create an app like Wattpad, you’re tapping into a booming industry where storytelling meets technology. […]

author-image

Calibraint

Author

13 Mar 2025

Let's Start A Conversation

  • United States+1
  • United Kingdom+44
  • India (भारत)+91
  • Afghanistan (‫افغانستان‬‎)+93
  • Albania (Shqipëri)+355
  • Algeria (‫الجزائر‬‎)+213
  • American Samoa+1
  • Andorra+376
  • Angola+244
  • Anguilla+1
  • Antigua and Barbuda+1
  • Argentina+54
  • Armenia (Հայաստան)+374
  • Aruba+297
  • Ascension Island+247
  • Australia+61
  • Austria (Österreich)+43
  • Azerbaijan (Azərbaycan)+994
  • Bahamas+1
  • Bahrain (‫البحرين‬‎)+973
  • Bangladesh (বাংলাদেশ)+880
  • Barbados+1
  • Belarus (Беларусь)+375
  • Belgium (België)+32
  • Belize+501
  • Benin (Bénin)+229
  • Bermuda+1
  • Bhutan (འབྲུག)+975
  • Bolivia+591
  • Bosnia and Herzegovina (Босна и Херцеговина)+387
  • Botswana+267
  • Brazil (Brasil)+55
  • British Indian Ocean Territory+246
  • British Virgin Islands+1
  • Brunei+673
  • Bulgaria (България)+359
  • Burkina Faso+226
  • Burundi (Uburundi)+257
  • Cambodia (កម្ពុជា)+855
  • Cameroon (Cameroun)+237
  • Canada+1
  • Cape Verde (Kabu Verdi)+238
  • Caribbean Netherlands+599
  • Cayman Islands+1
  • Central African Republic (République centrafricaine)+236
  • Chad (Tchad)+235
  • Chile+56
  • China (中国)+86
  • Christmas Island+61
  • Cocos (Keeling) Islands+61
  • Colombia+57
  • Comoros (‫جزر القمر‬‎)+269
  • Congo (DRC) (Jamhuri ya Kidemokrasia ya Kongo)+243
  • Congo (Republic) (Congo-Brazzaville)+242
  • Cook Islands+682
  • Costa Rica+506
  • Côte d’Ivoire+225
  • Croatia (Hrvatska)+385
  • Cuba+53
  • Curaçao+599
  • Cyprus (Κύπρος)+357
  • Czech Republic (Česká republika)+420
  • Denmark (Danmark)+45
  • Djibouti+253
  • Dominica+1
  • Dominican Republic (República Dominicana)+1
  • Ecuador+593
  • Egypt (‫مصر‬‎)+20
  • El Salvador+503
  • Equatorial Guinea (Guinea Ecuatorial)+240
  • Eritrea+291
  • Estonia (Eesti)+372
  • Eswatini+268
  • Ethiopia+251
  • Falkland Islands (Islas Malvinas)+500
  • Faroe Islands (Føroyar)+298
  • Fiji+679
  • Finland (Suomi)+358
  • France+33
  • French Guiana (Guyane française)+594
  • French Polynesia (Polynésie française)+689
  • Gabon+241
  • Gambia+220
  • Georgia (საქართველო)+995
  • Germany (Deutschland)+49
  • Ghana (Gaana)+233
  • Gibraltar+350
  • Greece (Ελλάδα)+30
  • Greenland (Kalaallit Nunaat)+299
  • Grenada+1
  • Guadeloupe+590
  • Guam+1
  • Guatemala+502
  • Guernsey+44
  • Guinea (Guinée)+224
  • Guinea-Bissau (Guiné Bissau)+245
  • Guyana+592
  • Haiti+509
  • Honduras+504
  • Hong Kong (香港)+852
  • Hungary (Magyarország)+36
  • Iceland (Ísland)+354
  • India (भारत)+91
  • Indonesia+62
  • Iran (‫ایران‬‎)+98
  • Iraq (‫العراق‬‎)+964
  • Ireland+353
  • Isle of Man+44
  • Israel (‫ישראל‬‎)+972
  • Italy (Italia)+39
  • Jamaica+1
  • Japan (日本)+81
  • Jersey+44
  • Jordan (‫الأردن‬‎)+962
  • Kazakhstan (Казахстан)+7
  • Kenya+254
  • Kiribati+686
  • Kosovo+383
  • Kuwait (‫الكويت‬‎)+965
  • Kyrgyzstan (Кыргызстан)+996
  • Laos (ລາວ)+856
  • Latvia (Latvija)+371
  • Lebanon (‫لبنان‬‎)+961
  • Lesotho+266
  • Liberia+231
  • Libya (‫ليبيا‬‎)+218
  • Liechtenstein+423
  • Lithuania (Lietuva)+370
  • Luxembourg+352
  • Macau (澳門)+853
  • Macedonia (FYROM) (Македонија)+389
  • Madagascar (Madagasikara)+261
  • Malawi+265
  • Malaysia+60
  • Maldives+960
  • Mali+223
  • Malta+356
  • Marshall Islands+692
  • Martinique+596
  • Mauritania (‫موريتانيا‬‎)+222
  • Mauritius (Moris)+230
  • Mayotte+262
  • Mexico (México)+52
  • Micronesia+691
  • Moldova (Republica Moldova)+373
  • Monaco+377
  • Mongolia (Монгол)+976
  • Montenegro (Crna Gora)+382
  • Montserrat+1
  • Morocco (‫المغرب‬‎)+212
  • Mozambique (Moçambique)+258
  • Myanmar (Burma) (မြန်မာ)+95
  • Namibia (Namibië)+264
  • Nauru+674
  • Nepal (नेपाल)+977
  • Netherlands (Nederland)+31
  • New Caledonia (Nouvelle-Calédonie)+687
  • New Zealand+64
  • Nicaragua+505
  • Niger (Nijar)+227
  • Nigeria+234
  • Niue+683
  • Norfolk Island+672
  • North Korea (조선 민주주의 인민 공화국)+850
  • Northern Mariana Islands+1
  • Norway (Norge)+47
  • Oman (‫عُمان‬‎)+968
  • Pakistan (‫پاکستان‬‎)+92
  • Palau+680
  • Palestine (‫فلسطين‬‎)+970
  • Panama (Panamá)+507
  • Papua New Guinea+675
  • Paraguay+595
  • Peru (Perú)+51
  • Philippines+63
  • Poland (Polska)+48
  • Portugal+351
  • Puerto Rico+1
  • Qatar (‫قطر‬‎)+974
  • Réunion (La Réunion)+262
  • Romania (România)+40
  • Russia (Россия)+7
  • Rwanda+250
  • Saint Barthélemy+590
  • Saint Helena+290
  • Saint Kitts and Nevis+1
  • Saint Lucia+1
  • Saint Martin (Saint-Martin (partie française))+590
  • Saint Pierre and Miquelon (Saint-Pierre-et-Miquelon)+508
  • Saint Vincent and the Grenadines+1
  • Samoa+685
  • San Marino+378
  • São Tomé and Príncipe (São Tomé e Príncipe)+239
  • Saudi Arabia (‫المملكة العربية السعودية‬‎)+966
  • Senegal (Sénégal)+221
  • Serbia (Србија)+381
  • Seychelles+248
  • Sierra Leone+232
  • Singapore+65
  • Sint Maarten+1
  • Slovakia (Slovensko)+421
  • Slovenia (Slovenija)+386
  • Solomon Islands+677
  • Somalia (Soomaaliya)+252
  • South Africa+27
  • South Korea (대한민국)+82
  • South Sudan (‫جنوب السودان‬‎)+211
  • Spain (España)+34
  • Sri Lanka (ශ්‍රී ලංකාව)+94
  • Sudan (‫السودان‬‎)+249
  • Suriname+597
  • Svalbard and Jan Mayen+47
  • Sweden (Sverige)+46
  • Switzerland (Schweiz)+41
  • Syria (‫سوريا‬‎)+963
  • Taiwan (台灣)+886
  • Tajikistan+992
  • Tanzania+255
  • Thailand (ไทย)+66
  • Timor-Leste+670
  • Togo+228
  • Tokelau+690
  • Tonga+676
  • Trinidad and Tobago+1
  • Tunisia (‫تونس‬‎)+216
  • Turkey (Türkiye)+90
  • Turkmenistan+993
  • Turks and Caicos Islands+1
  • Tuvalu+688
  • U.S. Virgin Islands+1
  • Uganda+256
  • Ukraine (Україна)+380
  • United Arab Emirates (‫الإمارات العربية المتحدة‬‎)+971
  • United Kingdom+44
  • United States+1
  • Uruguay+598
  • Uzbekistan (Oʻzbekiston)+998
  • Vanuatu+678
  • Vatican City (Città del Vaticano)+39
  • Venezuela+58
  • Vietnam (Việt Nam)+84
  • Wallis and Futuna (Wallis-et-Futuna)+681
  • Western Sahara (‫الصحراء الغربية‬‎)+212
  • Yemen (‫اليمن‬‎)+967
  • Zambia+260
  • Zimbabwe+263
  • Åland Islands+358
Table of Contents