Slither — Static Analysis for Smart Contract Security

# Slither — Static Analysis for Smart Contract Security

Security is paramount in smart contract development. Unlike traditional software, deployed contracts are immutable and often handle millions of dollars. Slither, developed by Trail of Bits, is the most powerful open-source static analysis framework for Solidity. It automatically detects vulnerabilities, code smells, and optimization opportunities before you deploy.

What is Slither?

Slither is a static analysis tool that examines your Solidity code without executing it. It uses a custom intermediate representation (SlithIR) to perform deep analysis and detect over 90 different vulnerability patterns.

Key Features

• 90+ vulnerability detectors covering common and advanced security issues

• Zero false positives on most critical vulnerabilities

• Fast execution — analyze an entire project in seconds

• Detailed output with line numbers and suggested fixes

• Custom detector support for project-specific rules

• CI/CD integration for automated security checks

• Multiple output formats (text, JSON, GitHub Actions)

What Slither Detects

Critical vulnerabilities:

• Reentrancy attacks

• Unprotected self-destruct

• Arbitrary storage writes

• Delegatecall to untrusted contracts

High severity issues:

• Integer overflow/underflow (pre-0.8.0)

• Uninitialized storage variables

• Incorrect access controls

• Shadowing state variables

Medium severity issues:

• Block timestamp manipulation

• Incorrect event parameters

• Missing return values

• Dangerous strict equalities

Gas optimizations:

• State variables that could be constant/immutable

• Loops that can be optimized

• Redundant storage reads

• Expensive operations in loops

Code quality:

• Naming conventions violations

• Dead code detection

• Unused variables

• Missing NatSpec documentation

Installation

Prerequisites

Slither requires Python 3.8+ and solc (Solidity compiler).

Install Python (if not already installed):

# macOS
brew install python3

# Ubuntu/Debian
sudo apt install python3 python3-pip

# Windows
# Download from python.org

Install solc:

# Using solc-select (recommended for managing versions)
pip3 install solc-select
solc-select install 0.8.26
solc-select use 0.8.26

Install Slither

pip3 install slither-analyzer

Verify installation:

slither --version
# Output: 0.10.4 (or later)

Running Your First Analysis

Basic Usage

Analyze a single contract:

slither MyContract.sol

Analyze an entire Hardhat/Foundry project:

slither .

Slither automatically detects your project structure and configuration.

Example Output

Let's analyze a vulnerable contract:

// VulnerableBank.sol
pragma solidity ^0.8.26;

contract VulnerableBank {
    mapping(address => uint256) public balances;

    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }

    // VULNERABLE: Reentrancy attack
    function withdraw(uint256 amount) public {
        require(balances[msg.sender] >= amount);
        (bool success, ) = msg.sender.call{value: amount}("");
        require(success);
        balances[msg.sender] -= amount;
    }
}

Run Slither:

slither VulnerableBank.sol

Output:

Reentrancy in VulnerableBank.withdraw(uint256) (VulnerableBank.sol#10-15):
    External calls:
    - (success) = msg.sender.call{value: amount}() (VulnerableBank.sol#12)
    State variables written after the call(s):
    - balances[msg.sender] -= amount (VulnerableBank.sol#14)

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities

Slither identifies the reentrancy vulnerability and points to the exact line where the state is modified after the external call.

Understanding Slither Results

Severity Levels

Slither categorizes findings by impact and confidence:

Impact:

• High: Critical vulnerabilities that can lead to loss of funds

• Medium: Issues that could be exploited under certain conditions

• Low: Code quality issues or minor optimizations

• Informational: Best practice recommendations

Confidence:

• High: Very likely to be a real issue (few false positives)

• Medium: Probable issue but requires manual verification

• Low: Possible issue but may be intentional

Reading a Slither Report

Each finding includes:

Detector name: e.g., "reentrancy-eth"

Location: File, line number, and function

Description: What the issue is

Reference: Link to detailed documentation

Recommended fix: How to resolve it

Filtering Results

Show only high/medium severity:

slither . --exclude-informational --exclude-low

Exclude specific detectors:

slither . --exclude naming-convention,solc-version

Include only specific detectors:

slither . --detect reentrancy-eth,arbitrary-send-eth

JSON output for parsing:

slither . --json results.json

Fixing Common Vulnerabilities

Reentrancy (Critical)

Bad:

function withdraw(uint256 amount) public {
    require(balances[msg.sender] >= amount);
    (bool success, ) = msg.sender.call{value: amount}("");
    require(success);
    balances[msg.sender] -= amount; // State change after external call
}

Good (Checks-Effects-Interactions pattern):

function withdraw(uint256 amount) public {
    require(balances[msg.sender] >= amount);
    balances[msg.sender] -= amount; // State change BEFORE external call
    (bool success, ) = msg.sender.call{value: amount}("");
    require(success);
}

Better (ReentrancyGuard):

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

contract Bank is ReentrancyGuard {
    function withdraw(uint256 amount) public nonReentrant {
        require(balances[msg.sender] >= amount);
        balances[msg.sender] -= amount;
        (bool success, ) = msg.sender.call{value: amount}("");
        require(success);
    }
}

Uninitialized Storage Variables (High)

Bad:

function processData() internal {
    Data storage data; // Uninitialized, points to slot 0!
    data.value = 100;  // Overwrites contract state
}

Good:

function processData() internal {
    Data memory data; // Use memory
    data.value = 100;
}

Dangerous Strict Equalities (Medium)

Bad:

require(address(this).balance == 10 ether); // Can be bypassed with selfdestruct

Good:

require(address(this).balance >= 10 ether);

Custom Detectors

Slither allows you to write custom detectors for project-specific requirements.

Example: Detect Missing Events

from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification

class MissingEvent(AbstractDetector):
    ARGUMENT = 'missing-event'
    HELP = 'State-changing functions should emit events'
    IMPACT = DetectorClassification.LOW
    CONFIDENCE = DetectorClassification.MEDIUM

    def _detect(self):
        results = []
        for contract in self.contracts:
            for function in contract.functions:
                if function.is_public and function.can_send_eth():
                    if not function.events_called:
                        results.append(self.generate_result([
                            function, " should emit an event\n"
                        ]))
        return results

Run your custom detector:

slither . --detect missing-event

CI/CD Integration

GitHub Actions

Create .github/workflows/slither.yml:

name: Slither Analysis

on: [push, pull_request]

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'

      - name: Install Slither
        run: pip3 install slither-analyzer

      - name: Install dependencies
        run: npm install

      - name: Run Slither
        run: slither . --exclude-informational --exclude-low --json slither-report.json

      - name: Upload results
        uses: actions/upload-artifact@v3
        with:
          name: slither-report
          path: slither-report.json

Pre-commit Hook

Add to .git/hooks/pre-commit:

#!/bin/bash
echo "Running Slither analysis..."
slither . --exclude-informational --exclude-low
if [ $? -ne 0 ]; then
    echo "Slither found issues. Commit aborted."
    exit 1
fi

Make executable:

chmod +x .git/hooks/pre-commit

Slither Configuration

Create slither.config.json in your project root:

{
  "detectors_to_exclude": "naming-convention,solc-version",
  "exclude_informational": true,
  "exclude_low": true,
  "exclude_medium": false,
  "exclude_high": false,
  "solc": "solc",
  "solc_args": "--optimize --optimize-runs 200"
}

Run with config:

slither . --config-file slither.config.json

Best Practices

1. Run Slither Early and Often

• Run on every commit via pre-commit hooks

• Integrate into CI/CD pipeline

• Analyze before each deployment

2. Fix High-Confidence Issues First

Start with High impact + High confidence findings. These are almost always real vulnerabilities.

3. Understand False Positives

Some detectors may flag intentional patterns. Document why these are safe using slither-disable-next-line:

// slither-disable-next-line reentrancy-eth
function withdraw() public {
    // Intentional pattern, protected by mutex
}

4. Combine with Other Tools

Slither is powerful but not exhaustive. Use alongside:

• MythX for deeper symbolic analysis

• Echidna for fuzzing

• Manticore for symbolic execution

• Manual audits for business logic

5. Keep Slither Updated

pip3 install --upgrade slither-analyzer

New detectors are added regularly.

Conclusion

Slither is an essential tool for smart contract security. Its fast, accurate analysis catches vulnerabilities that could lead to exploits and loss of funds. By integrating Slither into your development workflow, you significantly reduce the risk of deploying vulnerable contracts.

Start securing your contracts today — install Slither and run your first analysis. Then practice secure coding patterns with Solingo's security-focused challenges to build bulletproof smart contracts.

Next steps:

• Run Slither on your existing projects

• Set up GitHub Actions for automated analysis

• Learn about custom detectors for project-specific rules

• Combine Slither with fuzzing tools like Echidna