How to install slither for smart contract security testing
Slither is a Python-based static code analysis framework. It can track variables and function calls, as well as detect vulnerabilities.
No! you do not need to know the python language to use slither.
If you would like to see a list of vulnerabilities that Slither can detect, feel free to check https://github.com/trailofbits/slither#detectors.
I have created a comprehensive starter project for anyone who wants to start creating security-conscious smart contracts:
https://github.com/king-Alex-d-great/secure-solidity-development-starterpack
Now let's look at how we can install and use slither in your project
Step Zero:
Initial setup:
mkdir slitherProject
cd ./slitherProject
npm init
Step one
Install python:
python.org/downloads
Next run:
python3 --version orpython --version
If you have installed python correctly, the above command will give a result that looks like this: Python 3.9.13
Step two:
Install Pip3 on ubuntu or WSL:
//Install
sudo apt-get -y install python3-pip
Next, run the following to confirm you have installed pip correctly:
pip3 --version
or
pip --version
STEP THREE:
Install and set up solc-select:
pip3 install solc-select
solc-select install 0.8.7
solc-select use 0.8.7
Step Four
Install slither analyzer:
pip3 install slither-analyzer
Confirm you have installed slither correctly:
slither --help
We have successfully installed slither.
In your package.json, add this to your script object:
{
"scripts":{
"slither": "slither . --solc-remaps"
}
}
To run the slither tool, we can simply just run:
slither .
Feel free to drop any confusion and questions you may have.
Twitter: https://twitter.com/OgubuikeAlex