Automated smart contract security review with Slither
Smart contract code can only be modified before deployment on Testnet or Mainnet, after deployment they become immutable or unchangeable. If a smart contract has insecure code, vulnerabilities can be exploited by malicious actors resulting in millions of dollars in loss as has happened to some smart contracts. This is the reason why smart contracts must be highly audited before deployment.
So what is slither? Slither is a static analysis framework for smart contracts, it enables developers to find vulnerabilities in their solidity smart contracts code in a few seconds, it can also be used for code optimization or review.
Installation
Slither comes in form of a python module, it requires python 3+ to be installed on the computer, slither works hand in hand with solc-select, a tool used to switch between Solidity compiler versions. To install slither and solc-select run in the terminal these commands.
$ pip3 install slither-analyzer
$ pip3 install solc-selectYou can learn more about how to change your solidity compiler version here.
Running Slither
Now that we have Slither and solc-select modules installed, it is time to run an automated security review on our smart contract.
On a hardhat or Truffle application open the terminal and run slither . in the project directory, on a solidity file run slither filepath/file.sol
Let’s run slither on the contract below
As you can see in the image below, slither detected reentrancy security vulnerability in our smart contract code and highlighted it in red, we also get some improvement recommendations in green
That’s it, in a few seconds Slither was able to detect and describe security issues with underlying vulnerabilities, severity, and recommended fixes for our smart contract.
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing
