~/blog/detects-vulnerability-with-slither
|
Published on

Detects vulnerable Solidity code with Slither

451 words3 min read–––
Views
Authors

image

Detects vulnerable Solidity code with Slither

Smart contract code can only be modified before deployment on Testnet or Mainnet, after deployment they become immutable or unchangeable. If a smart contract has insecure code, vulnerabilities can be exploited by malicious actors resulting in millions of dollars in loss as has happened to some smart contracts. This is the reason why smart contracts must be highly audited before deployment.

So what is slither? Slither is a static analysis framework for smart contracts, it enables developers to find vulnerabilities in their solidity smart contracts code in a few seconds, it can also be used for code optimization or review.

Installation Slither comes in form of a python module, it requires python 3+ to be installed on the computer, slither works hand in hand with solc-select, a tool used to switch between Solidity compiler versions. To install slither and solc-select run in the terminal these commands.

$ pip3 install slither-analyzer
$ pip3 install solc-select

You can learn more about how to change your solidity compiler version here.

Running Slither

Now that we have Slither and solc-select modules installed, it is time to run an automated security review on our smart contract.

On a hardhat or Truffle application open the terminal and run slither . in the project directory, on a solidity file run slither filepath/file.sol

Let’s run slither on the contract below

pragma solidity ^0.8.0;

contract SlitherDemo{
    address public king;
    uint public balance;
  
    function claimThrone() external payable {
        
        require(msg.value > balance, "Need to pay more to become the king");
        (bool sent, ) = king.call{value: balance}("");
        require(sent, "Failed to send Ether");
        balance = msg.value;
        king = msg.sender;
    }
}

As you can see in the image below, slither detected reentrancy security vulnerability in our smart contract code and highlighted it in red, we also get some improvement recommendations in green image

That’s it, in a few seconds Slither was able to detect and describe security issues with underlying vulnerabilities, severity, and recommended fixes for our smart contract.