• Stars
    star
    351
  • Rank 120,906 (Top 3 %)
  • Language
    Python
  • License
    GNU Affero Genera...
  • Created about 2 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Slither Detectors by Pessimistic.io

Slitherin by Pessimistic.io

Blog Our Website Mail

Welcome! We are the pessimistic.io team, and in recent months we have been actively developing our own Slither detectors to help with code review and audit process. This repository contains everything you may require to work with them!

We increased the sensitivity of our detectors since they are quite straightforward and not written in the "original style." As a result, they produce FPs (False Positives) more frequently than original ones. So that, our detectors are a kind of automation of the checks implemented in the checklist, their main purpose is to look for issues and assist the code auditor.

Please let us know if you have discovered an issue/bug/vulnerability via our custom Slither detectors. You may contact us via opening a PR/Issue or directly, whichever is more convenient for you. If you have any further questions or suggestions, please join our Discord Server or Telegram chat! We hope to see you there, and we intend to support the community and its initiatives!

Telegram Discord

Repository Navigation

Table of Contents:

Section Link
Docs Docs for each detector
Slither_pess Detectors code
Tests Test contracts for detectors
Utils Auxiliary files
Issues Suggest an idea
Installation Process Step-by-Step guide
Detectors Detectors table
Enhancements & New Detectors Project Improvements

Installation Process

To install Pessimistic Detectors:

  1. Install the original Slither;
  2. Clone our repository;
  3. Run the following command in our repository folder to add new detectors to Slither:
python3 setup.py develop

Keep in mind that you don't have to reinstall the plugin after changes in the repository!

  1. Run original Slither as usual.
  2. Dependencies must be installed in order to test the detectors on our test contracts:
npm install

Detectors Table

Detector Link Docs & Setup Test Contract Valid* Issues
Unprotected Setter Explore In progress 1
Unprotected Initialize Explore Test 0
TX Gasprice Warning Explore Test 0
UniswapV2 Integration Explore Test 0
Token Fallback Explore Test 0
Timelock Controller Explore Test 0
Strange Setter Explore Test 0
Read-only Reentrancy Explore Test 0
NFT Approve Warning Explore Test 0
Multiple Storage Read Explore Test 6
Magic Number Explore Test 3
Inconsistent Non-Reentrant Explore Test 0
Falsy Only EOA Modifier Explore Test 0
Missing Event Setter Explore Test 0
Dubious Typecast Explore Test 0
Double Entry Token Possibility Explore In progress 0
Call Forward To Protected Explore Test 0
Before Token Transfer Explore Test 1

Please note:

  • *Valid - issues included in reports and fixed by developers (January 2023 - April 2023).

  • There is one detector that is disabled by default: pess-uni-v2. It is recommended to run it only on projects that integrate Uniswap V2!

Enhancements & New Detectors

Here we indicate our updates, workflows and mark completed tasks and improvements!

You can add your own detector/idea/enhancement by opening the Issue at the following link.

Prior to adding a custom detector, ensure that:

  1. In a documentation file, your detector is comprehensively described;
  2. The detector test contract is presented and correctly compiles;
  3. The detector code is presented and works properly.

Prior to adding an idea, ensure that:

  1. Your concept or idea is well articulated;
  2. A vulnerability example (or PoC) is provided;

Prior to adding an enhancement, ensure that:

  1. Your enhancement does not make the base code worse;
  2. Your enhancement is commented.

Detectors Backlog:

Issues Open Pool Requests Closed Pool Requests

Task Status
Opensource current repository Completed
Fix - Readonly Reentrancy Detector Completed
Suggestion - Write a Walkthrough Article Completed
Add UniswapV2 Integration detector Completed
For-continue-increment - add detector In progress
Refactor python code. Make it cleaner. TODO
Nft-approve-warning detector - remove detection with "this" as a first parameter in "transferFrom()" function TODO
Strange-setter detector - remove detection when mappings or structs are set TODO
Double-entry-token detector - remove detection of ETH transfers TODO
Before-token-transfer detector - remove detection with "virtual" modifier and "super" function call TODO
Strange-constructor detector - remove detection of constructor function with base constructor TODO

Acknowledgements

Our team would like to express our deepest gratitude to the Slither tool creators: Josselin Feist, Gustavo Grieco, and Alex Groce, as well as Crytic, Trail of Bits' blockchain security division, and all the people who believe in the original tool and its evolution!

Articles:

Research Papers:

Slither: In-Depth

Slitherin in mass media

Thank you!

It would be fantastic if you could bookmark, share, star, or fork this repository. Any attention will help us achieve our common goal of making Web3 a little bit safer than it was before: therefore, we require your support!

Watch Like Fork

For our part, we'll do everything in our power to ensure that this project continues to grow successfully in terms of both code and technology as well as community and professional interaction! We sincerely hope you find our work useful and appreciate any feedback, so please do not hesitate to contact us!

Mail