Slitherin

Static code analysis tool

What is Slitherin?

A free, open-source collection of detectors for automatic scanning of smart contract code to find potential security vulnerabilities and ideas for optimizations.

We all know the struggle of using a complicated and messy tool. Slitherin makes it a breeze with its simple CLI. Just hit slitherin [target] to get you going with an average execution time of less than 1 minute per contract.

Identifying security bugs has never been easier. Slitherin explores inheritance dependencies of all the contracts, With over 30+ detectors, you have one of the highest chances of hitting the most crucial of vulnerabilities.

What are detectors?

A series of checks designed to identify logical and technical aspects of the code that could potentially result in unforeseen financial loss for the protocol or client, as well as unexpected behavior of the functionality during interactions with the scanned smart contract.

Why built on top of Slither?

Slither is the most technically profound, actively maintained, and regularly updated engine for analyzing smart contracts in Solidity and Vyper languages.

How is it different from other detectors?

We significantly expand the functionality of Slither, automating the search for vulnerabilities associated with security issues that we have encountered and continue to encounter in our audit practice.

In addition, we have added integration detectors. Often projects use the functionality of popular protocols (Uniswap, Aave, Compound, Balancer, etc.), but integrations always imply a clear understanding of the details of these complex protocols and strict adherence to documentation. To simplify and accelerate this process, we have created (and keep on creating) integration detectors. These are automated checks that inform the user about incorrect use of a particular functionality of the integrated protocol and provide recommendations for their elimination.

User benefits

Detectors are used for two purposes: to prevent the occurrence of security vulnerabilities and to speed up the process of writing quality code. According to our research, the original utility detectors — Slither and our Slitherin detectors, collectively cover 15% of standard EVM vulnerabilities.

Integration detectors can identify up to 100% of problems related to the integrated protocol. Using detectors during development or audit speeds up both processes 18 times compared to similar manual verification/development processes.

Use cases

A developer writes a protocol and checks that nothing is missed

A developer integrates someone else’s protocol and checks that there are no known problems

An auditor audits a protocol and saves time on typical checks

Feel free to use and contribute!