diff --git a/.github/DISCUSSION_TEMPLATE/installation.yml b/.github/DISCUSSION_TEMPLATE/installation.yml
index 64ac9375e6..45b2043947 100644
--- a/.github/DISCUSSION_TEMPLATE/installation.yml
+++ b/.github/DISCUSSION_TEMPLATE/installation.yml
@@ -1,20 +1,20 @@
----
-body:
- -
- attributes:
+---
+body:
+ -
+ attributes:
label: "What operating system are you using?"
id: os
type: textarea
- validations:
+ validations:
required: true
- -
- attributes:
+ -
+ attributes:
label: "How did you install slither?"
description: |
For example, using git or python's pip.
id: install-method
type: textarea
- validations:
+ validations:
required: true
- type: dropdown
id: python
@@ -25,14 +25,14 @@ body:
- "Yes"
- "No"
- "Not sure"
- -
- attributes:
+ -
+ attributes:
description: |
- Please copy and paste any relevant log output. This
+ Please copy and paste any relevant log output. This
will be automatically formatted into code, so no need for backticks.
render: shell
label: "Output of running `slither-doctor .`:"
id: logs
-labels:
+labels:
- installation-help
title: "[Installation-Help]: "
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
index f1b3a4f4f2..ab0eda84b1 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -1,54 +1,54 @@
----
-body:
- -
- attributes:
+---
+body:
+ -
+ attributes:
value: |
- Please check the issues tab to avoid duplicates, and
+ Please check the issues tab to avoid duplicates, and
confirm that the bug exists on the latest release (upgrade
by running `python3 -m pip install --upgrade slither-analyzer`).
-
+
If you are having difficulty installing slither,
please head over to the "Discussions" page.
-
+
Thanks for taking the time to fill out this bug report!
type: markdown
- -
- attributes:
+ -
+ attributes:
label: "Describe the issue:"
id: what-happened
type: textarea
- validations:
+ validations:
required: true
- -
- attributes:
+ -
+ attributes:
description: "It can be a github repo (preferred), etherscan link, or code snippet."
label: "Code example to reproduce the issue:"
placeholder: "`contract A {}`\n"
id: reproduce
type: textarea
- validations:
+ validations:
required: true
- -
- attributes:
+ -
+ attributes:
description: |
What version of slither are you running?
Run `slither --version`
label: "Version:"
id: version
type: textarea
- validations:
+ validations:
required: true
- -
- attributes:
+ -
+ attributes:
description: |
- Please copy and paste any relevant log output. This
+ Please copy and paste any relevant log output. This
will be automatically formatted into code, so no need for backticks.
render: shell
label: "Relevant log output:"
id: logs
type: textarea
description: "File a bug report"
-labels:
+labels:
- bug-candidate
name: "Bug Report"
title: "[Bug-Candidate]: "
diff --git a/.github/ISSUE_TEMPLATE/false_negative.yml b/.github/ISSUE_TEMPLATE/false_negative.yml
index 38dfa62300..6cd661a957 100644
--- a/.github/ISSUE_TEMPLATE/false_negative.yml
+++ b/.github/ISSUE_TEMPLATE/false_negative.yml
@@ -1,61 +1,61 @@
----
-body:
- -
- attributes:
+---
+body:
+ -
+ attributes:
value: |
- Please check the issues tab to avoid duplicates.
+ Please check the issues tab to avoid duplicates.
Thanks for helping make Slither the best it can be!
type: markdown
- -
- attributes:
+ -
+ attributes:
label: "What bug did Slither miss and which detector did you anticipate would catch it?"
id: what-happened
type: textarea
- validations:
+ validations:
required: true
- -
+ -
attributes:
label: Frequency
description: How often do you run across this false negative?
options:
- Very Frequently
- - Occasionally
+ - Occasionally
- Rarely
- Not sure
id: frequency
type: dropdown
validations:
required: true
- -
- attributes:
+ -
+ attributes:
description: "It can be a github repo, etherscan link, or code snippet."
label: "Code example to reproduce the issue:"
placeholder: "`contract A {}`\n"
id: reproduce
type: textarea
- validations:
+ validations:
required: true
- -
- attributes:
+ -
+ attributes:
description: |
- What version of slither are you running?
+ What version of slither are you running?
Run `slither --version`
label: "Version:"
id: version
type: textarea
- validations:
+ validations:
required: true
- -
- attributes:
+ -
+ attributes:
description: |
- Please copy and paste the result output. This
+ Please copy and paste the result output. This
will be automatically formatted into code, so no need for backticks.
render: shell
label: "Relevant log output:"
id: logs
type: textarea
description: "Slither missed a bug it should find."
-labels:
+labels:
- false-negative
name: False Negative
title: "[False Negative]: "
diff --git a/.github/ISSUE_TEMPLATE/false_positive.yml b/.github/ISSUE_TEMPLATE/false_positive.yml
index 258a70dfb6..b4b1c0bed3 100644
--- a/.github/ISSUE_TEMPLATE/false_positive.yml
+++ b/.github/ISSUE_TEMPLATE/false_positive.yml
@@ -1,61 +1,61 @@
----
-body:
- -
- attributes:
+---
+body:
+ -
+ attributes:
value: |
- Please check the issues tab to avoid duplicates.
+ Please check the issues tab to avoid duplicates.
Thanks for helping make Slither the best it can be!
type: markdown
- -
- attributes:
+ -
+ attributes:
label: "Describe the false alarm that Slither raise and how you know it's inaccurate:"
id: what-happened
type: textarea
- validations:
+ validations:
required: true
- -
+ -
attributes:
label: Frequency
description: How often do you run across this false positive?
options:
- Very Frequently
- - Occasionally
+ - Occasionally
- Rarely
- Not sure
id: frequency
type: dropdown
validations:
required: true
- -
- attributes:
+ -
+ attributes:
description: "It can be a github repo, etherscan link, or code snippet."
label: "Code example to reproduce the issue:"
placeholder: "`contract A {}`\n"
id: reproduce
type: textarea
- validations:
+ validations:
required: true
- -
- attributes:
+ -
+ attributes:
description: |
- What version of slither are you running?
+ What version of slither are you running?
Run `slither --version`
label: "Version:"
id: version
type: textarea
- validations:
+ validations:
required: true
- -
- attributes:
+ -
+ attributes:
description: |
- Please copy and paste the result output. This
+ Please copy and paste the result output. This
will be automatically formatted into code, so no need for backticks.
render: shell
label: "Relevant log output:"
id: logs
type: textarea
description: "Slither warned of an issue that is not legitimate and does not need to be fixed."
-labels:
+labels:
- false-positive
name: "False Positive"
title: "[False-Positive]: "
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
index 651f780374..1fbfdfafbf 100644
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -14,4 +14,4 @@ body:
label: Describe the desired feature
description: Explain what the feature solves/ improves.
validations:
- required: true
\ No newline at end of file
+ required: true
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index dd3015cbc2..9ff89397a5 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,8 +1,8 @@
---
version: 2
updates:
- - package-ecosystem: "github-actions"
- directory: "/"
- target-branch: "dev"
- schedule:
- interval: "weekly"
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ target-branch: "dev"
+ schedule:
+ interval: "weekly"
diff --git a/CITATION.cff b/CITATION.cff
index 605bd60e5f..31e251c29a 100644
--- a/CITATION.cff
+++ b/CITATION.cff
@@ -33,14 +33,14 @@ abstract: >-
SlithIR uses Static Single Assignment (SSA) form and a
reduced instruction set to ease implementation of analyses
while preserving semantic information that would be lost
- in transforming Solidity to bytecode.
+ in transforming Solidity to bytecode.
Slither allows for the application of commonly used
program analysis techniques like dataflow and taint
tracking.
- Our framework has four main use cases:
+ Our framework has four main use cases:
(1) automated detection of vulnerabilities,
@@ -50,7 +50,7 @@ abstract: >-
(3) improvement of the user's understanding of the
contracts, and
- (4) assistance with code review.
+ (4) assistance with code review.
keywords:
- Ethereum
- Static Analysis
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index c56964399a..3982295c7e 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -47,6 +47,15 @@ A code walkthrough is available [here](https://www.youtube.com/watch?v=EUl3UlYSl
Instructions for installing a development version of Slither can be found in our [wiki](https://github.com/crytic/slither/wiki/Developer-installation).
+For development setup, we use [uv](https://github.com/astral-sh/uv):
+```bash
+# Install uv if you haven't already
+curl -LsSf https://astral.sh/uv/install.sh | sh
+
+# Setup development environment
+make dev # Creates venv and installs all dependencies
+```
+
To run the unit tests, you need to clone this repository and run `make test`. Run a specific test with `make test TESTS=$test_name`. The names of tests can be obtained with `pytest tests --collect-only`.
### Linters
@@ -63,7 +72,33 @@ To automatically reformat the code:
- `make reformat`
-We use pylint `3.0.3`, black `22.3.0`.
+We use ruff (latest 0.x version) for linting and formatting, and yamllint for YAML files.
+
+#### Pre-commit Hooks (Recommended)
+
+We recommend using pre-commit hooks to automatically check and fix code before committing:
+
+```bash
+# Install pre-commit hooks (one-time setup)
+pre-commit install
+
+# Run manually on all files
+pre-commit run --all-files
+
+# Run on specific files
+pre-commit run --files slither/core/*.py
+
+# Update hook versions
+pre-commit autoupdate
+```
+
+The pre-commit hooks will automatically:
+- Fix linting issues with ruff
+- Check YAML syntax
+- Remove trailing whitespace
+- Fix end-of-file issues
+- Check for merge conflicts
+- Prevent large files from being committed
### Testing
@@ -111,9 +146,9 @@ For each new detector, at least one regression tests must be present.
### Synchronization with crytic-compile
-By default, `slither` follows either the latest version of crytic-compile in pip, or `crytic-compile@master` (look for dependencies in [`setup.py`](./setup.py). If crytic-compile development comes with breaking changes, the process to update `slither` is:
+By default, `slither` follows either the latest version of crytic-compile in PyPI, or `crytic-compile@master` (look for dependencies in [`pyproject.toml`](./pyproject.toml)). If crytic-compile development comes with breaking changes, the process to update `slither` is:
-- Update `slither/setup.py` to point to the related crytic-compile's branch
+- Update `slither/pyproject.toml` to point to the related crytic-compile's branch
- Create a PR in `slither` and ensure it passes the CI
- Once the development branch is merged in `crytic-compile@master`, ensure `slither` follows the `master` branch
diff --git a/README.md b/README.md
index b76cffdd2a..b750a40948 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,7 @@
* [Features](#features)
* [Usage](#usage)
* [How to install](#how-to-install)
+ * [Using uv](#using-uv)
* [Using Pip](#using-pip)
* [Using Git](#using-git)
* [Using Docker](#using-docker)
@@ -67,19 +68,28 @@ slither tests/uninitialized.sol
## How to install
> **Note**
-> Slither requires Python 3.8+.
+> Slither requires Python 3.9+.
If you're **not** going to use one of the [supported compilation frameworks](https://github.com/crytic/crytic-compile), you need [solc](https://github.com/ethereum/solidity/), the Solidity compiler; we recommend using [solc-select](https://github.com/crytic/solc-select) to conveniently switch between solc versions.
-### Using Pip
+### Using uv
+
+[uv](https://github.com/astral-sh/uv) is a fast Python package manager that's 10-100x faster than pip. Slither requires uv for installation.
```console
-python3 -m pip install slither-analyzer
+# Install uv if you haven't already
+curl -LsSf https://astral.sh/uv/install.sh | sh
+
+# Install slither as a tool (recommended)
+uv tool install slither-analyzer
+
+# Or run slither ephemerally without installation
+uvx --with slither-analyzer slither
```
#### How to upgrade
```console
-python3 -m pip install --upgrade slither-analyzer
+uv tool upgrade slither-analyzer
```
### Using Brew
@@ -88,14 +98,19 @@ python3 -m pip install --upgrade slither-analyzer
brew install slither-analyzer
```
-### Using Git
+### Using Git (for development)
```bash
git clone https://github.com/crytic/slither.git && cd slither
-python3 -m pip install .
+
+# Install as editable for development
+uv tool install -e .
+
+# Or use uv run for testing without installation
+uv run slither
```
-We recommend using a Python virtual environment, as detailed in the [Developer Installation Instructions](https://github.com/crytic/slither/wiki/Developer-installation), if you prefer to install Slither via git.
+The `-e` flag installs in editable mode, meaning changes to the source code are immediately reflected without reinstalling. The `uv run` command automatically creates a virtual environment and installs dependencies.
### Using Docker
diff --git a/docs/src/tools/Code-Similarity-Detector.md b/docs/src/tools/Code-Similarity-Detector.md
index feb26f9cd3..f6492630c4 100644
--- a/docs/src/tools/Code-Similarity-Detector.md
+++ b/docs/src/tools/Code-Similarity-Detector.md
@@ -98,7 +98,7 @@ INFO:Slither-simil:Saving cache in cache.npz
INFO:Slither-simil:Done!
```
-After it runs, the `slither-simil` will output the the trained model in `model.bin`, a cache of every function for use in test mode in `cache.npz`, and the SlithIR of every function for debugging in `last_data_train.txt`.
+After it runs, the `slither-simil` will output the trained model in `model.bin`, a cache of every function for use in test mode in `cache.npz`, and the SlithIR of every function for debugging in `last_data_train.txt`.
### Plot mode
diff --git a/docs/src/tutorials/README.md b/docs/src/tutorials/README.md
index d5bff9ab2a..67ad206b71 100644
--- a/docs/src/tutorials/README.md
+++ b/docs/src/tutorials/README.md
@@ -17,7 +17,7 @@ Watch Slither's [code walkthrough](https://www.youtube.com/watch?v=EUl3UlYSluU),
## Installation
-Slither requires Python >= 3.8. You can install it through pip or by using Docker.
+Slither requires Python >= 3.9. You can install it through pip or by using Docker.
Installing Slither through pip:
diff --git a/examples/flat/a.sol b/examples/flat/a.sol
index 4fa9c75490..6cd7ca3297 100644
--- a/examples/flat/a.sol
+++ b/examples/flat/a.sol
@@ -6,4 +6,4 @@ contract Example {
function reverts() external pure {
revert RevertIt();
}
-}
\ No newline at end of file
+}
diff --git a/examples/flat/b.sol b/examples/flat/b.sol
index edbd902256..36b0a976dd 100644
--- a/examples/flat/b.sol
+++ b/examples/flat/b.sol
@@ -13,4 +13,4 @@ contract T {
B b = B.a;
return 4;
}
-}
\ No newline at end of file
+}
diff --git a/examples/printers/authorization.sol b/examples/printers/authorization.sol
index a4b3617542..3baa3ba84b 100644
--- a/examples/printers/authorization.sol
+++ b/examples/printers/authorization.sol
@@ -20,6 +20,6 @@ contract MyContract is Owner{
function mint(uint value) onlyOwner public{
balances[msg.sender] += value;
- }
+ }
}
diff --git a/examples/printers/call_graph.sol b/examples/printers/call_graph.sol
index 182ccbf520..9dc92da300 100644
--- a/examples/printers/call_graph.sol
+++ b/examples/printers/call_graph.sol
@@ -31,4 +31,4 @@ contract ContractB {
function my_second_func_b(){
a.val();
}
-}
\ No newline at end of file
+}
diff --git a/examples/printers/call_graph.sol.dot b/examples/printers/call_graph.sol.dot
index 7232781809..5006a3c153 100644
--- a/examples/printers/call_graph.sol.dot
+++ b/examples/printers/call_graph.sol.dot
@@ -19,10 +19,10 @@ label = "ContractB"
}
subgraph cluster_solidity {
label = "[Solidity]"
-"keccak256()"
+"keccak256()"
"22_my_func_a" -> "keccak256()"
}
"22_my_func_a" -> "5_library_func"
"63_my_func_b" -> "22_my_func_a"
"63_my_second_func_b" -> "22_val"
-}
\ No newline at end of file
+}
diff --git a/examples/printers/constructors.sol b/examples/printers/constructors.sol
index 8450390323..7c223a3e74 100644
--- a/examples/printers/constructors.sol
+++ b/examples/printers/constructors.sol
@@ -4,7 +4,7 @@ contract test{
constructor()public{
a =5;
}
-
+
}
contract test2 is test{
constructor()public{
@@ -23,4 +23,4 @@ contract test3 is test2{
b=a;
}
-}
\ No newline at end of file
+}
diff --git a/examples/printers/evm.sol b/examples/printers/evm.sol
index 8ea86b9ddf..f5a829f280 100644
--- a/examples/printers/evm.sol
+++ b/examples/printers/evm.sol
@@ -1,7 +1,7 @@
pragma solidity >=0.4.24 <0.5.4;
contract Test {
-
+
function foo() public returns (address) {
address from = msg.sender;
return(from);
diff --git a/examples/printers/inheritances.sol b/examples/printers/inheritances.sol
index adda74ef7c..08b5f09c29 100644
--- a/examples/printers/inheritances.sol
+++ b/examples/printers/inheritances.sol
@@ -13,4 +13,4 @@ contract ChildContract2 is BaseContract1, BaseContract2{
}
contract GrandchildContract1 is ChildContract1{
-}
\ No newline at end of file
+}
diff --git a/examples/printers/inheritances_graph.sol b/examples/printers/inheritances_graph.sol
index 98aa298a16..6150a55f7d 100644
--- a/examples/printers/inheritances_graph.sol
+++ b/examples/printers/inheritances_graph.sol
@@ -18,4 +18,4 @@ contract C is A, B {
function f() public pure returns (uint) {
return 0;
}
-}
\ No newline at end of file
+}
diff --git a/examples/printers/inheritances_graph.sol.dot b/examples/printers/inheritances_graph.sol.dot
index 928841e7e4..ca966aee09 100644
--- a/examples/printers/inheritances_graph.sol.dot
+++ b/examples/printers/inheritances_graph.sol.dot
@@ -4,4 +4,4 @@ B[shape="box"label=<
B
C -> A [ label="1" ];
C -> B [ label="2" ];
C[shape="box"label=<
C
Public Functions:
f()
'g()' collides in inherited contracts A, B where B is chosen.
>];
-}
\ No newline at end of file
+}
diff --git a/examples/scripts/data_dependency.sol b/examples/scripts/data_dependency.sol
index b4baf5c090..6f2a0ff8d3 100644
--- a/examples/scripts/data_dependency.sol
+++ b/examples/scripts/data_dependency.sol
@@ -123,4 +123,4 @@ contract SimpleModifier {
require(intermediate);
_;
}
-}
\ No newline at end of file
+}
diff --git a/examples/scripts/functions_called.sol b/examples/scripts/functions_called.sol
index aba749a499..ab521bce7b 100644
--- a/examples/scripts/functions_called.sol
+++ b/examples/scripts/functions_called.sol
@@ -1,5 +1,5 @@
contract BaseContract{
-
+
function f1() public{
}
@@ -21,7 +21,7 @@ contract Contract is BaseContract{
function f2() public{
}
-
+
// not reached from entry_point
function f3() public{
diff --git a/examples/scripts/test_evm_api.sol b/examples/scripts/test_evm_api.sol
index 7e02a0228f..5b9d43bfb9 100644
--- a/examples/scripts/test_evm_api.sol
+++ b/examples/scripts/test_evm_api.sol
@@ -3,11 +3,11 @@ pragma solidity >=0.4.24 <0.5.4;
contract Test {
address owner;
-
+
constructor () public {
owner = msg.sender;
}
-
+
function foo() public returns (uint) {
uint i;
return(i+10);
diff --git a/examples/scripts/variable_in_condition.sol b/examples/scripts/variable_in_condition.sol
index 5f664bf4be..3a6f7bab23 100644
--- a/examples/scripts/variable_in_condition.sol
+++ b/examples/scripts/variable_in_condition.sol
@@ -11,7 +11,7 @@ contract Contract{
function call_require() public{
require(a==0);
}
-
+
function read_and_write() public{
a = a + 1;
}
diff --git a/slither/tools/demo/README.md b/slither/tools/demo/README.md
index 2ed90692cd..aa9b41f9f5 100644
--- a/slither/tools/demo/README.md
+++ b/slither/tools/demo/README.md
@@ -3,4 +3,3 @@
This directory contains an example of Slither utility.
See the [utility documentation](https://github.com/crytic/slither/wiki/Adding-a-new-utility)
-