🌱Making your own detectors

Introduction

Slither, a static analysis tool for Smart Contracts, offers a variety of built-in detectors to identify vulnerabilities and code smells in your contracts. But why stop there? Building custom detectors can elevate the robustness and security of your Smart Contracts by tailoring the analysis to your specific needs and workflows. Let's delve into why and how you can create your own custom detectors.

Why Build a Custom Detector?

  1. Customization: Standard detectors cover general vulnerabilities and code issues. Creating a custom detector allows for a more tailored analysis aligned with your project’s specific requirements and coding conventions.

  2. Focused Analysis: Custom detectors can hone in on particular aspects or patterns in your code that generic detectors might overlook, ensuring that your contracts adhere to best practices specific to your use case.

  3. Automation: Automating the detection process for recurring, unique patterns or vulnerabilities in your code streamlines the development process, enhancing productivity and code quality.

Prerequisites

  • Python Knowledge: A foundational understanding of Python is essential since Slither's custom detectors are written in Python.

Getting Started: It's Easier Than You Think!

Building your own detector might seem daunting, but it’s a straightforward process with Slither. Here’s a simplified guide to getting you started:

  1. Environment Setup: Ensure you have a Python environment ready. You can easily manage it using virtual environments (venv or virtualenv).

  2. Install Slither: Install Slither

  3. Create Your Detector: Write a Python script for your custom detector. Here’s a basic template to help you start:

Detector Skeleton

The skeleton for a detector is:

from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification


class Skeleton(AbstractDetector):
    """
    Documentation
    """

    ARGUMENT = 'mydetector' # slither will launch the detector with slither.py --detect mydetector
    HELP = 'Help printed by slither'
    IMPACT = DetectorClassification.HIGH
    CONFIDENCE = DetectorClassification.HIGH

    WIKI = ''

    WIKI_TITLE = ''
    WIKI_DESCRIPTION = ''
    WIKI_EXPLOIT_SCENARIO = ''
    WIKI_RECOMMENDATION = ''

    def _detect(self):
        info = ['This is an example']
        res = self.generate_result(info)

        return [res]

  • ARGUMENT lets you run the detector from the command line

  • HELP is the information printed from the command line

  • IMPACT indicates the impact of the issue. Allowed values are:

    • DetectorClassification.OPTIMIZATION: printed in green

    • DetectorClassification.INFORMATIONAL: printed in green

    • DetectorClassification.LOW: printed in green

    • DetectorClassification.MEDIUM: printed in yellow

    • DetectorClassification.HIGH: printed in red

  • CONFIDENCE indicates your confidence in the analysis. Allowed values are:

    • DetectorClassification.LOW

    • DetectorClassification.MEDIUM

    • DetectorClassification.HIGH

  • WIKI constants are used to generate automatically the documentation.

_detect() needs to return a list of findings. A finding is an element generated with self.generate_result(info), where info is a list of text or contract's object (contract, function, node, ...)

An AbstractDetector object has the slither attribute, which returns the current Slither object.

Adding a custom detector to Slither involves a series of steps that integrate the detector within Slither’s analysis framework. Here's a detailed walkthrough to guide you through this process:

1. Creating a New Detector Directory:

  • In the detectors folder, create a new directory named after your detector, e.g., GasOptimization.

2. Adding Your Detector File:

  • Place your detector file inside the new directory you've created. For example, if your detector file is named OptimizeIncrement.py, it should be located at detectors/GasOptimization/OptimizeIncrement.py.

3. Initializing Your Detector Directory:

  • Inside your new detector directory (GasOptimization), create a file named __init__.py.

  • This file can be empty and serves to inform Python to treat the directory as a package or module.

4. Updating the all_detectors.py File:

  • Navigate to the all_detectors.py file located within the main detectors directory.

  • Import your custom detector by adding the following line:

    pythonCopy codefrom .GasOptimization.OptimizeIncrement import OptimizeIncrement

  • This inclusion ensures that Slither recognizes and loads your custom detector during execution.

5. Handling the pycache Directory:

  • You don't need to manually modify or interact with the __pycache__ directory.

  • This directory contains bytecode-compiled versions of Python files, automatically handled by Python to enhance execution performance.

6. Running Your Custom Detector:

  • With everything set up, you can run your custom detector by executing the following command:

    slither . --detect optimize-increment

  • This command instructs Slither to execute your custom detector, analyzing the smart contracts located within the current directory.

  • Or if you execute slither as normal, your new detecor will be included in the analysis slither . --detect optimize-increment

Conclusion

By following these instructions, you can seamlessly integrate a custom detector into Slither, allowing for specialized analysis of Solidity smart contracts in alignment with your specific objectives or focus areas. Ensure that the directory structures and file placements align correctly to facilitate smooth detection and analysis workflows.

PreviousLeveraging Custom Detectors from the Community: Spotlight on the pessimistic.io TeamNextOyente: Symbolic Execution Tool

Last updated