Making your own detectors
Last updated
Last updated
Slither, a static analysis tool for Smart Contracts, offers a variety of built-in detectors to identify vulnerabilities and code smells in your contracts. But why stop there? Building custom detectors can elevate the robustness and security of your Smart Contracts by tailoring the analysis to your specific needs and workflows. Let's delve into why and how you can create your own custom detectors.
Customization: Standard detectors cover general vulnerabilities and code issues. Creating a custom detector allows for a more tailored analysis aligned with your projectβs specific requirements and coding conventions.
Focused Analysis: Custom detectors can hone in on particular aspects or patterns in your code that generic detectors might overlook, ensuring that your contracts adhere to best practices specific to your use case.
Automation: Automating the detection process for recurring, unique patterns or vulnerabilities in your code streamlines the development process, enhancing productivity and code quality.
Python Knowledge: A foundational understanding of Python is essential since Slither's custom detectors are written in Python.
Building your own detector might seem daunting, but itβs a straightforward process with Slither. Hereβs a simplified guide to getting you started:
Environment Setup: Ensure you have a Python environment ready. You can easily manage it using virtual environments (venv
or virtualenv
).
Install Slither: Install Slither
Create Your Detector: Write a Python script for your custom detector. Hereβs a basic template to help you start:
The skeleton for a detector is:
ARGUMENT
lets you run the detector from the command line
HELP
is the information printed from the command line
IMPACT
indicates the impact of the issue. Allowed values are:
DetectorClassification.OPTIMIZATION
: printed in green
DetectorClassification.INFORMATIONAL
: printed in green
DetectorClassification.LOW
: printed in green
DetectorClassification.MEDIUM
: printed in yellow
DetectorClassification.HIGH
: printed in red
CONFIDENCE
indicates your confidence in the analysis. Allowed values are:
DetectorClassification.LOW
DetectorClassification.MEDIUM
DetectorClassification.HIGH
WIKI
constants are used to generate automatically the documentation.
_detect()
needs to return a list of findings. A finding is an element generated with self.generate_result(info)
, where info
is a list of text or contract's object (contract, function, node, ...)
An AbstractDetector
object has the slither
attribute, which returns the current Slither
object.
Adding a custom detector to Slither involves a series of steps that integrate the detector within Slitherβs analysis framework. Here's a detailed walkthrough to guide you through this process:
1. Creating a New Detector Directory:
In the detectors
folder, create a new directory named after your detector, e.g., GasOptimization
.
2. Adding Your Detector File:
Place your detector file inside the new directory you've created. For example, if your detector file is named OptimizeIncrement.py
, it should be located at detectors/GasOptimization/OptimizeIncrement.py
.
3. Initializing Your Detector Directory:
Inside your new detector directory (GasOptimization
), create a file named __init__.py
.
This file can be empty and serves to inform Python to treat the directory as a package or module.
4. Updating the all_detectors.py File:
Navigate to the all_detectors.py
file located within the main detectors
directory.
Import your custom detector by adding the following line:
This inclusion ensures that Slither recognizes and loads your custom detector during execution.
5. Handling the pycache Directory:
You don't need to manually modify or interact with the __pycache__
directory.
This directory contains bytecode-compiled versions of Python files, automatically handled by Python to enhance execution performance.
6. Running Your Custom Detector:
With everything set up, you can run your custom detector by executing the following command:
This command instructs Slither to execute your custom detector, analyzing the smart contracts located within the current directory.
Or if you execute slither as normal, your new detecor will be included in the analysis slither . --detect optimize-increment
By following these instructions, you can seamlessly integrate a custom detector into Slither, allowing for specialized analysis of Solidity smart contracts in alignment with your specific objectives or focus areas. Ensure that the directory structures and file placements align correctly to facilitate smooth detection and analysis workflows.