πExploring Slither's Tools and Printers: A Comprehensive Tutorial
Slither, a popular static analysis framework for Ethereum smart contracts, comes with an array of tools (plugins) and printers to enhance the analytical capabilities and output of its users. These additional features can offer quick reviews, detailed analysis, graphical representations, and various utilities to make the audit process more streamlined and informative. Letβs delve deep into what these tools and printers offer.
Printers
Printers in Slither provide various ways to represent and summarize the analysis results. They are mainly categorized into two:
1. Quick Review Printers:
human-summary:
Description: Prints a human-readable summary of the contracts.
Usage: Helps in getting a quick and clear understanding of the contractβs elements.
inheritance-graph:
Description: Exports the inheritance graph of each contract to a dot file.
Usage: Useful for visualizing contract inheritance relationships, making it easier to understand the overall architecture.
contract-summary:
Description: Prints a summary of the contracts.
Usage: Concisely displays contract information for a quick overview.
loc:
Description: Counts lines of code (LOC), source lines of code (SLOC), and comment lines of code (CLOC) in various file categories.
Usage: Helpful in assessing the code size and comment-to-code ratio, giving insights into code complexity and documentation.
2. In-Depth Review Printers:
call-graph:
Description: Exports the call-graph of the contracts to a dot file.
Usage: Enables a deep dive into function interactions, helping to trace function calls for detailed analysis.
cfg:
Description: Exports the Control Flow Graph (CFG) of each function.
Usage: Aids in understanding the flow of function executions, making the logical flow clearer.
function-summary:
Description: Prints a summary of the functions.
Usage: Provides concise function-related information, aiding in quick assessments and reviews.
vars-and-auth:
Description: Prints the state variables written and the authorization of the functions.
Usage: Useful in assessing function permissions and state variable modifications.
not-pausable:
Description: Prints functions that do not use the
whenNotPausedmodifier.Usage: Helps in identifying functions that might execute even when they shouldnβt in a paused state.
Running a Printer:
To run a printer, use the --print option followed by the printer name:
Tools (Plugins)
Tools or plugins in Slither are utilities that provide various functionalities, ranging from automatic test generation to code flattening.
slither-check-erc:
Description: Checks for ERC's conformance.
Features:
Verifies the presence of all required functions and events.
Checks the correctness of function return types and visibility.
Validates event parameter indexing and emissions.
Usage: Validates that contracts conform to ERC standards, ensuring compatibility and correctness.
slither-flat:
Description: Flattens a codebase.
Usage: Simplifies the code by merging it into a single file, aiding in code submission or readability.
slither-check-upgradeability, slither-prop, slither-format, slither-read-storage, slither-interface:
Descriptions and Usages: These tools offer various utilities such as reviewing delegatecall-based upgradeability, automatic unit test, and property generation, automatic patch generation, reading storage values from contracts, and generating interfaces for contracts.
Running a Tool:
To run a tool, you can usually execute it as a separate command:
Conclusion
Leveraging Slither's printers and tools can greatly enhance your smart contract analysis process, providing both quick overviews and in-depth insights. It facilitates various types of analysis such as control flow analysis, function call tracing, and conformance checking against established standards like ERC. By understanding and utilizing these additional features, you can make your smart contract auditing more efficient, detailed, and informative.
Last updated