Run Slither against our contracts

[sangier]

Slither is a static analyzer vulnerability detector.

This need to be done for all our solidity contract of this repo and of the sp1-ics07-tendermint

• [ ] Run the slither
• [ ] Triage false positive
• [ ] Apply recommendations

[gjermundgaraba]

@srdtrk, how do we want to run this? It is easy enough to add to the justfile to run locally, but do we also want this in the CI pipeline?

[sangier]

Mmm my recommendation would be to add it to the just file, but not to run in the CI, since it usually triggers some false positives.

[srdtrk]

we could start with only the justfile