Welcome! We are the pessimistic.io team, and in recent months we have been actively developing our own Slither detectors to help with code review and audit process. This repository contains everything you may require to work with them!
We increased the sensitivity of our detectors since they are quite straightforward and not written in the "original style." As a result, they produce FPs (False Positives) more frequently than original ones. So that, our detectors are a kind of automation of the checks implemented in the checklist, their main purpose is to look for issues and assist the code auditor.
Please let us know if you have discovered an issue/bug/vulnerability via our custom Slither detectors. You may contact us via opening a PR/Issue or directly, whichever is more convenient for you. If you have any further questions or suggestions, please join our Discord Server or Telegram chat! We hope to see you there, and we intend to support the community and its initiatives!
Section | Link |
---|---|
Docs | Docs for each detector |
Slitherin | Detectors code |
Tests | Test contracts for detectors |
Utils | Auxiliary files |
Issues | Suggest an idea |
Installation Process | Step-by-Step guide |
Detectors | Detectors table |
Enhancements & New Detectors | Project Improvements |
To install Pessimistic Detectors:
python3 setup.py develop
Keep in mind that you don't have to reinstall the plugin after changes in the repository!
npm install
pip install slitherin
pipx install slitherin
echo -e "# Slitherin with pipx\nexport PATH=\"\$PATH:/home/$USER/.local/pipx/venvs/slitherin/bin\"\n" >> ~/.bashrc \
&& source ~/.bashrc
Use Slitherin-cli to run detectors on a Hardhat/Foundry/Dapp/Brownie application. You have the following options:
slitherin . --pess
slitherin . --slither
slitherin . --separated
slitherin . --arbitrum
Keep in mind that Slitherin-cli supports all Slither run options.
Slither
Slitherin detectors are included into original Slither after the installation. You can use Slither as usual.
Please note:
*Valid - issues included in reports and fixed by developers (January 2023 - June 2023).
There are two detectors which have several checks inside: pess-uni-v2 and arbitrary-call.
Here we indicate our updates, workflows and mark completed tasks and improvements!
You can add your own detector/idea/enhancement by opening the Issue at the following link.
Prior to adding a custom detector, ensure that:
Prior to adding an idea, ensure that:
Prior to adding an enhancement, ensure that:
Our team would like to express our deepest gratitude to the Slither tool creators: Josselin Feist, Gustavo Grieco, and Alex Groce, as well as Crytic, Trail of Bits' blockchain security division, and all the people who believe in the original tool and its evolution!
Slitherin in mass media
Pessimistic delivers trusted security audits since 2017. \ Require expert oversight of your safety? \ Explore our services at pessimistic.io.
#