Support Slither, a new static analyzer for Solidity

[cedoor]

Description

Slither is a Solidity & Vyper static analysis framework written in Python3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.

Links

• https://github.com/crytic/slither

[sripwoud]

@cedoor Do we also want to be available to run the slither checks locally via a yarn script? Right now #8 only runs the slither via the ci, and thanks to slither supporting SARIF, it uploads the results in the github code analysis section, see https://github.com/privacy-scaling-explorations/zk-kit.solidity/security/code-scanning?query=pr%3A8+is%3Aopen

Having support for slither locally is doable too but it is a bit more tricky to keep a nice dx at the same time: slither needs python tooling... we could just document the install but ideally I d like to make it error proof / automatic with npm postinstall hooks

[cedoor]

I agree with you. It would be nice but I'd keep the dev experience with these tools as simple as possible.

We could also use Faundry in the near future. Does it make sense to wait for it?

[sripwoud]

8 adds slither to the ci.

I can work on adding support for it locally in a separate PR. #10 Same for foundry #11