Slither is a powerful static analysis framework for Solidity and Vyper smart contracts, created by trail of bits and written in Python. It provides comprehensive tools for identifying vulnerabilities, understanding contract structures, and prototyping custom analyses.
Beyond Security Audits: Analyzing Smart Contracts with Slither
Slither's utility extends beyond vulnerability detection. While most users leverage Slither for security audits, it also offers valuable insights that can be visualized to enhance your understanding of smart contract architecture. By leveraging its output, you can analyze the desired smart contract.
When Slither analyzes a Solidity project, it constructs an abstract representation of the code by identifying and cataloging all the contracts and their components. Each contract is represented as a node in the tree. For example, if a contract Token inherits from another contract ERC20, Token and ERC20 become nodes in this tree, with an edge connecting Token to ERC20 to indicate inheritance. This relationship helps visualize how contract functionality is built upon or extended.
Furthermore, Slither enriches each node with valuable metadata. For instance, nodes corresponding to functions might include details about their visibility (e.g., public, external), mutability (e.g., view, pure), and whether they modify the contract state. This information is critical for understanding the contract’s behavior and security characteristics. For example, a function node for transfer in a Token contract will include its function signature, visibility, and any security annotations, such as whether it is subject to reentrancy attacks or has access control modifiers.
Example: Visualizing Contract Inheritance
One powerful way to utilize Slither is by visualizing the inheritance structure of your smart contracts. This can help you understand how different contracts are related and identify potential issues with contract composition.
Here’s a python script that create a visual graph of your protocol’s smart contracts inheritance:
Let’s use it step-by-step:
For this example we will be using https://github.com/OlympusDAO/olympus-contracts
- Before running the script, ensure you have the python installed:
- Python (>= 3.6)
- Clone this repository
- Install required Python packages
- Change the target_path variable to the path to your protocol
- Run script
Extract Contract Data
Use Slither’s Python API or JSON output to extract contract details.
Example Chart output:
The full chart can be found here
Slither provides more than just inheritance data. You can also create charts for functions, modifiers, and other aspects of your smart contracts.
Conclusion
Slither is not only a tool for detecting vulnerabilities but also a powerful framework for gaining deeper insights into your smart contracts. By leveraging its output, you can create various charts and visualizations that provide a clearer understanding of contract structures, relationships, and metrics. Whether you're analyzing contract inheritance or visualizing function metrics, Slither offers a wealth of information to enhance your development and analysis workflows.
Additional links
- https://github.com/spherex-xyz/slither-inheritance-chart
- Trail of bits homepage
- Slither github repo
- Slither unveiling blogpost
Conclusion
About the author
Shira has over 6 years of experience in software development. Before joining spherex, Shira served in an elite Israeli intelligence unit leading teams in software development.
