Make sure nix is installed and that nix-command and flakes features are enabled. The Determinate Systems nix-installer will automatically enable these features and is the recommended approach. If nix is already installed without these features enabled, you can run the following commands to enable them.
mkdir -p ~/.config/nix
echo 'experimental-features = nix-command flakes' > ~/.config/nix/nix.conf
Once you have nix installed, you can run the following to use slither without installing anything globally; like a single-serving virtualenv. The first time this is run, it will take time as slither's dependencies (eg crytic-compile) are downloaded and the project is built, but subsequent runs will execute almost instantly without requiring any further downloads. More info re nix run.
nix run git+ssh://[email protected]/crytic/crytic.nix#slither -- --help
You can use the following just command to install slither globally via your nix profile. This installation is hooked up to a new copy of required dependencies, so it'll take care of the crytic-compile dependency w/out any risk of conflict w an existing global crytic-compile installation.
just install slither
You can also build the slither executable and run it directly.
just build slither && ./result/bin/slither --help
Supported tools:
- cloudexec
- crytic-compile
- echidna
- medusa
- slither
- solc-select
- vscode (including weaudit, sarif explorer, and other generic extensions that are helpful for auditors)
This crytic.nix flake, when used as an input to an "audit toolbox" flake in your audit repository, provides 2 collections of utilities:
crytic.packages.${system}.supported-tool: the default version of some supported tool, as specified by the flake in this repo.crytic.lib.${system}.mkSupportedTool: a function that generates some supported tool from inputs such as acommitHash,version, and instances of each crytic dependency.
Usage in an audit repo might look something like the following:
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs";
utils.url = "github:numtide/flake-utils";
foundry.url = "github:shazow/foundry.nix/monthly";
crytic.url = "github:crytic/crytic.nix";
crytic.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs: with inputs;
utils.lib.eachDefaultSystem (system: let
pkgs = import nixpkgs { inherit system; overlays = [ foundry.overlay ]; };
# Use a specific commit of crytic compile that has some hotfix or extra debug logs
crytic-compile = crytic.lib.${system}.mkCryticCompile {
commitHash = "0e5457afa28723fb39c419c4d0e3e2097d4235a8";
version = "PR411"; # human-readable label eg which PR this commit is from
};
in rec {
devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [
# misc dev deps from nixpkgs
yarn
foundry-bin
# crytic audit tools
crytic.packages.${system}.solc-select
crytic-compile
# use our custom version of crytic-compile in slither
(crytic.lib.${system}.mkSlither {
inherit crytic-compile;
})
crytic.packages.${system}.echidna
crytic.packages.${system}.medusa
(crytic.lib.${system}.mkVscode {
extensions = with pkgs.vscode-extensions; [
vscodevim.vim # Add more vscode extensions like so
];
})
];
};
}
);
}The above flake provides a development environment for auditing which includes:
- yarn + foundry for building/testing smart contracts. A specific version of foundry could be set by pinning the foundry input.
- the default version of solc-select, echidna, and medusa.
- a specific commit of crytic-compile, tagged with a human-readable version label
- the default version of slither but using our custom crytic-compile as a dependency