Skip to content
Feist Josselin edited this page Apr 5, 2019 · 34 revisions

Usage

How to run Slither

Truffle

To run Slither on a Truffle directory:

slither .

Use --truffle-ignore-compile to not run truffle compile with Slither.

Use --truffle-version [email protected] to use a specific version of Truffle. For example:

slither . --truffle-version [email protected]

Will run Slither with the latest 0.4 Truffle (through npx).

Use --truffle-build-directory to specify a custom build directory.

Embark

To run Slither on a Embark directory, on the first run, use:

slither . --embark-overwrite-config

It will:

Following runs will not need the --embark-overwrite-config flag (slither .).

Alternatively, you can do those two steps manually, and run slither .

Use --embark-ignore-compile to not run embark build --contracts with Slither.

solc

To run Slither from a Solidity file:

slither file.sol

By default solc is used. To use another version, use:

slither file.sol --solc /path/to/solc

AST file

To run Slither on a AST file generated by solc, run:

slither file.ast.json

Options

  • To disable the solc warnings: --disable-solc-warnings
  • To disable the output colorization: --disable-color
  • To export the result to a json file: --json file.json

Detectors selection

By default, slither run all the detectors.

To run only selected detectors, use --detect detector1,detector2. For example:

slither file.sol --detect arbitrary-send,pragma

To exclude detectors, use --exclude detector1,detector2. For example:

slither file.sol --exclude naming-convention,unused-state,suicidal

To exclude detectors with an informational or low severity, use --exclude-informational or --exclude-low.

--list-detectors lists available detectors.

Printers selection

By default, no printer are run.

To run selected printers, use --print printer1,printer2. For example:

slither file.sol --print inheritance-graph

--list-printers lists available printers.

Path filtering

--filter-paths path1,path2 will exclude all the results that are only related to path1 and path2. The path specified can be a path directory or a filename. It is used as a direct text comparison, and there is no regular expression supported.

Examples:

slither . --filter-paths openzepellin

Filter all the results only related to openzepellin.

slither . --filter-paths SafeMath.sol

Filter all the results only related to the file SafeMath.sol.

Triage mode

--triage-mode run slither in its triage mode. For every finding, Slither will ask if the result should be shown for the next run. Results are saved in slither.db.json.

Examples:

slither . --triage-mode
[...]
0: C.destination (test.sol#3) is never initialized. It is used in:
	- f (test.sol#5-7)
Reference: https://github.com/trailofbits/slither/wiki/Vulnerabilities-Description#uninitialized-state-variables
Results to hide during next runs: "0,1,..." or "All" (enter to not hide results):  0
[...]

The second run of Slither will hide the above result.

To show the hidden results again, delete slither.db.json.

Configuration File

Some options can be set through a json configuration file. By default, slither.conf.json is used if present (it can be changed through --config-file file.conf.json).

If an option is set by the configuration file and the command line, the command line option is selected;

The following flags are supported:

{
    "detectors_to_run": "detector1,detector2",
    "printers_to_run": "printer1,printer2",
    "detectors_to_exclude": "detector1,detector2",
    "exclude_informational": false,
    "exclude_low": false,
    "exclude_medium": false,
    "exclude_high": false,
    "solc": "solc",
    "solc_args": "",
    "disable_solc_warnings": false,
    "json": "",
    "truffle_build_directory": "custom/path",
    "truffle_version": "[email protected]",
    "disable_color": false,
    "filter_paths": "file1.sol,file2.sol",
    "ignore_truffle_compile": false,
    "legacy_ast": false
}

IDE integrations