Back to Course

3. Advanced Course

0% Complete
0/0 Steps
  1. 1. What is Taproot?
  2. 2. Blockchain bridges – what are they?
  3. 3. What is Ethereum Plasma?
  4. 4. What is Ethereum Casper?
  5. 5. What is Zk-SNARK and Zk-STARK? 
  6. 6. What is Selfish Mining? 
  7. 7. What is spoofing in the cryptocurrency market? 
  8. 8. Schnorr signatures - what are they? 
  9. 9. MimbleWimble - what is it? 
  10. 10. What is digital property rights in NFT?
  11. 11. What are ETFs and what role do they play in the cryptocurrency market? 
  12. 12. How to verify a cryptocurrency project – cryptocurrency tokenomics 
  13. 13. What is the 51% attack on blockchain?
  14. 14. What is DAO, and how does it work?
  15. 15. Zero-knowledge proof – a protocol that respects privacy 
  16. 16. What is EOSREX?
  17. 17. What is Proof of Elapsed Time (PoET)?
  18. 18. Mirror Protocol – what it is? 
  19. 19. What are synthetic assets? 
  20. 20. How to create your own NFT? 
  21. 21. Definition of DeFi, and what are its liquidations?
  22. 22. New identity system - Polygon ID
  23. 23. Ethereum Foundation and the Scroll protocol - what is it?
  24. 24. What is Byzantine fault tolerance in blockchain technology?
  25. 25. Scalability of blockchain technology - what is it?
  26. 26. Interchain Security - new Cosmos (ATOM) protocol
  27. 27. Coin Mixing vs. Coin Join - definition, opportunities, and threats
  28. 28. What is Ethereum Virtual Machine (EVM) and how does it work?
  29. 29. Soulbound Tokens - what are they, and how do they work?
  30. 30. Definition of LIDO - what is it?
  31. 31. What are Threshold Signatures, and how do they work?
  32. 32. Blockchain technology and cyberattacks.
  33. 33. Bitcoin script - what it is, and what you should know about it.
  34. 34. What is zkEVM, and what are its basic features?
  35. 35. Do confidential transactions on blockchain exist? What is a Confidential Transaction?
  36. 36. Algorithmic stablecoins - everything you should know about them.
  37. 37. Polygon Zk Rollups ZKP - what should you know about it?
  38. 38. What is Web3 Infura?
  39. 39. Mantle - Ethereum L2 scalability - how does it work?
  40. 40. What is the NEAR Rainbow Bridge?
  41. 41. Liquid Staking Ethereum and LSD tokens. What do you need to know about it?
  42. 42. Top 10 blockchain oracles. How do they work? How do they differ?
  43. 43. What are Web3.js and Ether.js? What are the main differences between them?
  44. 44. What is StarkWare, and recursive validity proofs
  45. 45. Quant Network: scalability of the future
  46. 46. Polygon zkEVM - everything you need to know
  47. 47. What is Optimism (OP), and how do its roll-ups work?
  48. 48. What are RPC nodes, and how do they work?
  49. 49. SEI Network: everything you need to know about the Tier 1 solution for DeFi
  50. 50. Types of Proof-of-Stake Consensus Mechanisms: DPoS, LPoS and BPoS
  51. 51. Bedrock: the epileptic curve that ensures security!
  52. 52. What is Tendermint, and how does it work?
  53. 53. Pantos: how to solve the problem of token transfer between blockchains?
  54. 54. What is asymmetric encryption?
  55. 55. Base-58 Function in Cryptocurrencies
  56. 56. What Is the Nostr Protocol and How Does It Work?
  57. 57. What Is the XDAI Bridge and How Does It Work?
  58. 58. Solidity vs. Rust: What Are the Differences Between These Programming Languages?
  59. 59. What Is a Real-Time Operating System (RTOS)?
  60. 60. What Is the Ethereum Rinkeby Testnet and How Does It Work?
  61. 61. What Is Probabilistic Encryption?
  62. 62. What is a Pinata in Web 3? We explain!
  63. 63. What Is EIP-4337? Will Ethereum Account Abstraction Change Web3 Forever?
  64. 64. What are smart contract audits? Which companies are involved?
  65. 65. How does the AirGapped wallet work?
  66. 66. What is proto-danksharding (EIP-4844) on Ethereum?
  67. 67. What is decentralised storage and how does it work?
  68. 68. How to Recover Cryptocurrencies Sent to the Wrong Address or Network: A Practical Guide
  69. 69. MPC Wallet and Multilateral Computing: Innovative Technology for Privacy and Security
  70. 70. Threshold signature in cryptography: an advanced signing technique!
  71. 71. Vanity address in cryptocurrencies: what is it and what are its characteristics?
  72. 72. Reentrancy Attack on smart contracts: a threat to blockchain security!
  73. 73. Slither: a static analyser for smart contracts!
  74. 74. Sandwich Attack at DeFi: explanation and risks!
  75. 75. Blockchain RPC for Web3: A key technology in the world of decentralized finance!
  76. 76. Re-staking: the benefits of re-posting in staking!
  77. 77. Base: Evolving cryptocurrency transactions with a tier-2 solution from Coinbase
  78. 78. IPFS: A new era of decentralized data storage
  79. 79. Typical vulnerabilities and bridge security in blockchain technology
  80. 80. JumpNet - Ethereum's new sidechain
3. Advanced Course 73. Slither: a static analyser for smart contracts!
Lesson 73 of 80
In Progress

73. Slither: a static analyser for smart contracts!

Smart contractshave become a key component of the cryptocurrency and blockchain ecosystem. However, due to their complexity, smart contracts are prone to errors and security risks.

This is why tools such as Slither are invaluable in providing security and reliability for smart contracts. In today’s lesson, we’ll look at exactly how Slither works and what benefits it brings to developerssmart contracts.

What is Slither? Definition of static safety analyser

Slither is a static security analyser for intelligent contracts. It was developed in 2018 by Trial of Bits.

According to what we read on the official site, Slither is a framework for static analysis of the Solidity language. It is written in Python 3 and runs a set of vulnerability detectors. In addition, it provides information about the details of a given contract and provides an API, making it easy to write detailed analyses.

By using Sliter, developers can easily find security gaps, improve code and prototype custom analyses even faster.

In its current form, Slither is used for the following tasks:

  1. Automatically detects security vulnerabilities without user intervention.
  2. Automatically detects optimisations of a given smart contract. We are talking about optimisations of code that are ignored by compilers.
  3. Slither summarises the information about the contracts in question in detail and facilitates analysis of the code base concerned.
  4. Users can interact with Slither through its API.
  5. Slither is the first framework, designed to analyse static open-source for Solidity.

What is a static analysis?

This is one method of code analysis that aims to examine the source code, without executing it. Static analysis aims to identify potential problems and vulnerabilities by analysing the structure, syntax and logic of the code.

Static analysis does not interfere with the code and provides insight into potential gaps in the code before implementation. It is therefore the opposite of dynamic analysis.

How does Slither work?

The software works as an integration of the Slither core and the intelligent contract vulnerability detection system. In practice, it works in several steps that result in a thorough analysis of the source code of a given smart contract. These are:

  1. AST (Abstract Syntax Tree) analysis.

Slither starts analysing the source code of a given smart contract by creating its syntax tree (AST). An AST is a data structure that represents the source code of a given smart contract, allowing its analysis and the relationships between its elements.

  1. Rule analysis.

Slither uses a set of predefined analysis rules that are run on AST of the source code. These rules cover various aspects of analysis, such as finding potential errors, coding conventions, and identifying variables and functions.

  1. Detection of risks

Slither identifies potential bugs and risks associated with the source code of a smart contract. These can be security risks, such as vulnerabilities, or general performance and code design issues.

  1. Report generation

Once the analysis is complete, Slither generates a report containing the results of the analysis along with a description of potential errors and suggestions for possible solutions. This report helps developers to understand where potential risks lie and how they can be resolved.

  1. Amendments and tests

Based on the Slither report, developers can make corrections to the code of a given smart contract. After the changes have been made, it is advisable to run the verification again to check that the issues have been resolved and that the code works correctly.

How do I use the Slither software?

If you want to scan your intelligent contracts for security vulnerabilities, enter the directory where the smart contracts are located. Then run the “slither” command.

Executing this command will instruct the software to analyse all intelligent contracts files in a given directory. Slither will perform a static analysis of the code and generate a report that will include all the security vulnerabilities it has identified. It will also suggest optimisation of the code in question.

The report thus generated is a treasure trove of knowledge for developers. With it, appropriate action can be taken to minimise potential risks. In this case, it is important to remember that Slitheranalysis is admittedly a detailed analysis, but it should always be supplemented by a manual code review. Just to be safe.

Using Slither analysis is an important step in the process of securing smart contracts. To make them fully secure, you need to take a more comprehensive approach to this, which includes regular audits, bug bounty programmes and updates.

What role does Slither play in the development of smart contracts?

It is an invaluable tool in the process of creating intelligent contracts. With this software, developers can detect and eliminate security vulnerabilities in a contract early on.

Interesting fact: Before auditing intelligent contracts in a given company, it is recommended that all security vulnerabilities are first detected using Slither.

Benefits of using Slither

First and foremost, security. Slither helps identify potential vulnerabilities of a given contract to attacks and bugs, related to security, allowing them to be fixed before the smart contract is implemented.

The second benefit is improved code quality. The analysis performed with Slither helps to improve the quality of the source code, by indicating coding conventions and potential optimisation.

Slither saves time. Early code analysis allows problems to be solved early in development. This saves time and resources to fix bugs already at the smart contract stage.

The software is also a tool that improves audits. For those responsible for these functions, Slither facilitates code analysis and identifies potential risks.

Summary

Slither is a powerful static analysis tool for smart contracts. It works by analysing the source code, detects potential bugs and risks and generates a report. Using Slither is an invaluable aid in ensuring the security and reliability of smart contracts, which is extremely important in the blockchainecosystem.

Developers and auditors should strongly consider using it in their work to minimise risk and ensure the quality of their projects.

Complete today’s lesson!

  1. Smart Contracts – what are they?
  2. What are smart contract audits?