Static analysis of smart contracts to detect vulnerabilities

Hi there

Since season 4 projects have to be pushed to mainnet and professional audits cost between 5k-10k I thought I post here a tutorial on how to do a quick automated “audit” using a static analysis tool called slither.

So there are some companies out there that offer cheap code review and they usually use this tool, so you can do it yourself and it will identify some serious vulnerabilities like reentry.
It does not help to identify bad decisions but more like issues that can be automatically detected.

here is the github repo:

This is a tutorial for Linux and I use Ubuntu!
So if you use something else the commands may be different.

Install python3-pip
sudo apt install python3-pip

Install slither

pip3 install slither-analyzer

for me slither installed in /home/user/.local/bin

Your user name may be different.

So open bashrc and add a line to it, export the path

vim ~/.bashrc

export PATH=$PATH:/home/user/.local/bin

then close vim

source ~/.bashrc

Now you are ready to navigate to the root of your project, I use hardhat but works with other frameworks too. Run

slither .

Now you will see a lot of output. Go ahead and analyze it. Slither will detect some serious vulnerability issues like reentry. You will also get false positives.

This does not substitute a real audit conducted by a company but still will help with securing your application.

You can also run Slither with different flags to get different outputs


slither . --print human-summary

For a more readable output. Check out the docs in the source code for more!