Slither: A Static Analysis Framework for Smart Contracts

Feist, Josselin; Greico, Gustavo; Groce, Alex

doi:10.1109/wetseb.2019.00008

Cited by 461 publications

(260 citation statements)

References 7 publications

Supporting

Mentioning

196

Contrasting

Order By: Relevance

“…Tool URLs contractLarva [2] https://github.com/gordonpace/contractLarva E-EVM [33] https://github.com/pisocrob/E-EVM Echidna https://github.com/crytic/echidna Erays [44] https://github.com/teamnsrg/erays Ether [26] N/A Ethersplay https://github.com/crytic/ethersplay EtherTrust [19] https://www.netidee.at/ethertrust EthIR [1] https://github.com/costa-group/EthIR FSolidM [28] https://github.com/anmavrid/smart-contracts Gasper [9] N/A HoneyBadger [41] https://github.com/christoftorres/ HoneyBadger KEVM [21] https://github.com/kframework/evmsemantics MadMax [17] https://github.com/nevillegrech/MadMax Maian [32] https://github.com/MAIAN-tool/MAIAN Manticore [30] https://github.com/trailofbits/manticore/ Mythril [31] https://github.com/ConsenSys/mythril-classic Octopus https://github.com/quoscient/octopus Osiris [40] https://github.com/christoftorres/Osiris Oyente [27] https://github.com/melonproject/oyente Porosity [38] https://github.com/comaeio/porosity rattle https://github.com/crytic/rattle ReGuard [25] N/A Remix https://github.com/ethereum/remix SASC [43] N/A sCompile [6] N/A Securify [42] https://github.com/eth-sri/securify Slither [16] https://github.com/crytic/slither Smartcheck [39] https://github.com/smartdec/smartcheck Solgraph https://github.com/raineorshine/solgraph Solhint https://github.com/protofire/solhint SolMet [20] https://github.com/chicxurug/SolMet-Solidity-parser teEther [23] https://github.com/nescio007/teether Vandal [4] https://github.com/usyd-blockchain/vandal VeriSol [24] https://github.com/microsoft/verisol Zeus [22] N/A , developed by TrailOfBits, also uses symbolic execution to find execution paths in EVM bytecode that lead to reentrancy vulnerabilities and reachable self-destruct operations.…”

Section: # Toolsmentioning

confidence: 99%

“…Slither [16], developed by TrailOfBits, is a static analysis framework that converts Solidity smart contracts into an intermediate representation called SlithIR and applies known program analysis techniques such as dataflow and taint tracking to extract and refine information.…”

Section: # Toolsmentioning

confidence: 99%

“…Reproducibility is enabled by a benchmark containing smart contracts that other researchers can use off-the-shelf. There are just a few repositories of smart contracts available to the research community, such as VeriS-martBench 13 , evm-analyzer-benchmark-suite 14 , EthBench 15 , smartcontract-benchmark 16 , and not-so-smart-contracts 17 . These, however, are essentially collections of contracts and are not designed to enable reproducibility nor to facilitate comparison of research.…”

Section: Datasets and Repositoriesmentioning

confidence: 99%

See 2 more Smart Citations

Empirical review of automated analysis tools on 47,587 Ethereum smart contracts

Durieux

Ferreira

Abreu

et al. 2020

Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering

226

111

View full text Add to dashboard Cite

Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present an empirical evaluation of 9 state-of-theart automated analysis tools using two new datasets: i) a dataset of 69 annotated vulnerable smart contracts that can be used to evaluate the precision of analysis tools; and ii) a dataset with all the smart contracts in the Ethereum Blockchain that have Solidity source code available on Etherscan (a total of 47,518 contracts). The datasets are part of SmartBugs, a new extendable execution framework that we created to facilitate the integration and comparison between multiple analysis tools and the analysis of Ethereum smart contracts. We used SmartBugs to execute the 9 automated analysis tools on the two datasets. In total, we ran 428,337 analyses that took approximately 564 days and 3 hours, being the largest experimental setup to date both in the number of tools and in execution time. We found that only 42% of the vulnerabilities from our annotated dataset are detected by all the tools, with the tool Mythril having the higher accuracy (27%). When considering the largest dataset, we observed that 97% of contracts are tagged as vulnerable, thus suggesting a considerable number of false positives. Indeed, only a small number of vulnerabilities (and of only two categories) were detected simultaneously by four or more tools. CCS CONCEPTS • Software and its engineering → Software defect analysis; Software testing and debugging.

show abstract

Section: # Toolsmentioning

confidence: 99%

Section: # Toolsmentioning

confidence: 99%

Section: Datasets and Repositoriesmentioning

confidence: 99%

See 1 more Smart Citation

Empirical review of automated analysis tools on 47,587 Ethereum smart contracts

Durieux

Ferreira

Abreu

et al. 2020

Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering

226

111

View full text Add to dashboard Cite

show abstract

“…Slither is a static analysis framework written in Python 3 with dependencies on the Solidity Compiler (Solc) [ 55 ]. Slither uses a bundle of vulnerability detectors, printing the analysis results.…”

Section: Toolsmentioning

confidence: 99%

An Analysis of Smart Contracts Security Threats Alongside Existing Solutions

Vivar

Castedo

Orozco

et al. 2020

Entropy

View full text Add to dashboard Cite

Smart contracts have gained a lot of popularity in recent times as they are a very powerful tool for the development of decentralised and automatic applications in many fields without the need for intermediaries or trusted third parties. However, due to the decentralised nature of the blockchain on which they are based, a series of challenges have emerged related to vulnerabilities in their programming that, given their particularities, could have (and have already had) a very high economic impact. This article provides a holistic view of security challenges associated with smart contracts, as well as the state of the art of available public domain tools.

show abstract

“…Related Works. There is a surge of interest in analyzing and verifying smart contracts [32,12,24,28,26,9,25,31,21,44,20,22,38,36,4,34,43,19,30,35,29,23,46,14]. Some of the existing works focus on EVM [2,47] (Ethereum Virtual Machine).…”

Section: Introductionmentioning

confidence: 99%

A Generalized Formal Semantic Framework for Smart Contracts

Jiao

Lin

Sun

2020

Fundamental Approaches to Software Engineering

View full text Add to dashboard Cite

Smart contracts can be regarded as one of the most popular blockchain-based applications. The decentralized nature of the blockchain introduces vulnerabilities absent in other programs. Furthermore, it is very difficult, if not impossible, to patch a smart contract after it has been deployed. Therefore, smart contracts must be formally verified before they are deployed on the blockchain to avoid attacks exploiting these vulnerabilities. There is a recent surge of interest in analyzing and verifying smart contracts. While most of the existing works either focus on EVM bytecode or translate Solidity contracts into programs in intermediate languages for analysis and verification, we believe that a direct executable formal semantics of the high-level programming language of smart contracts is necessary to guarantee the validity of the verification. In this work, we propose a generalized formal semantic framework based on a general semantic model of smart contracts. Furthermore, this framework can directly handle smart contracts written in different high-level programming languages through semantic extensions and facilitates the formal verification of security properties with the generated semantics.

show abstract

Slither: A Static Analysis Framework for Smart Contracts

Cited by 461 publications

References 7 publications

Empirical review of automated analysis tools on 47,587 Ethereum smart contracts

Empirical review of automated analysis tools on 47,587 Ethereum smart contracts

An Analysis of Smart Contracts Security Threats Alongside Existing Solutions

A Generalized Formal Semantic Framework for Smart Contracts

Contact Info

Product

Resources

About