Find Smart Contract Vulnerabilities with Slither

Рет қаралды 23,825

Күн бұрын

Slither is an easy to use security tool that finds potential security holes in your smart contracts. This video explains the basic usage of Slither.
#Slither #Security #SmartContract #Ethereum
Basic usage 1:05
Ignore previous warnings 3:14
Slither commands
github.com/t4s...
Example truffle project
github.com/t4s...
References
Slither
github.com/cry...
Follow on Twitter: @ProgrammerSmart / programmersmart
Join me on Discord: / discord
Website: smartcontractp...

Пікірлер: 50

@smartcontractprogrammer 3 жыл бұрын

Basic usage 1:05 Ignore previous warnings 3:14

@abhisheksinha9027 3 жыл бұрын

I started learning Slither just yesterday. Great to see you making videos on the same. Please also make videos on Echidna, mythril and writing fuzzers

@smartcontractprogrammer 3 жыл бұрын

Echidna - yes Mythril - maybe Symbolic execution tools are impractical to use on contracts that integrate with Defi :(

@prabhasrockstar 3 жыл бұрын

i got error installing slither in visulstudio code i got error PS C:\Users\subbaraju\Desktop\solidity-multi-sig-wallet-masters> pip3 install slither-analyzer pip3 : The term 'pip3' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + pip3 install slither-analyzer + ~~~~ + CategoryInfo : ObjectNotFound: (pip3:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException please help me

@salem232 3 жыл бұрын

💖 thanks a lot, awesome video !!! tagging it as handbook !!!

@giskalia3629 2 жыл бұрын

Sir, is another repo that we want to scan on slither must be clonned on same folder with slither folder?

@abhii5521 Жыл бұрын

i tried to use but it says slither not recognized as cmdlet function. How to solve it.

@ismailmoazami7586 2 жыл бұрын

Great tutorial. how to use slither in brownie project?

@luise6124 3 жыл бұрын

Hi! Great video! Could you please make a detailed video with the installation process? So far, I've installed the Python package and the Solidity compiler, however the tool isn't working

@smartcontractprogrammer 3 жыл бұрын

What error are you getting?

@luise6124 3 жыл бұрын

@@smartcontractprogrammer It's a compiler version error. The solidity compiler version I've is 0.8.2, the contracts i've developed are 0.5.3. However, when trying to targeting a different compiler version using solc-selec tool, this step cannot be performed. I guess I should download previous versions of the solidity compiler, but there is no clear documentation on how to do that (or I least I didn't find it)

@smartcontractprogrammer 3 жыл бұрын

@@luise6124 You can easily switch solidity using docker See here for the command, right below the header "hello-smart-contract-security-tools " github.com/t4sk/hello-smart-contract-security-tools#hello-smart-contract-security-tools

@luise6124 3 жыл бұрын

@@smartcontractprogrammer Exactly, I ended up using the same container. However, the original idea was running slither locally but didn't work at all (even developing 0.8.2 smart contracts)

@zes7215 2 жыл бұрын

no such thing as diffic or not

@GishStyle 3 жыл бұрын

what keyboard do you use? sounds beautiful

@smartcontractprogrammer 3 жыл бұрын

Samsung laptop

@bouncer2005 3 жыл бұрын

Do you plan to do any more videos on blockchain security ?

@smartcontractprogrammer 3 жыл бұрын

property based testing

@o.t.bharmonylimited1277 3 жыл бұрын

can you please make detailed video on how to validate contract that is already out in binance or etherium

@smartcontractprogrammer 3 жыл бұрын

ok. easy.

@o.t.bharmonylimited1277 3 жыл бұрын

@@smartcontractprogrammer thankssssss 🤗

@stebansb 3 жыл бұрын

What are the differences between slither and mythril?

@smartcontractprogrammer 3 жыл бұрын

slither is a smaller tool than mythril

@stebansb 3 жыл бұрын

@@smartcontractprogrammer thank you, you mean it detects less vulnerabilities?

@marcuskalman1606 2 жыл бұрын

I havent been on slither for a while and i tried to use ' slither . ' but i get traceback error: crytic_compile.platform.exceptions.InvalidCompilation: [WinError 2] The system cannot find the file specified. Anyone know the fix?

@abirdutta326 2 жыл бұрын

After installation of slither when I write slither . in my vs code terminal it says slither is not recognised. Can anyone help me please

@smartcontractprogrammer 2 жыл бұрын

run it from a terminal. VS terminal may not know where slither is installed

@abirdutta326 2 жыл бұрын

@@smartcontractprogrammer hey I am trying to run slither using cmd in the specified path, but still got the same error, but when I run pip3 show slither, it sucessfully showing all the details of slither that is installed in my PC. Why I am getting this error again n again?

@abirdutta326 2 жыл бұрын

btw my slither is installled in AppData in C drive but my project location is in D drive

@prabhasrockstar 3 жыл бұрын

this is windows platform or ubantu

@smartcontractprogrammer 3 жыл бұрын

both. just need python

@prabhasrockstar 3 жыл бұрын

ok but u show the video which platform windows

@software-sage 2 жыл бұрын

You may need to install `solc` on your machine before running those commands. See install here: docs.soliditylang.org/en/v0.8.9/installing-solidity.html

@0x0xxx08 2 жыл бұрын

If you have a Hardhat or Truffle, Ganache just call slither from your project root folder. I didn't install solc and have success.

@prabhasrockstar 3 жыл бұрын

@smartcontractprogrammer 3 жыл бұрын

Install pip3 for Windows

@prabhasrockstar 3 жыл бұрын

@@smartcontractprogrammer how to install pip3 on windows

@staminadaddy 2 жыл бұрын

@@prabhasrockstar Google it

@software-sage 2 жыл бұрын

If you are using some external libraries like @openzeppelin, you can clear the errors slither gives you by using the following command: `slither --solc-remaps @openzeppelin=node_modules/@openzeppelin`