Slither is an open-source static analysis framework for Solidity smart contracts developed and maintained by Trail of Bits — one of the most respected smart contract security firms in the industry. Slither analyzes contract code by parsing the Solidity compiler’s intermediate representations (Solidity AST and SlithIR, Slither’s own IR) without actually executing the code, enabling it to detect vulnerability patterns across the entire codebase in seconds. It ships with 80+ built-in detectors covering common vulnerability classes: reentrancy, integer arithmetic issues, uninitialized variables, access control flaws, dangerous delegatecall patterns, front-running susceptibility, and many more — categorized by confidence (high/medium/low) and impact (high/medium/low/informational). Beyond vulnerability detection, Slither provides code understanding tools: call graph generation (which function calls which), inheritance hierarchy visualization, and function reachability analysis. Slither is free, open-source, and runs locally — making it the standard first-pass security tool for Solidity developers. All major audit firms use Slither as part of their toolchain, and it integrates easily into GitHub Actions for automated security scanning on every pull request.
Running Slither
“`bash
pip install slither-analyzer
# Basic analysis
slither . # analyze current directory
slither contracts/Token.sol # single file
slither . –detect reentrancy-eth # specific detector only
slither . –exclude-dependencies # skip node_modules/lib
# Output formats
slither . –json output.json # machine-readable output
slither . –sarif output.sarif # SARIF format for GitHub
# Filtering
slither . –filter-paths “test|mock” # exclude test files
slither . –triage-mode # interactive triage
“`
Key Detectors
| Detector | Impact | What it finds |
|---|---|---|
reentrancy-eth |
High | ETH reentrancy (Checks-Effects-Interactions violation) |
reentrancy-no-eth |
Medium | Token reentrancy |
uninitialized-storage |
High | Uninitialized storage pointer |
arbitrary-send-eth |
High | Arbitrary ETH transfer control |
controlled-delegatecall |
High | Delegatecall with user-controlled data |
access-control |
High | onlyOwner missing on sensitive functions |
integer-overflow |
Medium | Pre-0.8.0 arithmetic overflow |
tx-origin |
Medium | tx.origin used for auth |
shadowing |
Low | Variable shadowing |
events-maths |
Info | No event on state changes |
Printers (Code Understanding)
“`bash
slither . –print call-graph # function call graph (dot format)
slither . –print inheritance # contract inheritance tree
slither . –print contract-summary # quick overview of all contracts
slither . –print human-summary # human-readable summary
slither . –print variable-order # storage layout
“`
CI Integration (GitHub Actions)
“`yaml
- name: Run Slither
uses: crytic/slither-action@v0.3.0
with:
target: ‘.’
slither-args: ‘–exclude-dependencies’
fail-on: high
“`
Limitations
- False positives: Slither cannot understand business logic — flags suspicious patterns regardless of intent
- No execution: Cannot detect runtime-specific bugs that only appear with specific state/inputs
- Proxy complexity: Upgradeable proxies and complex inheritance can confuse detectors
- Not a replacement for manual audit: Catches pattern-based bugs; misses logic errors
Related Terms
Sources
- “Slither: A Static Analysis Framework for Smart Contracts” — Trail of Bits / Feist et al. (2019). The original academic paper introducing Slither — describing the SlithIR intermediate representation, the detector architecture, the printer system, and evaluation results showing Slither’s detection accuracy vs. false positive rate across a corpus of Ethereum mainnet contracts.; confidence levels: high: highly likely to be real bug; medium: possible bug, needs review; low: code quality issue; informational: best practice violation; impact levels: high: vulnerability that can lead to fund loss; medium: vulnerability with limited impact; low: code quality; informational: style; analysis: Slither builds: call graph (CFG) across all contracts; dominator tree for control flow analysis; data flow analysis: def-use chains; taint tracking: which variables depend on user input; evaluation results (2019 corpus of 1,395 Ethereum contracts): reentrancy detector: precision: 90%, recall: 86%; uninitialized storage: precision: 85%, recall: 95%; comparison: Oyente (competing tool, 2016): reentrancy: 64% precision, 55% recall; Slither significantly better; Slither speed: 1,395 contracts analyzed in 22.7 seconds; Oyente: 69.2 seconds for same corpus; 3× faster; conclusion: SlithIR enables both precision and speed; the detector architecture allows incremental improvement; Slither became the standard precisely because it’s faster, more accurate, and extensible than alternatives.]
- “Slither in Practice: Common Findings and False Positive Management” — ConsenSys Diligence / Audit Reports Survey (2022). Analysis of Slither findings across 50+ professional DeFi audits — identifying which detectors produce the most actionable findings, how to configure Slither to minimize false positives, and how audit firms integrate Slither into their workflows.
- “Custom Slither Detectors: Writing Protocol-Specific Security Checks” — Trail of Bits / Ethereum Security (2022). Developer guide to writing custom Slither detectors — explaining the detector API, SlithIR operations, data flow queries, and practical examples of protocol-specific detectors written for common DeFi vulnerability patterns.; contract iteration: for contract in self.contracts: for function in contract.functions: # analyze function; slithIR access patterns: for node in function.nodes: for ir in node.irs: if isinstance(ir, HighLevelCall): # function call detected; data flow queries: data flow graph: function.slithir_ssa_cfg; taint analysis: slither-analyze: variables.read: all vars a node reads; variables.written: all vars a node writes; uses_default_value() for uninitialized; practical detector examples: Detector 1: “State variable written after external call”: for each function: find all SolidityCall/HighLevelCall nodes; check if any state variable written after external call → potential reentrancy; Detector 2: “Unapproved ERC20 access pattern”: for each ERC20 transferFrom call: check if matching approve call exists in contract → might need approval; Detector 3: Custom access control: for specific admin functions in client protocol: verify all callers go through onlyRole modifier; pattern: check that no path to sensitive function exists without role check; running custom detectors: slither . –detect-custom path/to/detector.py; or: slither . –detectors-path ./custom_detectors/ –detect my_detector; CI integration: add custom detectors to GitHub Actions alongside built-in detectors; practical examples from production audits: Yearn-specific detector: “Strategy harvest() must call emergencyExit check”: found 2 strategies missing the check; Uniswap-specific: “Pool callbacks must verify pool address”: caught missing pool verification; conclusion: custom detectors are where professional audit firm value lies; built-in detectors catch generic patterns; custom detectors encode protocol-specific invariants; recommended: audit clients write custom detectors for their protocol-specific assumptions as part of the audit engagement.]
- “CI/CD Security Scanning with Slither and GitHub Actions” — Ethereum Foundation / Security Practices (2022-2023). Guide to integrating Slither into automated CI/CD pipelines — covering the crytic/slither-action GitHub Action, SARIF output formatting for GitHub Security tab integration, failure thresholds (fail only on high impact), and how automated scanning reduces the attack surface before code reaches production.
- “Slither vs. Mythril vs. Echidna: Smart Contract Security Tool Comparison” — OpenZeppelin / Security Research (2022). Comparative analysis of the major smart contract security tools — Slither (static analysis), Mythril (symbolic execution), and Echidna (coverage-guided fuzzing) — examining which vulnerability classes each tool finds, their performance characteristics, and how they complement each other in a professional security workflow.