0.10.4

This is a minor release that fixes some issues caused by updates to the web3.py library. Also, it contains fixes/improvements for a couple detectors: fix the solc-version detector which was warning on solc versions without bugs, don't report arbitrary-send-eth if the recipient if it's an immutable value, disable unused-import as it was slow and not handling a few edge cases correctly. Finally, slither-check-upgradeability has a new check which identifies the bug that was the cause of the most recent Ronin hack (see #2536).

We thank all of our external contributors for their effort!

What's Changed

• arbitrary-send-eth: Don't report if destination is immutable state var by @smonicas in #2488
• sync dev <> master by @0xalpharush in #2493
• Update WIKI_DESCRIPTION for "dead_code.py" by @ThomasHeim11 in #2492
• Dockerfile: fix ckzg build by @elopez in #2494
• Added length check on bugs_by_version for specific version_number by @MukulKolpe in #2499
• Bump docker/build-push-action from 5 to 6 by @dependabot in #2486
• Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 by @dependabot in #2485
• Improve slither-mutate testing by @DarkaMaul in #2482
• Add a new parameter max_width to MyPrettyTable by @DarkaMaul in #2426
• slither-mutate: (AOR) Fix for dynamic array operations by @smonicas in #2484
• Bump sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0 by @dependabot in #2508
• ci: require web3 with <5 eth_typing deps by @0xalpharush in #2537
• add upper bound by @0xalpharush in #2541
• Revert "Reduce verbosity for InvalidCompilation errors" by @0xalpharush in #2529
• disable unused import by @0xalpharush in #2540
• tool: add detector for multiple new reinitializers by @QiuhaoLi in #2536
• Bump pypa/gh-action-pip-audit from 1.0.8 to 1.1.0 by @dependabot in #2531
• sync master <> dev by @0xalpharush in #2506

New Contributors

• @ThomasHeim11 made their first contribution in #2492
• @MukulKolpe made their first contribution in #2499
• @QiuhaoLi made their first contribution in #2536

Full Changelog: 0.10.3...0.10.4

0.10.3

This is a minor release that fixes several bugs, improves performance, and addresses some false positives. There is a new flag, --include-detectors, to override exclusion rules e.g. run a specific low severity detector while excluding others with --exclude-low. The detector, similar-names, has been removed.

We would like to thank our external contributors:

• @careworry
• @xiaoxianBoy
• @vovikhangcdv
• @utx0

What's Changed

• Fix: unused state var detector for abstract/library by @0xalpharush in #2419
• Remove deprecated flags and their migration. by @DarkaMaul in #2410
• Fix #2430 by @DarkaMaul in #2431
• Chore: fix some typos in comments by @careworry in #2433
• Restore plugin example to working state by @elopez in #2436
• Chore: fix some typos in comments by @alwayshang in #2444
• Reduce verbosity for InvalidCompilation errors by @DarkaMaul in #2417
• Configure coderabbit review to also consider PR on dev branch. by @DarkaMaul in #2441
• chore: fix typos and link update by @xiaoxianBoy in #2453
• chore: recommend upgrading in issue template by @0xalpharush in #2457
• Features/perf improvment by @DarkaMaul in #2438
• Fix: use contract declarer's scope for name resolution by @0xalpharush in #2459
• Fix bugs in the EVM printer by @DarkaMaul in #2435
• Add detectors to include override exclude args by @nsiregar in #2440
• Chore/remove unused scripts by @0xalpharush in #2468
• Fix inheritance printer rebase by @0xPhaze in #2153
• Add more academic references by @montyly in #2270
• Update: improve unhandled initializers in unprotected-upgrade detector by @vovikhangcdv in #2203
• Write slither.db.json file on each save_results_to_hide by @utx0 in #2071
• Remove similar-names bc it's slow by @0xalpharush in #2469
• Improve message error for when Crytic throws a KeyError. by @DarkaMaul in #2418
• Fix regex patterns by @DarkaMaul in #2442
• Fix: do not flag imports from import container as unused by @0xalpharush in #2471
• Fix: filtering of unused-import,incorrect-solc, pragma by @0xalpharush in #2472
• Fix ordering and dead-code detector by @0xalpharush in #2476

New Contributors

• @careworry made their first contribution in #2433
• @alwayshang made their first contribution in #2444
• @xiaoxianBoy made their first contribution in #2453
• @0xPhaze made their first contribution in #2153
• @vovikhangcdv made their first contribution in #2203
• @utx0 made their first contribution in #2071

Full Changelog: 0.10.2...0.10.3

0.10.2

0.10.2 - 2024-04-08

This minor release contains several enhancements and resolves several bugs, most notably:

• Revamps slither-mutate with first class support for Foundry projects (see quickstart)
• New detector identifies unused imports (slither . --detect unused-import)
• Resolves longstanding issues in import resolution and lack of support for aliases (see #1452)
• Improves the reference/declaration API in order to facilitate LSP integration
• Accurately models implicit returns in the intermediate representation (see #1880)

We would like to thank our external contributors:

• @Tiko7454
• @dokzai
• @rustrover
• @eltociear
• @majorteach
• @kevinclancy
• @nsiregar
• @bart1e

New Features

• Slither-mutate: fit and finish by @bohendo in #2302
• Feat: add detector for unused imports by @0xalpharush in #2392
• Add virtual and override attribute in Function by @smonicas in #2333
• Feat/virtual override with refs by @0xalpharush in #2376

Bug Fixes

• Fix CONTINUE node in the cfg by @Tiko7454 in #2047
• Update inheritance graph printer to handle multiple contracts with same names by @dokzai in #2159
• Fix parsing of events by @smonicas in #2365
• Slither-mutate: bugfix when two files have the same name by @DarkaMaul in #2357
• Add support for send builtin by @0xalpharush in #2212
• Fix IR for top level functions with using-for by @smonicas in #2367
• Update PR#2034 by @0xalpharush in #2384
• Fix: preserve empty tuple components during declaration-to-assignment conversion by @kevinclancy in #2034
• Fix: guard literal implicit conversion for arrays by @0xalpharush in #2383
• Fix: add missing references in the source mapping API by @0xalpharush in #2371
• Fix: support aliases for NewContract operation by @0xalpharush in #2370
• Fix: add newline to incorrect-modifier output by @0xalpharush in #2386
• ArrayType: Check the folded length in eq by @smonicas in #2331
• Fix: lookup of type alias as member of contract by @0xalpharush in #2404
• Resolve available definitions from import by reference ID by @0xalpharush in #2403
• Filter name-reused detector to only run on Truffle projects (#2390) by @nsiregar in #2394

Enhancements

• Fix/model named returns by @0xalpharush in #2326
• Ci: linter, pylint: upgrade superlinter to v6 by @elopez in #2303
• Add funding metadata to repository by @elopez in #2346
• Create issue-metrics.yml by @0xalpharush in #2366
• Chore: remove repetitive word by @rustrover in #2363
• Update node.py by @eltociear in #2358
• Support python3.12 by @0xalpharush in #2348
• Chore: remove repetitive words by @majorteach in #2373
• Implement pytest parameterize on test_implicit_returns (#2350) by @nsiregar in #2381
• Wiki/too many digits by @0xalpharush in #2385
• Upgrade slither-mutate readme by @bohendo in #2391
• Add all variables read/written by @smonicas in #2368
• Add test for #2331 by @0xalpharush in #2405
• Prepare for 0.10.2 release by @0xalpharush in #2406
• Removed unused import by @0xalpharush in #2408

New Contributors

• @rustrover made their first contribution in #2363
• @DarkaMaul made their first contribution in #2357
• @eltociear made their first contribution in #2358
• @majorteach made their first contribution in #2373
• @nsiregar made their first contribution in #2381

Full Changelog: 0.10.1...0.10.2

0.10.1

0.10.1 - 2024-02-29

This is a minor release that adds support for Solidity 0.8.24 and top level events. It includes a new detector, out-of-order-retryable, which detects potential misuse of Arbitrum's retryable transactions. Also, there is a new CLI flag, --include-paths which allows one to only include results from a given path.

We would like to thank all of our external contributors:

• @VIELITE
• @mds1
• @UsmannK
• @ATREAY
• @dokzai

What's Changed

New Features

• Add support top level events by @smonicas in #2219
• Add support Solidity 0.8.24 by @smonicas in #2281
• Add --include-paths option by @smonicas in #2330
  • For example, slither . --include-paths (src/|contracts/) will only include results from files within src or contracts directory. Note, this is uses python-style regex and cannot be used at the same time as --filter-paths.
• Feat: out of order retryable detector by @0xalpharush in #2340

Bug Fixes

• Fix: is_reentrant for internal vyper functions by @0xalpharush in #2211
• Fix: iterative update by @0xalpharush in #2206
• Fix: detect selfdestruct in internal calls by @0xalpharush in #2232
• Fix using for when used with "this" by @smonicas in #2224
• Fix: broken doc links by @mds1 in #2299
• Fix: slither: utils: respect colorization state when printing tables by @elopez in #2310
• Fix: support inheritance resolution when contract name is reused by @0xalpharush in #2332
• Fix: support renaming in base inheritance and base constructor calls by @0xalpharush in #2320
• Fix: immediate inheritance by @Tiko7454 in #2306

Enhancements

• Update README.md by @VIELITE in #2198
• Update installation instrucitons by @0xalpharush in #2189
• Update Dockerfile by @0xalpharush in #2188
• Raise an error when a missing contract is specified to read-storage by @UsmannK in #2235
• Remove unused files by @0xalpharush in #2197
• Substituted the letter z with x in pre-declaration by @ATREAY in #2258
• Upgraded Slither-mutate by @vishnuram1999 in #2278
• Divide-before-multiply: Detect also in modifiers by @smonicas in #2280
• Properties, documentation: correct tool descriptions and usage by @elopez in #2311
• Fix example by @0xalpharush in #2312
• Make triage database path customizable by @elopez in #2298
• Create a variable API that filters out constants and immutables by @dokzai in #2323
• Add regression test for #2313 by @0xalpharush in #2321
• Msg-value-loop: Don't report if msg.value is in a conditional expression by @smonicas in #2239
• Incorrect-shift: Detect only assembly blocks by @smonicas in #2315
• Track storage variables read/written in assembly by @smonicas in #2329

New Contributors

• @VIELITE made their first contribution in #2198
• @UsmannK made their first contribution in #2235
• @ATREAY made their first contribution in #2258
• @vishnuram1999 made their first contribution in #2278

Full Changelog: 0.10.0...0.10.1

0.10.0

0.10.0 - 2023-10-18

This release adds support for Vyper 0.3.7 (thanks to the funding from VyperLang)! Currently, Vyper frameworks such as Ape are not supported. To run slither on Vyper codebases, target the source directory e.g. run slither ./contracts if the Vyper contracts are in the contracts/ directory.

Additionally, this release includes 5 new detectors, 3 new printers, and several bugs fixes related to recent solidity features. The echidna/medusa integration was sped up and provides more information to the fuzzers.

With the release of crytic-compile 0.3.5, support for foundry projects is significantly improved: Slither can now be run on a single file from a foundry project and detect the necessary imports automatically (ex: run slither contracts/some_file.sol instead of slither . ).

We would like to thank all of our external contributors:

• @dokzai
• @kevinclancy
• @SEJeff
• @SheldonHolmgren
• @yisun92
• @Tiko7454

What's Changed

New Features:

• Vyper support by @0xalpharush in PR #2099
• 5 new detectors by @montyly in PR #2156
  • incorrect-return / return-leave / incorrect-exp / tautological-compare / return-bomb
• Printers
  • ck by @devtooligan in PR #1895
  • halstead by @devtooligan in PR #1878
  • martin by @devtooligan in PR #1889

Breaking Changes:

• Improve name resolution of type aliases by @smonicas in PR #2061
• Change return type to UnaryType instead of UnaryOperationType by @dokzai in PR #2124

Enhancements:

• Add CustomError as printable output by @smonicas in PR #2063
• Improve mapping-deletion detector for nested mappings by @smonicas in PR #2084
• Improve constants extraction of ReferenceVariable by @smonicas in PR #2098
• Better struct handling in code generation util by @webthethird in PR #2068
• Add end assembly node in the cfg by @smonicas in PR #2078
• Use crytic-compile 0.3.5

Bug Fixes:

• Fix CONTRIBUTING.md by @smonicas in PR #2052
• Fix ternary rewrite test and make assertion more strict by @0xalpharush in PR #2067
• UnaryOperation: -variable and +variable doesn't make variable an lvalue by @SheldonHolmgren in PR #2027
• Fix assertion failure in dominator computation for dead code by @Tiko7454 in PR #1984
• Fix typo in Contract.get_state_variable_from_canonical_name() by @yisun92 in PR #1983
• Fix divide before multiply detector non deterministic results by @smonicas in PR #2114
• Detectors: cache_array_length: include source mapping in finding by @elopez in PR #2076
• Fix a typo in the help text by @SEJeff in PR #2155
• Fix abi.decode tuple result with udt by @smonicas in PR #2048
• Fix parsing super call expression by @smonicas in PR #2151
• Fix(convert): do not convert array type to elementary for InitArray by @0xalpharush in PR #2018
• Fix: reorder named arguments to match declaration order by @kevinclancy in PR #1949
• Fix enum.max/min when enum in other contract by @smonicas in PR #2051

Continuous Integration and Dependencies:

• Bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.10 by @dependabot in PR #2049, PR #2086
• ci: add problem matchers for yamllint and pylint by @0xalpharush in PR #2070
• Bump sigstore to 2.1.0 by @0xalpharush in PR #2081, PR #2154
• Fix CI by @montyly in PR #2170
• chore: bump sigstore to 2.0.0 by @0xalpharush in PR #2081
• Bump actions/upload-pages-artifact, actions/checkout, cachix/install-nix-action, docker/setup-buildx-action, docker/build-push-action, docker/setup-qemu-action, docker/login-action by @dependabot in PR #2044, PR #2112, PR #2111, PR #2132, PR #2133, PR #2134, PR #2135

New Contributors

• @SheldonHolmgren made their first contribution in #2027
• @yisun92 made their first contribution in #1983
• @dokzai made their first contribution in #2110
• @SEJeff made their first contribution in #2155

Full Changelog: 0.9.6...0.10.0

v0.9.6

0.9.6 - 2023-07-06

This release fixes a regression in the unchecked-lowlevel call detector and a crash in the cache-array-length detector.

What's Changed

• fix(cache-array-length): handle when HighLevelCall is a StateVariable by @0xalpharush in #2019
• fix regression that caused retdata to be flagged by @0xalpharush in #2029
• docs(readme): add new docs link by @sambacha in #2010

New Contributors

• @dependabot made their first contribution in #1992
• @sambacha made their first contribution in #2010

Full Changelog: 0.9.5...0.9.6

v0.9.5

0.9.5 - 2023-06-28

This is a patch release that fixes forward compatibility with Python 3.11.

What's Changed

• Fix execution in Python 3.11 by @elopez in #2002

Full Changelog: 0.9.4...0.9.5

v0.9.4

0.9.4 - 2023-06-26

This release adds initial support of user defined operators, improves support for try catch, reduces false positives, and fixes numerous bugs. Finally three new detectors, one new printer, and one new tool were added.

We would like to thank all of our external contributors:

• @0xGusMcCrae
• @0xxfu
• @A-23187
• @DarrenChangJR
• @PaulRBerg
• @Tiko7454
• @Troublor
• @aga7hokakological
• @bossjoker1
• @daog1
• @duelinggalois
• @kevinclancy
• @ydm

For CI integration: If you were using the fail-high, fail-medium, fail-low, fail-pedantic in slither.conf.json, Slither will warn these configurations are deprecated and recommend migrating to the respective fail-on config e.g. fail-high becomes fail-on: high. These flags are now decoupled from excluding which detectors run, meaning the flags --exclude-informational and --exclude-optimization will be honored without also passing --no-fail-pedantic. Consider using slither-action for CI integration

Added

• Detectors
  • cache-array-length: Detects for loops that use length member of some storage array in their loop condition and don't modify it by @bart1e in #1694
  • encode-packed-collision: Detects collisions caused by use of encode packed on dynamic types by @0xalpharush in #1845
  • incorrect-using-for: Detects using-for statement usage when no function from a given library matches a given type by @bart1e in #1653
• Printer
  • loc- Count the total number lines of code (LOC), source lines of code (SLOC), and comment lines of code (CLOC) found in source files (SRC), dependencies (DEP), and test files (TEST) - by @devtooligan in #1882
• Tool
  • slither-interface generates a Solidity interface for a given contract. by @0xGusMcCrae in #1898
  • slither-read-storage can know retrieve custom storage layouts e.g. proxy with the --unstructured flag by @webthethird and @0xalpharush in #1963
  • slither-read-storage native POA support by @webthethird in #1843

• Solidity
  • Support user defined operators by @smonicas in #1684
  • Add support for prevrando (solc 0.8.18) by @0xalpharush in #1946
• Testing
  • Run tests in parallel locally with makefile by @0xalpharush in #1808
  • Snapshot testing insta by @0xalpharush in #1820
• APIs
  • Generate interface code in new slither.utils.code_generation by @webthethird in #1730
  • Add upgradeability utils by @webthethird in #1757

• Add more types hints by @montyly in #1666

Changed

• Remove ExpressionTyped by @montyly in #1672
• Remove core.children by @montyly in #1673
• Remove unused visitors by @montyly in #1674
• Remove is_top_level dead code by @0xalpharush in #1812
• Remove modulo binop from can_be_checked_for_overflow by @0xalpharush in #1894
• Update CONTRIBUTING.md to explain compiling and adding snapshot tests by @0xalpharush in #1844
• Upgrade prettytable, use colored table by @0xalpharush in #1766
• Fail-on: rework feature by @elopez in #1462
• Changed name of the printer pausable -> not-pausable by @aga7hokakological in #1823

Fixed

• Do not detect incorrect-shift when rhs is constant by @0xalpharush in #1891
• Reduce false positives for incorrect-equality detector by @0xalpharush in #1890
• Incorrect-equality: do not check addresses by @ydm in #1713
• Fix is_storage for calldata variables by @smonicas in #1806
• Fixed: pausable printer includes checks on constructor() by @aga7hokakological in #1824
• Support new bytes expr in ternary by @0xalpharush in #1817
• Fix try catch infinite recursion by @smonicas in #1832
• Fix abi.decode with a UserDefinedType fixed array by @smonicas in #1855
• Preserve the order of sons when splitting ternary node by @Troublor in #1850
• Bug Fix: Contract obj is_fully_implemented by @DarrenChangJR in #1848
• Remove assertion in unary operation by @smonicas in #1856
• Improved interface code generation in slither.utils.code_generation by @webthethird in #1802
• Fix abi decode by @daog1 in #1892
• Improve reentrancy events documentation by @0xalpharush in #1903
• Add tx.gasprice to generic taints by @0xalpharush in #1769
• Make slither-flat work for top level errors, structs, enums by @smonicas in #1852
• Fix issue #1849: type_str not returning str by @DarrenChangJR in #1914
• FIx return variables shadowing compact AST by @smonicas in #1912
• Fix pop IR by @smonicas in #1905
• Parse assembly in modifier by @smonicas in #1896
• Improve tuple analysis for unused-return detector by @smonicas in #1861
• Uninitialized-local don't report variable in loop header by @smonicas in #1911
• Make type information of NewArray more precise by @Troublor in #1784
• Catch AssertionError and log context and raise again while parsing by @duelinggalois in #1873
• Fix generate_source_to_evm_ins_mapping by @A-23187 in #1567
• Local variable location fix by @Tiko7454 in #1942
• Fix: make _convert_to_structure_to_list return a type instead of an ElementaryType's type field by @kevinclancy in #1935
• Detect when ether is sent in Yul by @smonicas in #1909
• Fix bytes pop ir by @smonicas in #1926
• Do not recommend changing mutability for abstract contracts by @0xalpharush in #1952
• Improve try-catch parsing by @smonicas in #1862
• Fix yul function calls by @smonicas in #1917
• Optimizations for similar_variables.py by @0xGusMcCrae in #1945
• Inform user if inheritance cannot be resolved by @0xalpharush in #1956
• Handle if crytic-compile returns an empty ast by @smonicas in #1961
• Reduce false positives on modifying storage array by value detector by @bossjoker1 in #1962
• Docs: update recommendation for msg.value-inside-a-loop by @PaulRBerg in #1971
• Use current scope instead of parent scope to determine if arith. is checked by @0xalpharush in #1951
• Improved is_function_modified in upgradeability util by @webthethird in #1938
• Perform cross-contract taint analysis from diff of two upgrade versions by @webthethird in #1816
• Additional optimizations for similar_variables.py by @0xGusMcCrae in #1980
• Fix/canonical event name by @0xxfu in #1976
• Fixed issue which disallowed using operator[] with TopLevelVariables by @Tiko7454 in #1968

New Contributors

• @aga7hokakological made their first contribution in #1824
• @DarrenChangJR made their first contribution in #1848
• @ydm made their first contribution in #1713
• @daog1 made their first contribution in #1892
• @0xGusMcCrae made their first contribution in #1898
• @duelinggalois made their first contribution in #1873
• @A-23187 made their first contribution in #1567
• @Tiko7454 made their first contribution in #1942
• @kevinclancy made their first contribution in #1935
• @PaulRBerg made their first contribution in #1971

Full Changelog: 0.9.3...0.9.4

v0.9.3

0.9.3 - 2023-03-20

This release adds a new detector for high complexity functions, improves Echidna's performance (on enums), adds support for less common and new Solidity features (ternary operations, using for, and yul support), and improves slither-read-storage and existing detectors.

Additionally, we're so excited that Slither has been nominated in the latest round of @optimismFND 's RetroPGF's program! If you vote for these projects, please select Slither as one of your favorite tools from now until March 23!

We have also opened a GitHub discussion page for Slither to more easily communicate with our community of users and developers.

Finally, we would like to thank all of our external contributors:

• @bart1e
• @CodeSandwich
• @Troublor
• @sidarth16

Added

• Detector: High cyclomatic complexity @bart1e in #1618
• Clarify requirement of installing solc by @CodeSandwich in #1599
• Slither-check-upgradeability: support complex datatypes by @webthethird in #1535
• Add enums to echidna printer's list of constants by @samalws in #1665
• Add cyclomatic complexity to function-summary by @smonicas in #1685
• Add github pages docs by @0xalpharush in #1656
• Add issue template for trouble with installation by @0xalpharush in #1623
• APIs
  • Add unregister_detector by @sidarth16 in #1722
  • Add unregister_printer by @sidarth16 in #1724

Changed

• Detectors improvements
  • Detect local shadowing of return vars by @0xalpharush in #1510
  • Consider constants in divide-before-multiply by @0xalpharush in #1641
  • Do not recommend to making strings immutable by @0xalpharush in #1639
  • Restrict variable-scope detector to only solc 0.4.x by @0xalpharush in #1731

• Minor codex improvements by @montyly in #1600
• Minor API improvements by @montyly in #1601
• Use enum string formatting by @0xalpharush in #1636
• Add more types by @montyly in #1624
• Update list of external publications by @montyly in #1738
• Abstract contract property by @bsamuels453 in #1679
• Improve echidna printer for user defined types by @montyly in #1690
• Revert "show ignored findings by default for checklist" by @0xalpharush in #1643
• Improve tests from 1625 by @montyly in #1741
• Improve parsing of contract's comment by @montyly in #1734
• Update filter-paths help by @0xalpharush in #1749
• Slithir printer improve top level functions format by @smonicas in #1744
• Add issue template for false neg. and positive by @0xalpharush in #1753
• Make web3 required dependency by @0xalpharush in #1743
• Update reentrancy_eth.py by @sidarth16 in #1706

• CI
  • Run tests in parallel by @0xalpharush in #1637
  • Only run python linters when .py changed by @0xalpharush in #1638
  • Cancel action on new commits by @montyly in #1661
  • Improvements to GH actions by @montyly in #1662
  • Further CI improvements by @montyly in #1663
  • Update linter.yml name by @0xalpharush in #1770
  • Upgrade nix installation to fix CI installation by @0xalpharush in #1711

Fixed

• Fix ternary in nested expressions @0xalpharush in #1650
• Fix CI badge in README by @elopez in #1603
• Bugs fixed in strongly connected components and cyclomatic complexity algorithms by @bart1e in #1617
• 'Not in UPPER_CASE_WITH_UNDERSCORES' warning for public constant vars removed by @bart1e in #1530
• Missing references fix by @bart1e in #1604
• Fix support for constant variable lookup in yul by @montyly in #1611
• Uninitialized storage fix by @0xalpharush in #1725
• Fix stdout capture by @0xalpharush in #1740
• Move assertion to proper branch by @montyly in #1691
• Include salt in operation, NewContract, reads by @0xalpharush in #1762
• Fix declaration and evm printer by @0xalpharush in #1765
• Fix IR operation when initializing array with one-element array literal by @Troublor in #1761
• WIKI URL fixed by @bart1e in #1695
• Fix using for global function name collision by @0xalpharush in #1625

New Contributors

• @CodeSandwich made their first contribution in #1599
• @samalws made their first contribution in #1665
• @sidarth16 made their first contribution in #1722
• @bsamuels453 made their first contribution in #1679
• @Troublor made their first contribution in #1761

Full Changelog: 0.9.2...0.9.3

v0.9.2

0.9.2 - 2023-01-11

This release integrates codex into Slither via two features:

• slither-documentation, a tool to auto-generate natspec for every function. See the usage on solmate.
• the codex detector, which uses GPT3 to find vulnerabilities. This detector is not run by default and requires an explicit opt-in by using the --codex flag.

For both features, the environment variable OPENAI_API_KEY must be set. These features are experimental, and we recommend reading OpenAI's ToS, in particular, if you are using it on a private codebase. We will be exploring other areas where we can leverage LLM within Slither, and we would love the community's feedback and ideas.

Additionally, this release contains two new detectors, and refinements to existing detectors. This includes a better handling of nonReentrant for reentrancy detection, lowering the number of false alarms. Finally, this release contains several bug fixes and improvements for Solidity features such as "using for" directives and user defined value types.

We would like to thank all of our external contributors:
-@ardislu
-@bart1e
-@devtooligan
-@devtooligan
-@mds1
-@Pavan-Nambi
-@pcaversaccio
-@plotchy

Thanks to the community effort, slither has now reached 100+ contributors.

Added

• Add Codex vulnerability detector by @montyly and @devtooligan in #1498, #1499
• Use Codex to generate solidity documentation by @montyly in #1494
• New detectors:
  • recommend reading variable without this keyword to reduce STATICCALLs by @0xalpharush in #1484
  • recommend making state variables immutable by @0xalpharush in #1455
• Enable ignore comments for sections of code by @mds1 in #1461, #1483
  • // slither-disable-start [detector] ... // slither-disable-end [detector]
• Mark contract as proxy/ upgradeable with custom comments by @webthethird and @montyly in #1517, #1522
  • @custom:security isDelegatecallProxy, @custom:security isUpgradeable, @custom:security version name=[v1]
• Support ternaries in function call options by @0xalpharush in #1501
• Fold binary expressions with constant operands for fuzzing guidance by @0xalpharush in #1508
• Support abi.encodeCall by @plotchy in #1460
• Add VULNERABLE_SOLC_VERSIONS to detectors by @devtooligan and @montyly in #1477, #1485
• Filter upgradeability checks by name/impact by @webthethird in #1532
• Add --no-fail mode for echidna printer by @montyly in #1571
• Create CODEOWNERS by @montyly in #1561
• slither-doctor: check PATH configuration by @elopez in #1550

Changed

• Improve reentrancy detectors by @montyly in #1351
  • Functions with nonReentrant modifiers will be filtered out unless a risk of cross-function reentrancy is detected
• Improve support using for directive by @smonicas in #1378
• Improve support using for with aliasing by @smonicas in #1563
• Replace pysha3 with pycryptodome by @0xalpharush in #1454
• Remove unused PUSH operation from IR by @0xalpharush in #1489
• Sort printer outputs for determinism by @bart1e in #1513
• Use latest setuptools in CI by @montyly in #1542
• Update to the latest crytic-compile source unit API by @montyly in #1528
• Install only necessary solc versions in CI by @Pavan-Nambi in #1546
• Run tests by specific ID by @0xalpharush in #1555

Fixed

• Fix broken links by @pcaversaccio in #1457
• Fix typo in divide before multiply by @0xalpharush in #1449
• Fix dapp CI integration test by @montyly in #1496
• Improve protected variable detector by @montyly in #1497
• Update missing events wiki by @0xalpharush in #1487
• Copy event arguments during ssa conversion by @0xalpharush in #1488
• Fix ExtraVariablesProxy upgradeability check by @webthethird in #1504
• Fix naming-convention to flag single letter O or I variable by @ardislu in #1470
• Fix top level struct parsing by @smonicas in #1545
• Upgradeability: include inherited private variables, ignore immutables by @0xalpharush in #1451
• Fix and re-enable etherscan test by @elopez in #1556
• Fix using for directives in libraries by @smonicas in #1568
• Remove incomplete submodule by @elopez in #1564
• Handle malformed alias solc<0.6.0 by @0xalpharush in #1547
• Improve Yul parsing by @montyly in #1559
• Fix type conversion of user defined value types by @0xalpharush in #1573
• Resolve error referenced as member of contract by @0xalpharush in #1574

New Contributors

• @ardislu made their first contribution in #1470
• @bart1e made their first contribution in #1513
• @devtooligan made their first contribution in #1477
• @mds1 made their first contribution in #1461
• @Pavan-Nambi made their first contribution in #1546
• @webthethird made their first contribution in #1504

Full Changelog: 0.9.1...0.9.2