Skip to content

Releases: crytic/slither

0.11.5

16 Jan 19:46

Choose a tag to compare

This minor release upgrades the minimum Python version to 3.10, adds one new detector reentrancy-balance and various other fixes.

What's Changed

  • Fix markdown lint on docs/ by @dguido in #2870
  • slither-doctor: paths: follow symlinks by @elopez in #1608
  • fixed consistency by @shushaaniik in #2556
  • Add paths to inheritance printer by @shargon in #2732
  • chore: fix typos by @omahs in #2723
  • fix: update snapshots for typo fix in uninitialized detector by @dguido in #2886
  • #2688 fix markdown linter by @nsiregar in #2722
  • docs: Add comprehensive CLAUDE.md for AI-assisted development by @dguido in #2889
  • fix: remove Etherscan API dependency from CI tests by @dguido in #2890
  • ci: Harden and optimize GitHub Actions workflows by @dguido in #2891
  • chore: modernize pre-commit hooks with prek by @dguido in #2894
  • chore: modernize Makefile to use uv-native workflow by @dguido in #2895
  • fix: correct ERC conformance JSON key and document evm-cfg-builder dep by @dguido in #2896
  • chore: enable 34 additional ruff lint rules by @dguido in #2898
  • fix: add fasttext as optional dependency for slither-simil by @dguido in #2899
  • feat: upgrade minimum Python version to 3.10, modernize type annotations by @dguido in #2900
  • detectors: unindexed-event-address: add source mapping information to detection by @elopez in #2918
  • Add reentrancy-balance detector by @smonicas in #2919

New Contributors

Full Changelog: 0.11.4...0.11.5

0.11.4

15 Jan 18:59
fd71cab

Choose a tag to compare

This release adds support for the CLZ EVM opcode, for solidity custom storage layout, adds 1 new detector unindexed-event-address and various fixes. Additionally it changes the development environment to using uv and ruff for linting.

What's Changed

New Contributors

Full Changelog: 0.11.3...0.11.4

0.11.3

18 Apr 11:59
f571b6b

Choose a tag to compare

This minor release updates some dependencies.

What's Changed

Full Changelog: 0.11.2...0.11.3

0.11.2

16 Apr 20:43
db0591a

Choose a tag to compare

This minor release fixes a bug in the storage pointer analysis.

What's Changed

  • Fix written variables in storage pointer analysis by @smonicas in #2707

Full Changelog: 0.11.1...0.11.2

0.11.1

15 Apr 18:17
bf32d2f

Choose a tag to compare

This release improves the support of unicode character where previously it would have resulted in erroneous source mapping for tools such as slither-flat and slither-mutate, adds function calls stack information to simplify the understanding of the output for certain detectors (calls-loop, costly-loop, delegatecall-loop, msg-value-loop) and other bug fixes.

What's Changed

  • Fix order yul parsing identifiers by @smonicas in #2671
  • Fixes issue 2524, Slot Calculation for Variables that Cross 32-Byte by @Jayakumar2812 in #2664
  • Fix slither-read-storage crash when a structure has only other structs as fields by @smonicas in #2666
  • Improve the support for sstore/sload with simple slot access by @montyly in #2670
  • Refactor docs by @montyly in #2685
  • Dev update entry points printer by @nisedo in #2668
  • Update MyPrettyTable alignment to left-align all fields by default by @nisedo in #2672
  • Improved unicode support in mutator, flattener, and more by @bohendo in #2662
  • chore: fix some typos in comments by @shenpengfeng in #2678
  • slither-mutate: Check if a contract is an interface properly by @smonicas in #2697
  • Improve support for storage pointer analysis by @montyly in #2677
  • Propagate type aliases from base to derived contracts by @smonicas in #2693
  • Add calls stack information to detectors by @smonicas in #2696

New Contributors

Full Changelog: 0.11.0...0.11.1

0.11.0

03 Feb 20:13
a77738f

Choose a tag to compare

This release adds support for the latest Solidity features like using a custom error in a require statement and transient storage, adds 7 new detectors, 2 new printers and various other improvements.
NOTE: There are breaking changes to some API in particular the variables properties in the Contract class (see #2588) and the *Calls API (see #2555).

The new detectors are:

  • pyth-deprecated-functions: Detect Pyth deprecated functions
  • pyth-unchecked-confidence: Detect when the confidence level of a Pyth price is not checked
  • pyth-unchecked-publishtime: Detect when the publishTime of a Pyth price is not checked
  • chronicle-unchecked-price: Detect when Chronicle price is not checked
  • gelato-unprotected-randomness: Call to _requestRandomness within an unprotected function
  • chainlink-feed-registry: Detect when chainlink feed registry is used
  • optimism-deprecation: Detect when deprecated Optimism predeploy or function is used

The new printers are:

  • entry-points: Print all the state-changing entry point functions of the contracts
  • cheatcode: Print the usage of (Foundry) cheatcodes in the code

The following is an example of the entry-points printer for Uniswap v4 core.

Screenshot 2025-02-03 at 20 44 15

We thank all of our external contributors for their effort!

What's Changed

New Contributors

Full Changelog: 0.10.4...0.11.0

0.10.4

23 Aug 13:33
aeeb2d3

Choose a tag to compare

This is a minor release that fixes some issues caused by updates to the web3.py library. Also, it contains fixes/improvements for a couple detectors: fix the solc-version detector which was warning on solc versions without bugs, don't report arbitrary-send-eth if the recipient if it's an immutable value, disable unused-import as it was slow and not handling a few edge cases correctly. Finally, slither-check-upgradeability has a new check which identifies the bug that was the cause of the most recent Ronin hack (see #2536).

We thank all of our external contributors for their effort!

What's Changed

New Contributors

Full Changelog: 0.10.3...0.10.4

0.10.3

05 Jun 23:40
798c1f6

Choose a tag to compare

This is a minor release that fixes several bugs, improves performance, and addresses some false positives. There is a new flag, --include-detectors, to override exclusion rules e.g. run a specific low severity detector while excluding others with --exclude-low. The detector, similar-names, has been removed.

We would like to thank our external contributors:

What's Changed

New Contributors

Full Changelog: 0.10.2...0.10.3

0.10.2

08 Apr 13:08
fdf54f6

Choose a tag to compare

0.10.2 - 2024-04-08

This minor release contains several enhancements and resolves several bugs, most notably:

  • Revamps slither-mutate with first class support for Foundry projects (see quickstart)
  • New detector identifies unused imports (slither . --detect unused-import)
  • Resolves longstanding issues in import resolution and lack of support for aliases (see #1452)
  • Improves the reference/declaration API in order to facilitate LSP integration
  • Accurately models implicit returns in the intermediate representation (see #1880)

We would like to thank our external contributors:

New Features

Bug Fixes

Enhancements

New Contributors

Full Changelog: 0.10.1...0.10.2

0.10.1

29 Feb 21:05
3523093

Choose a tag to compare

0.10.1 - 2024-02-29

This is a minor release that adds support for Solidity 0.8.24 and top level events. It includes a new detector, out-of-order-retryable, which detects potential misuse of Arbitrum's retryable transactions. Also, there is a new CLI flag, --include-paths which allows one to only include results from a given path.

We would like to thank all of our external contributors:

What's Changed

New Features

  • Add support top level events by @smonicas in #2219
  • Add support Solidity 0.8.24 by @smonicas in #2281
  • Add --include-paths option by @smonicas in #2330
    • For example, slither . --include-paths (src/|contracts/) will only include results from files within src or contracts directory. Note, this is uses python-style regex and cannot be used at the same time as --filter-paths.
  • Feat: out of order retryable detector by @0xalpharush in #2340

Bug Fixes

Enhancements

New Contributors

Full Changelog: 0.10.0...0.10.1