Update nexus wiki content
This commit is contained in:
86
wiki/concepts/Slither.md
Normal file
86
wiki/concepts/Slither.md
Normal file
@@ -0,0 +1,86 @@
|
||||
---
|
||||
title: "Slither(静态分析框架)"
|
||||
type: concept
|
||||
tags: [blockchain, security, smart-contract, static-analysis, tooling]
|
||||
sources: [blockchain-security-auditor]
|
||||
last_updated: 2026-05-30
|
||||
---
|
||||
|
||||
## Aliases
|
||||
- Slither
|
||||
- Slither Static Analysis
|
||||
|
||||
## Definition
|
||||
|
||||
Slither 是 Trail of Bits 开发的开源 Solidity 静态分析框架,通过自动化代码分析发现智能合约漏洞。它是智能合约安全审计的第一步,**高置信度检测器几乎总是真实漏洞**。
|
||||
|
||||
## Key Capabilities
|
||||
|
||||
### High-Confidence Detectors(高置信度 — 几乎总是真实漏洞)
|
||||
|
||||
| Detector | Description |
|
||||
|----------|-------------|
|
||||
| `reentrancy-eth` | ETH 转账前的外部调用(经典重入) |
|
||||
| `reentrancy-no-eth` | 无 ETH 转账的重入(ERC-777 hooks) |
|
||||
| `arbitrary-send-eth` | 向任意地址发送 ETH |
|
||||
| `suicidal` | 无人能调用的 selfdestruct |
|
||||
| `controlled-delegatecall` | delegatecall 到用户可控地址 |
|
||||
| `uninitialized-state` | 使用未初始化状态变量 |
|
||||
| `unchecked-transfer` | 未检查 ERC-20 transfer 返回值 |
|
||||
| `locked-ether` | 无法提取的锁定 ETH |
|
||||
|
||||
### Medium-Confidence Detectors
|
||||
|
||||
| Detector | Description |
|
||||
|----------|-------------|
|
||||
| `reentrancy-benign` | 良性重入(需人工判断) |
|
||||
| `timestamp` | 时间戳依赖(矿工可操纵) |
|
||||
| `assembly` | 内联汇编使用 |
|
||||
| `low-level-calls` | 低级 call/callcode 使用 |
|
||||
|
||||
## Comprehensive Analysis Script
|
||||
|
||||
```bash
|
||||
#!/bin/bash
|
||||
# 高置信度检测
|
||||
slither . --detect reentrancy-eth,reentrancy-no-eth,arbitrary-send-eth,\
|
||||
suicidal,controlled-delegatecall,uninitialized-state,\
|
||||
unchecked-transfer,locked-ether \
|
||||
--filter-paths "node_modules|lib|test" \
|
||||
--json slither-high.json
|
||||
|
||||
# 中置信度检测
|
||||
slither . --detect reentrancy-benign,timestamp,assembly,\
|
||||
low-level-calls,naming-convention,uninitialized-local \
|
||||
--filter-paths "node_modules|lib|test" \
|
||||
--json slither-medium.json
|
||||
|
||||
# 人类可读摘要
|
||||
slither . --print human-summary --filter-paths "node_modules|lib|test"
|
||||
|
||||
# ERC 标准合规性
|
||||
slither . --print erc-conformance --filter-paths "node_modules|lib|test"
|
||||
|
||||
# 函数摘要
|
||||
slither . --print function-summary --filter-paths "node_modules|lib|test" \
|
||||
> function-summary.txt
|
||||
```
|
||||
|
||||
## Limitations
|
||||
|
||||
- **只能捕获约 30% 的真实漏洞** — 逻辑漏洞和协议级攻击需要人工审查
|
||||
- 误报率低但不是零,需要人工 triage
|
||||
- 无法验证字节码与源代码一致性(供应链攻击)
|
||||
|
||||
## Relationship to Audit
|
||||
|
||||
- **第一步**:运行 Slither 进行全量扫描
|
||||
- **第二步**:人工审查 Slither 标记的所有外部调用
|
||||
- **第三步**:对 Slither 未发现的问题进行专项人工审计
|
||||
- **第四步**:使用 [[Echidna]] 和 [[Mythril]] 进行深度分析
|
||||
|
||||
## Connections
|
||||
- [[Blockchain-Security-Auditor]] ← uses ← [[Slither]]
|
||||
- [[Mythril]] ← alternative analysis ← [[Slither]]
|
||||
- [[Echidna]] ← fuzzing complement ← [[Slither]]
|
||||
- [[Trail-of-Bits]] ← developed by ← [[Slither]]
|
||||
Reference in New Issue
Block a user