--- title: "Slither(静态分析框架)" type: concept tags: [blockchain, security, smart-contract, static-analysis, tooling] sources: [blockchain-security-auditor] last_updated: 2026-05-30 --- ## Aliases - Slither - Slither Static Analysis ## Definition Slither 是 Trail of Bits 开发的开源 Solidity 静态分析框架,通过自动化代码分析发现智能合约漏洞。它是智能合约安全审计的第一步,**高置信度检测器几乎总是真实漏洞**。 ## Key Capabilities ### High-Confidence Detectors(高置信度 — 几乎总是真实漏洞) | Detector | Description | |----------|-------------| | `reentrancy-eth` | ETH 转账前的外部调用(经典重入) | | `reentrancy-no-eth` | 无 ETH 转账的重入(ERC-777 hooks) | | `arbitrary-send-eth` | 向任意地址发送 ETH | | `suicidal` | 无人能调用的 selfdestruct | | `controlled-delegatecall` | delegatecall 到用户可控地址 | | `uninitialized-state` | 使用未初始化状态变量 | | `unchecked-transfer` | 未检查 ERC-20 transfer 返回值 | | `locked-ether` | 无法提取的锁定 ETH | ### Medium-Confidence Detectors | Detector | Description | |----------|-------------| | `reentrancy-benign` | 良性重入(需人工判断) | | `timestamp` | 时间戳依赖(矿工可操纵) | | `assembly` | 内联汇编使用 | | `low-level-calls` | 低级 call/callcode 使用 | ## Comprehensive Analysis Script ```bash #!/bin/bash # 高置信度检测 slither . --detect reentrancy-eth,reentrancy-no-eth,arbitrary-send-eth,\ suicidal,controlled-delegatecall,uninitialized-state,\ unchecked-transfer,locked-ether \ --filter-paths "node_modules|lib|test" \ --json slither-high.json # 中置信度检测 slither . --detect reentrancy-benign,timestamp,assembly,\ low-level-calls,naming-convention,uninitialized-local \ --filter-paths "node_modules|lib|test" \ --json slither-medium.json # 人类可读摘要 slither . --print human-summary --filter-paths "node_modules|lib|test" # ERC 标准合规性 slither . --print erc-conformance --filter-paths "node_modules|lib|test" # 函数摘要 slither . --print function-summary --filter-paths "node_modules|lib|test" \ > function-summary.txt ``` ## Limitations - **只能捕获约 30% 的真实漏洞** — 逻辑漏洞和协议级攻击需要人工审查 - 误报率低但不是零,需要人工 triage - 无法验证字节码与源代码一致性(供应链攻击) ## Relationship to Audit - **第一步**:运行 Slither 进行全量扫描 - **第二步**:人工审查 Slither 标记的所有外部调用 - **第三步**:对 Slither 未发现的问题进行专项人工审计 - **第四步**:使用 [[Echidna]] 和 [[Mythril]] 进行深度分析 ## Connections - [[Blockchain-Security-Auditor]] ← uses ← [[Slither]] - [[Mythril]] ← alternative analysis ← [[Slither]] - [[Echidna]] ← fuzzing complement ← [[Slither]] - [[Trail-of-Bits]] ← developed by ← [[Slither]]