ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b40abbcd473a7093d8261e212e3d6de97c1e516a
nexus/wiki/concepts/Slither.md
weishen 111bc65b7b Update nexus wiki content
2026-05-03 05:42:12 +08:00

87 lines
2.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "Slither静态分析框架"
type: concept
tags: [blockchain, security, smart-contract, static-analysis, tooling]
sources: [blockchain-security-auditor]
last_updated: 2026-05-30
---
## Aliases
- Slither
- Slither Static Analysis
## Definition
Slither 是 Trail of Bits 开发的开源 Solidity 静态分析框架,通过自动化代码分析发现智能合约漏洞。它是智能合约安全审计的第一步,**高置信度检测器几乎总是真实漏洞**。
## Key Capabilities
### High-Confidence Detectors高置信度 — 几乎总是真实漏洞)
| Detector | Description |
|----------|-------------|
| `reentrancy-eth` | ETH 转账前的外部调用(经典重入) |
| `reentrancy-no-eth` | 无 ETH 转账的重入ERC-777 hooks |
| `arbitrary-send-eth` | 向任意地址发送 ETH |
| `suicidal` | 无人能调用的 selfdestruct |
| `controlled-delegatecall` | delegatecall 到用户可控地址 |
| `uninitialized-state` | 使用未初始化状态变量 |
| `unchecked-transfer` | 未检查 ERC-20 transfer 返回值 |
| `locked-ether` | 无法提取的锁定 ETH |
### Medium-Confidence Detectors
| Detector | Description |
|----------|-------------|
| `reentrancy-benign` | 良性重入(需人工判断) |
| `timestamp` | 时间戳依赖(矿工可操纵) |
| `assembly` | 内联汇编使用 |
| `low-level-calls` | 低级 call/callcode 使用 |
## Comprehensive Analysis Script
```bash
#!/bin/bash
# 高置信度检测
slither . --detect reentrancy-eth,reentrancy-no-eth,arbitrary-send-eth,\
suicidal,controlled-delegatecall,uninitialized-state,\
unchecked-transfer,locked-ether \
--filter-paths "node_modules|lib|test" \
--json slither-high.json
# 中置信度检测
slither . --detect reentrancy-benign,timestamp,assembly,\
low-level-calls,naming-convention,uninitialized-local \
--filter-paths "node_modules|lib|test" \
--json slither-medium.json
# 人类可读摘要
slither . --print human-summary --filter-paths "node_modules|lib|test"
# ERC 标准合规性
slither . --print erc-conformance --filter-paths "node_modules|lib|test"
# 函数摘要
slither . --print function-summary --filter-paths "node_modules|lib|test" \
> function-summary.txt
```
## Limitations
- **只能捕获约 30% 的真实漏洞** — 逻辑漏洞和协议级攻击需要人工审查
- 误报率低但不是零,需要人工 triage
- 无法验证字节码与源代码一致性(供应链攻击)
## Relationship to Audit
- **第一步**:运行 Slither 进行全量扫描
- **第二步**:人工审查 Slither 标记的所有外部调用
- **第三步**:对 Slither 未发现的问题进行专项人工审计
- **第四步**:使用 [[Echidna]] 和 [[Mythril]] 进行深度分析
## Connections
- [[Blockchain-Security-Auditor]] ← uses ← [[Slither]]
- [[Mythril]] ← alternative analysis ← [[Slither]]
- [[Echidna]] ← fuzzing complement ← [[Slither]]
- [[Trail-of-Bits]] ← developed by ← [[Slither]]
Reference in New Issue View Git Blame Copy Permalink