Skip to content

Instantly share code, notes, and snippets.

import sys
from slither import Slither
assert len(sys.argv) == 2
address = sys.argv[1]
slither = Slither(address)
for contract in slither.contracts_derived:
for var in contract.variables:
if not var.is_constant and not var.is_immutable:
(slot, offset) = contract.compilation_unit.storage_layout_of(
slither-read-storage rinkeby:0x172eaee7020f12b2e98f6bfd3be95a1be363fd82 ZETA --key 1 --struct-var b --rpc-url https://rinkeby.infura.io/v3/$INFURA --etherscan-apikey $SCAN
slither-read-storage rinkeby:0x172eaee7020f12b2e98f6bfd3be95a1be363fd82 ALPHA --rpc-url https://rinkeby.infura.io/v3/$INFURA --etherscan-apikey $SCAN
slither-read-storage rinkeby:0x172eaee7020f12b2e98f6bfd3be95a1be363fd82 BETA --rpc-url https://rinkeby.infura.io/v3/$INFURA --etherscan-apikey $SCAN
slither-read-storage rinkeby:0x172eaee7020f12b2e98f6bfd3be95a1be363fd82 IOTA --rpc-url https://rinkeby.infura.io/v3/$INFURA --etherscan-apikey $SCAN
slither-read-storage rinkeby:0x172eaee7020f12b2e98f6bfd3be95a1be363fd82 GAMMA --rpc-url https://rinkeby.infura.io/v3/$INFURA --etherscan-apikey $SCAN
slither-read-storage rinkeby:0xb1e6a2d5234c1bdcd44a38b7de2b06b5205ef609 ETA --key 0xb1e6a2d5234c1bdcd44a38b7de2b06b5205ef609 --deep-key 1 --struct-var a --rpc-url https://rinkeby.infura.io/v3/$INFURA --etherscan-apikey $SCAN
slither-read-storage rinkeby:
# add this to your hardhat config
# compilers: [
# {
# version: "0.8.13",
# settings: {
# viaIR: true,
# outputSelection: {
# "*": {
# "*": ["irOptimized"],
# },
pragma solidity =0.8.13;
contract Test {
struct MyStruct{
uint num;
bytes32 info;
}
MyStruct[] myStruct;
function add(uint a, bytes32 b) external {
myStruct.push(MyStruct({num: a, info: b}));
}

Generated with:

slither tests/detectors/constable-states/0.8.0/const_state_variables.sol --detect constable-states --checklist --markdown-root https://github.com/crytic/slither/blob/faed6d7fb2039c231d4631dbed625c7c3d6ae6b5/

Summary

constable-states

Impact: Optimization Confidence: High

  • ID-0

Do you write smart contracts? Want them to be safe and efficient? Read on!

The state of smart contract languages could historically be categorized as lacking constructs that drive programmers to write safe code and being inefficient due to poor optimizations. Oftentimes, programmers write lower level code riddled with footguns in pursuit of gas savings. What if safety and efficiency weren’t at odds?

Here’s how we can eliminate an entire class of bugs without spending an exorbitant amount of gas on safety checks thanks to EIP-1153!

For example, take the following smart contract (Figure 1) which exhibits “read-only reentrancy”. Currently, nothing prevents the following call sequence from succeeding despite there being ambiguity about what value will be returned by DataRace.price during call sequence, X.

Callstack [DataRace.withdraw, msg.sender, X, token.transfer]

# python3 external_calls.py .
# python3 external_calls.py file.sol
# python3 external_calls.py 0xdead
import sys
from slither import Slither
from slither.slithir.operations import HighLevelCall
sl = Slither(sys.argv[1])
for contract in sl.contracts_derived:

Using LLVM from brew installation instead of XCode

PATH="/opt/homebrew/opt/llvm/bin${PATH:+:${PATH}}"; export PATH;

It should return something like:

$clang --version                           
Homebrew clang version 16.0.6
Target: arm64-apple-darwin22.6.0
Thread model: posix
from typing import List, Dict, Set
from slither.core.cfg.node import NodeType, Node
from slither.slithir.variables import LocalIRVariable
from slither.core.variables.local_variable import LocalVariable
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification
from slither.slithir.operations import OperationWithLValue, Operation
from slither import Slither
from slither.slithir.operations import InternalCall, SolidityCall
from slither.core.expressions.super_call_expression import SuperCallExpression
sl = Slither("MyContract.sol")
c = sl.get_contract_from_name("MyContract")[0]
def get_super_calls(x):
super_call_content = ""