Question 1

How do I exclude mocks or tests from Slither analysis?

Accepted Answer

Use path filtering as described in the documentation. Slither allows you to specify directories to exclude via command-line options, ensuring only production code is scanned for vulnerabilities.

Question 2

Slither vs Mythril: which is better for smart contract auditing?

Accepted Answer

Slither excels in static analysis with low false positives and fast performance, while Mythril offers dynamic symbolic execution for runtime issues. For thorough audits, combine both tools to cover static and dynamic aspects.

Question 3

How to write a custom detector in Slither?

Accepted Answer

Leverage the Python API and SlithIR intermediate representation to define new detectors. The README links to detector documentation and API guides for step-by-step instructions on extending Slither.

Question 4

Does Slither work with Vyper contracts?

Accepted Answer

Yes, Slither extends its static analysis capabilities to Vyper smart contracts, making it a versatile tool for auditing projects using either Solidity or Vyper on Ethereum-based blockchains.

Question 5

How to integrate Slither into a GitHub Actions workflow?

Accepted Answer

Use the slither-action from the GitHub Marketplace. Configure it in your workflow YAML file to run Slither automatically on pushes or pull requests, with options for report generation.

Question 6

What Python version is required for Slither?

Accepted Answer

Slither requires Python 3.10 or higher, as specified in the installation section. Ensure your environment meets this requirement; older versions may cause compatibility issues during setup.

slither

What is slither?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions