0.10.2 - 2024-04-08

This minor release contains several enhancements and resolves several bugs, most notably:

• Revamps slither-mutate with first class support for Foundry projects (see quickstart)
• New detector identifies unused imports (slither . --detect unused-import)
• Resolves longstanding issues in import resolution and lack of support for aliases (see https://github.com/crytic/slither/issues/1452)
• Improves the reference/declaration API in order to facilitate LSP integration
• Accurately models implicit returns in the intermediate representation (see https://github.com/crytic/slither/pull/1880)

We would like to thank our external contributors:

• @Tiko7454
• @dokzai
• @rustrover
• @eltociear
• @majorteach
• @kevinclancy
• @nsiregar
• @bart1e

New Features

• Slither-mutate: fit and finish by @bohendo in https://github.com/crytic/slither/pull/2302
• Feat: add detector for unused imports by @0xalpharush in https://github.com/crytic/slither/pull/2392
• Add virtual and override attribute in Function by @smonicas in https://github.com/crytic/slither/pull/2333
• Feat/virtual override with refs by @0xalpharush in https://github.com/crytic/slither/pull/2376

Bug Fixes

• Fix CONTINUE node in the cfg by @Tiko7454 in https://github.com/crytic/slither/pull/2047
• Update inheritance graph printer to handle multiple contracts with same names by @dokzai in https://github.com/crytic/slither/pull/2159
• Fix parsing of events by @smonicas in https://github.com/crytic/slither/pull/2365
• Slither-mutate: bugfix when two files have the same name by @DarkaMaul in https://github.com/crytic/slither/pull/2357
• Add support for send builtin by @0xalpharush in https://github.com/crytic/slither/pull/2212
• Fix IR for top level functions with using-for by @smonicas in https://github.com/crytic/slither/pull/2367
• Update PR#2034 by @0xalpharush in https://github.com/crytic/slither/pull/2384
• Fix: preserve empty tuple components during declaration-to-assignment conversion by @kevinclancy in https://github.com/crytic/slither/pull/2034
• Fix: guard literal implicit conversion for arrays by @0xalpharush in https://github.com/crytic/slither/pull/2383
• Fix: add missing references in the source mapping API by @0xalpharush in https://github.com/crytic/slither/pull/2371
• Fix: support aliases for NewContract operation by @0xalpharush in https://github.com/crytic/slither/pull/2370
• Fix: add newline to incorrect-modifier output by @0xalpharush in https://github.com/crytic/slither/pull/2386
• ArrayType: Check the folded length in eq by @smonicas in https://github.com/crytic/slither/pull/2331
• Fix: lookup of type alias as member of contract by @0xalpharush in https://github.com/crytic/slither/pull/2404
• Resolve available definitions from import by reference ID by @0xalpharush in https://github.com/crytic/slither/pull/2403
• Filter name-reused detector to only run on Truffle projects (#2390) by @nsiregar in https://github.com/crytic/slither/pull/2394

Enhancements

• Fix/model named returns by @0xalpharush in https://github.com/crytic/slither/pull/2326
• Ci: linter, pylint: upgrade superlinter to v6 by @elopez in https://github.com/crytic/slither/pull/2303
• Add funding metadata to repository by @elopez in https://github.com/crytic/slither/pull/2346
• Create issue-metrics.yml by @0xalpharush in https://github.com/crytic/slither/pull/2366
• Chore: remove repetitive word by @rustrover in https://github.com/crytic/slither/pull/2363
• Update node.py by @eltociear in https://github.com/crytic/slither/pull/2358
• Support python3.12 by @0xalpharush in https://github.com/crytic/slither/pull/2348
• Chore: remove repetitive words by @majorteach in https://github.com/crytic/slither/pull/2373
• Implement pytest parameterize on test_implicit_returns (#2350) by @nsiregar in https://github.com/crytic/slither/pull/2381
• Wiki/too many digits by @0xalpharush in https://github.com/crytic/slither/pull/2385
• Upgrade slither-mutate readme by @bohendo in https://github.com/crytic/slither/pull/2391
• Add all variables read/written by @smonicas in https://github.com/crytic/slither/pull/2368
• Add test for https://github.com/crytic/slither/pull/2331 by @0xalpharush in https://github.com/crytic/slither/pull/2405
• Prepare for 0.10.2 release by @0xalpharush in https://github.com/crytic/slither/pull/2406
• Removed unused import by @0xalpharush in https://github.com/crytic/slither/pull/2408

New Contributors

• @rustrover made their first contribution in https://github.com/crytic/slither/pull/2363
• @DarkaMaul made their first contribution in https://github.com/crytic/slither/pull/2357
• @eltociear made their first contribution in https://github.com/crytic/slither/pull/2358
• @majorteach made their first contribution in https://github.com/crytic/slither/pull/2373
• @nsiregar made their first contribution in https://github.com/crytic/slither/pull/2381

Full Changelog: https://github.com/crytic/slither/compare/0.10.1...0.10.2

0.10.1 - 2024-02-29

This is a minor release that adds support for Solidity 0.8.24 and top level events. It includes a new detector, out-of-order-retryable, which detects potential misuse of Arbitrum's retryable transactions. Also, there is a new CLI flag, --include-paths which allows one to only include results from a given path.

We would like to thank all of our external contributors:

• @VIELITE
• @mds1
• @UsmannK
• @ATREAY
• @dokzai

What's Changed

New Features

• Add support top level events by @smonicas in https://github.com/crytic/slither/pull/2219
• Add support Solidity 0.8.24 by @smonicas in https://github.com/crytic/slither/pull/2281
• Add --include-paths option by @smonicas in https://github.com/crytic/slither/pull/2330
  • For example, slither . --include-paths (src/|contracts/) will only include results from files within src or contracts directory. Note, this is uses python-style regex and cannot be used at the same time as --filter-paths.
• Feat: out of order retryable detector by @0xalpharush in https://github.com/crytic/slither/pull/2340

Bug Fixes

• Fix: is_reentrant for internal vyper functions by @0xalpharush in https://github.com/crytic/slither/pull/2211
• Fix: iterative update by @0xalpharush in https://github.com/crytic/slither/pull/2206
• Fix: detect selfdestruct in internal calls by @0xalpharush in https://github.com/crytic/slither/pull/2232
• Fix using for when used with "this" by @smonicas in https://github.com/crytic/slither/pull/2224
• Fix: broken doc links by @mds1 in https://github.com/crytic/slither/pull/2299
• Fix: slither: utils: respect colorization state when printing tables by @elopez in https://github.com/crytic/slither/pull/2310
• Fix: support inheritance resolution when contract name is reused by @0xalpharush in https://github.com/crytic/slither/pull/2332
• Fix: support renaming in base inheritance and base constructor calls by @0xalpharush in https://github.com/crytic/slither/pull/2320
• Fix: immediate inheritance by @Tiko7454 in https://github.com/crytic/slither/pull/2306

Enhancements

• Update README.md by @VIELITE in https://github.com/crytic/slither/pull/2198
• Update installation instrucitons by @0xalpharush in https://github.com/crytic/slither/pull/2189
• Update Dockerfile by @0xalpharush in https://github.com/crytic/slither/pull/2188
• Raise an error when a missing contract is specified to read-storage by @UsmannK in https://github.com/crytic/slither/pull/2235
• Remove unused files by @0xalpharush in https://github.com/crytic/slither/pull/2197
• Substituted the letter z with x in pre-declaration by @ATREAY in https://github.com/crytic/slither/pull/2258
• Upgraded Slither-mutate by @vishnuram1999 in https://github.com/crytic/slither/pull/2278
• Divide-before-multiply: Detect also in modifiers by @smonicas in https://github.com/crytic/slither/pull/2280
• Properties, documentation: correct tool descriptions and usage by @elopez in https://github.com/crytic/slither/pull/2311
• Fix example by @0xalpharush in https://github.com/crytic/slither/pull/2312
• Make triage database path customizable by @elopez in https://github.com/crytic/slither/pull/2298
• Create a variable API that filters out constants and immutables by @dokzai in https://github.com/crytic/slither/pull/2323
• Add regression test for #2313 by @0xalpharush in https://github.com/crytic/slither/pull/2321
• Msg-value-loop: Don't report if msg.value is in a conditional expression by @smonicas in https://github.com/crytic/slither/pull/2239
• Incorrect-shift: Detect only assembly blocks by @smonicas in https://github.com/crytic/slither/pull/2315
• Track storage variables read/written in assembly by @smonicas in https://github.com/crytic/slither/pull/2329

New Contributors

• @VIELITE made their first contribution in https://github.com/crytic/slither/pull/2198
• @UsmannK made their first contribution in https://github.com/crytic/slither/pull/2235
• @ATREAY made their first contribution in https://github.com/crytic/slither/pull/2258
• @vishnuram1999 made their first contribution in https://github.com/crytic/slither/pull/2278

Full Changelog: https://github.com/crytic/slither/compare/0.10.0...0.10.1

0.10.0 - 2023-10-18

This release adds support for Vyper 0.3.7 (thanks to the funding from VyperLang)! Currently, Vyper frameworks such as Ape are not supported. To run slither on Vyper codebases, target the source directory e.g. run slither ./contracts if the Vyper contracts are in the contracts/ directory.

Additionally, this release includes 5 new detectors, 3 new printers, and several bugs fixes related to recent solidity features. The echidna/medusa integration was sped up and provides more information to the fuzzers.

With the release of crytic-compile 0.3.5, support for foundry projects is significantly improved: Slither can now be run on a single file from a foundry project and detect the necessary imports automatically (ex: run slither contracts/some_file.sol instead of slither . ).

We would like to thank all of our external contributors:

• @dokzai
• @kevinclancy
• @SEJeff
• @SheldonHolmgren
• @yisun92
• @Tiko7454

What's Changed

New Features:

• Vyper support by @0xalpharush in PR #2099
• 5 new detectors by @montyly in PR #2156
  • incorrect-return / return-leave / incorrect-exp / tautological-compare / return-bomb
• Printers
  • ck by @devtooligan in PR #1895
  • halstead by @devtooligan in PR #1878
  • martin by @devtooligan in PR #1889

Breaking Changes:

• Improve name resolution of type aliases by @smonicas in PR #2061
• Change return type to UnaryType instead of UnaryOperationType by @dokzai in PR #2124

Enhancements:

• Add CustomError as printable output by @smonicas in PR #2063
• Improve mapping-deletion detector for nested mappings by @smonicas in PR #2084
• Improve constants extraction of ReferenceVariable by @smonicas in PR #2098
• Better struct handling in code generation util by @webthethird in PR #2068
• Add end assembly node in the cfg by @smonicas in PR #2078
• Use crytic-compile 0.3.5

Bug Fixes:

• Fix CONTRIBUTING.md by @smonicas in PR #2052
• Fix ternary rewrite test and make assertion more strict by @0xalpharush in PR #2067
• UnaryOperation: -variable and +variable doesn't make variable an lvalue by @SheldonHolmgren in PR #2027
• Fix assertion failure in dominator computation for dead code by @Tiko7454 in PR #1984
• Fix typo in Contract.get_state_variable_from_canonical_name() by @yisun92 in PR #1983
• Fix divide before multiply detector non deterministic results by @smonicas in PR #2114
• Detectors: cache_array_length: include source mapping in finding by @elopez in PR #2076
• Fix a typo in the help text by @SEJeff in PR #2155
• Fix abi.decode tuple result with udt by @smonicas in PR #2048
• Fix parsing super call expression by @smonicas in PR #2151
• Fix(convert): do not convert array type to elementary for InitArray by @0xalpharush in PR #2018
• Fix: reorder named arguments to match declaration order by @kevinclancy in PR #1949
• Fix enum.max/min when enum in other contract by @smonicas in PR #2051

Continuous Integration and Dependencies:

• Bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.10 by @dependabot in PR #2049, PR #2086
• ci: add problem matchers for yamllint and pylint by @0xalpharush in PR #2070
• Bump sigstore to 2.1.0 by @0xalpharush in PR #2081, PR #2154
• Fix CI by @montyly in PR #2170
• chore: bump sigstore to 2.0.0 by @0xalpharush in PR #2081
• Bump actions/upload-pages-artifact, actions/checkout, cachix/install-nix-action, docker/setup-buildx-action, docker/build-push-action, docker/setup-qemu-action, docker/login-action by @dependabot in PR #2044, PR #2112, PR #2111, PR #2132, PR #2133, PR #2134, PR #2135

New Contributors

• @SheldonHolmgren made their first contribution in https://github.com/crytic/slither/pull/2027
• @yisun92 made their first contribution in https://github.com/crytic/slither/pull/1983
• @dokzai made their first contribution in https://github.com/crytic/slither/pull/2110
• @SEJeff made their first contribution in https://github.com/crytic/slither/pull/2155

Full Changelog: https://github.com/crytic/slither/compare/0.9.6...0.10.0

0.9.6 - 2023-07-06

This release fixes a regression in the unchecked-lowlevel call detector and a crash in the cache-array-length detector.

What's Changed

• fix(cache-array-length): handle when HighLevelCall is a StateVariable by @0xalpharush in https://github.com/crytic/slither/pull/2019
• fix regression that caused retdata to be flagged by @0xalpharush in https://github.com/crytic/slither/pull/2029
• docs(readme): add new docs link by @sambacha in https://github.com/crytic/slither/pull/2010

New Contributors

• @dependabot made their first contribution in https://github.com/crytic/slither/pull/1992
• @sambacha made their first contribution in https://github.com/crytic/slither/pull/2010

Full Changelog: https://github.com/crytic/slither/compare/0.9.5...0.9.6

0.9.5 - 2023-06-28

This is a patch release that fixes forward compatibility with Python 3.11.

What's Changed

• Fix execution in Python 3.11 by @elopez in https://github.com/crytic/slither/pull/2002

Full Changelog: https://github.com/crytic/slither/compare/0.9.4...0.9.5

0.9.4 - 2023-06-26

This release adds initial support of user defined operators, improves support for try catch, reduces false positives, and fixes numerous bugs. Finally three new detectors, one new printer, and one new tool were added.

We would like to thank all of our external contributors:

• @0xGusMcCrae
• @0xxfu
• @A-23187
• @DarrenChangJR
• @PaulRBerg
• @Tiko7454
• @Troublor
• @aga7hokakological
• @bossjoker1
• @daog1
• @duelinggalois
• @kevinclancy
• @ydm

For CI integration: If you were using the fail-high, fail-medium, fail-low, fail-pedantic in slither.conf.json, Slither will warn these configurations are deprecated and recommend migrating to the respective fail-on config e.g. fail-high becomes fail-on: high. These flags are now decoupled from excluding which detectors run, meaning the flags --exclude-informational and --exclude-optimization will be honored without also passing --no-fail-pedantic. Consider using slither-action for CI integration

Added

• Detectors
  • cache-array-length: Detects for loops that use length member of some storage array in their loop condition and don't modify it by @bart1e in https://github.com/crytic/slither/pull/1694
  • encode-packed-collision: Detects collisions caused by use of encode packed on dynamic types by @0xalpharush in https://github.com/crytic/slither/pull/1845
  • incorrect-using-for: Detects using-for statement usage when no function from a given library matches a given type by @bart1e in https://github.com/crytic/slither/pull/1653
• Printer
  • loc- Count the total number lines of code (LOC), source lines of code (SLOC), and comment lines of code (CLOC) found in source files (SRC), dependencies (DEP), and test files (TEST) - by @devtooligan in https://github.com/crytic/slither/pull/1882
• Tool
  • slither-interface generates a Solidity interface for a given contract. by @0xGusMcCrae in https://github.com/crytic/slither/pull/1898
  • slither-read-storage can know retrieve custom storage layouts e.g. proxy with the --unstructured flag by @webthethird and @0xalpharush in https://github.com/crytic/slither/pull/1963
  • slither-read-storage native POA support by @webthethird in https://github.com/crytic/slither/pull/1843

• Solidity
  • Support user defined operators by @smonicas in https://github.com/crytic/slither/pull/1684
  • Add support for prevrando (solc 0.8.18) by @0xalpharush in https://github.com/crytic/slither/pull/1946
• Testing
  • Run tests in parallel locally with makefile by @0xalpharush in https://github.com/crytic/slither/pull/1808
  • Snapshot testing insta by @0xalpharush in https://github.com/crytic/slither/pull/1820
• APIs
  • Generate interface code in new slither.utils.code_generation by @webthethird in https://github.com/crytic/slither/pull/1730
  • Add upgradeability utils by @webthethird in https://github.com/crytic/slither/pull/1757

• Add more types hints by @montyly in https://github.com/crytic/slither/pull/1666

Changed

• Remove ExpressionTyped by @montyly in https://github.com/crytic/slither/pull/1672
• Remove core.children by @montyly in https://github.com/crytic/slither/pull/1673
• Remove unused visitors by @montyly in https://github.com/crytic/slither/pull/1674
• Remove is_top_level dead code by @0xalpharush in https://github.com/crytic/slither/pull/1812
• Remove modulo binop from can_be_checked_for_overflow by @0xalpharush in https://github.com/crytic/slither/pull/1894
• Update CONTRIBUTING.md to explain compiling and adding snapshot tests by @0xalpharush in https://github.com/crytic/slither/pull/1844
• Upgrade prettytable, use colored table by @0xalpharush in https://github.com/crytic/slither/pull/1766
• Fail-on: rework feature by @elopez in https://github.com/crytic/slither/pull/1462
• Changed name of the printer pausable -> not-pausable by @aga7hokakological in https://github.com/crytic/slither/pull/1823

Fixed

• Do not detect incorrect-shift when rhs is constant by @0xalpharush in https://github.com/crytic/slither/pull/1891
• Reduce false positives for incorrect-equality detector by @0xalpharush in https://github.com/crytic/slither/pull/1890
• Incorrect-equality: do not check addresses by @ydm in https://github.com/crytic/slither/pull/1713
• Fix is_storage for calldata variables by @smonicas in https://github.com/crytic/slither/pull/1806
• Fixed: pausable printer includes checks on constructor() by @aga7hokakological in https://github.com/crytic/slither/pull/1824
• Support new bytes expr in ternary by @0xalpharush in https://github.com/crytic/slither/pull/1817
• Fix try catch infinite recursion by @smonicas in https://github.com/crytic/slither/pull/1832
• Fix abi.decode with a UserDefinedType fixed array by @smonicas in https://github.com/crytic/slither/pull/1855
• Preserve the order of sons when splitting ternary node by @Troublor in https://github.com/crytic/slither/pull/1850
• Bug Fix: Contract obj is_fully_implemented by @DarrenChangJR in https://github.com/crytic/slither/pull/1848
• Remove assertion in unary operation by @smonicas in https://github.com/crytic/slither/pull/1856
• Improved interface code generation in slither.utils.code_generation by @webthethird in https://github.com/crytic/slither/pull/1802
• Fix abi decode by @daog1 in https://github.com/crytic/slither/pull/1892
• Improve reentrancy events documentation by @0xalpharush in https://github.com/crytic/slither/pull/1903
• Add tx.gasprice to generic taints by @0xalpharush in https://github.com/crytic/slither/pull/1769
• Make slither-flat work for top level errors, structs, enums by @smonicas in https://github.com/crytic/slither/pull/1852
• Fix issue #1849: type_str not returning str by @DarrenChangJR in https://github.com/crytic/slither/pull/1914
• FIx return variables shadowing compact AST by @smonicas in https://github.com/crytic/slither/pull/1912
• Fix pop IR by @smonicas in https://github.com/crytic/slither/pull/1905
• Parse assembly in modifier by @smonicas in https://github.com/crytic/slither/pull/1896
• Improve tuple analysis for unused-return detector by @smonicas in https://github.com/crytic/slither/pull/1861
• Uninitialized-local don't report variable in loop header by @smonicas in https://github.com/crytic/slither/pull/1911
• Make type information of NewArray more precise by @Troublor in https://github.com/crytic/slither/pull/1784
• Catch AssertionError and log context and raise again while parsing by @duelinggalois in https://github.com/crytic/slither/pull/1873
• Fix generate_source_to_evm_ins_mapping by @A-23187 in https://github.com/crytic/slither/pull/1567
• Local variable location fix by @Tiko7454 in https://github.com/crytic/slither/pull/1942
• Fix: make _convert_to_structure_to_list return a type instead of an ElementaryType's type field by @kevinclancy in https://github.com/crytic/slither/pull/1935
• Detect when ether is sent in Yul by @smonicas in https://github.com/crytic/slither/pull/1909
• Fix bytes pop ir by @smonicas in https://github.com/crytic/slither/pull/1926
• Do not recommend changing mutability for abstract contracts by @0xalpharush in https://github.com/crytic/slither/pull/1952
• Improve try-catch parsing by @smonicas in https://github.com/crytic/slither/pull/1862
• Fix yul function calls by @smonicas in https://github.com/crytic/slither/pull/1917
• Optimizations for similar_variables.py by @0xGusMcCrae in https://github.com/crytic/slither/pull/1945
• Inform user if inheritance cannot be resolved by @0xalpharush in https://github.com/crytic/slither/pull/1956
• Handle if crytic-compile returns an empty ast by @smonicas in https://github.com/crytic/slither/pull/1961
• Reduce false positives on modifying storage array by value detector by @bossjoker1 in https://github.com/crytic/slither/pull/1962
• Docs: update recommendation for msg.value-inside-a-loop by @PaulRBerg in https://github.com/crytic/slither/pull/1971
• Use current scope instead of parent scope to determine if arith. is checked by @0xalpharush in https://github.com/crytic/slither/pull/1951
• Improved is_function_modified in upgradeability util by @webthethird in https://github.com/crytic/slither/pull/1938
• Perform cross-contract taint analysis from diff of two upgrade versions by @webthethird in https://github.com/crytic/slither/pull/1816
• Additional optimizations for similar_variables.py by @0xGusMcCrae in https://github.com/crytic/slither/pull/1980
• Fix/canonical event name by @0xxfu in https://github.com/crytic/slither/pull/1976
• Fixed issue which disallowed using operator[] with TopLevelVariables by @Tiko7454 in https://github.com/crytic/slither/pull/1968

New Contributors

• @aga7hokakological made their first contribution in https://github.com/crytic/slither/pull/1824
• @DarrenChangJR made their first contribution in https://github.com/crytic/slither/pull/1848
• @ydm made their first contribution in https://github.com/crytic/slither/pull/1713
• @daog1 made their first contribution in https://github.com/crytic/slither/pull/1892
• @0xGusMcCrae made their first contribution in https://github.com/crytic/slither/pull/1898
• @duelinggalois made their first contribution in https://github.com/crytic/slither/pull/1873
• @A-23187 made their first contribution in https://github.com/crytic/slither/pull/1567
• @Tiko7454 made their first contribution in https://github.com/crytic/slither/pull/1942
• @kevinclancy made their first contribution in https://github.com/crytic/slither/pull/1935
• @PaulRBerg made their first contribution in https://github.com/crytic/slither/pull/1971

Full Changelog: https://github.com/crytic/slither/compare/0.9.3...0.9.4

0.9.3 - 2023-03-20

This release adds a new detector for high complexity functions, improves Echidna's performance (on enums), adds support for less common and new Solidity features (ternary operations, using for, and yul support), and improves slither-read-storage and existing detectors.

Additionally, we're so excited that Slither has been nominated in the latest round of @optimismFND 's RetroPGF's program! If you vote for these projects, please select Slither as one of your favorite tools from now until March 23!

We have also opened a GitHub discussion page for Slither to more easily communicate with our community of users and developers.

Finally, we would like to thank all of our external contributors:

• @bart1e
• @CodeSandwich
• @Troublor
• @sidarth16

Added

• Detector: High cyclomatic complexity @bart1e in https://github.com/crytic/slither/pull/1618
• Clarify requirement of installing solc by @CodeSandwich in https://github.com/crytic/slither/pull/1599
• Slither-check-upgradeability: support complex datatypes by @webthethird in https://github.com/crytic/slither/pull/1535
• Add enums to echidna printer's list of constants by @samalws in https://github.com/crytic/slither/pull/1665
• Add cyclomatic complexity to function-summary by @smonicas in https://github.com/crytic/slither/pull/1685
• Add github pages docs by @0xalpharush in https://github.com/crytic/slither/pull/1656
• Add issue template for trouble with installation by @0xalpharush in https://github.com/crytic/slither/pull/1623
• APIs
  • Add unregister_detector by @sidarth16 in https://github.com/crytic/slither/pull/1722
  • Add unregister_printer by @sidarth16 in https://github.com/crytic/slither/pull/1724

Changed

• Detectors improvements
  • Detect local shadowing of return vars by @0xalpharush in https://github.com/crytic/slither/pull/1510
  • Consider constants in divide-before-multiply by @0xalpharush in https://github.com/crytic/slither/pull/1641
  • Do not recommend to making strings immutable by @0xalpharush in https://github.com/crytic/slither/pull/1639
  • Restrict variable-scope detector to only solc 0.4.x by @0xalpharush in https://github.com/crytic/slither/pull/1731

• Minor codex improvements by @montyly in https://github.com/crytic/slither/pull/1600
• Minor API improvements by @montyly in https://github.com/crytic/slither/pull/1601
• Use enum string formatting by @0xalpharush in https://github.com/crytic/slither/pull/1636
• Add more types by @montyly in https://github.com/crytic/slither/pull/1624
• Update list of external publications by @montyly in https://github.com/crytic/slither/pull/1738
• Abstract contract property by @bsamuels453 in https://github.com/crytic/slither/pull/1679
• Improve echidna printer for user defined types by @montyly in https://github.com/crytic/slither/pull/1690
• Revert "show ignored findings by default for checklist" by @0xalpharush in https://github.com/crytic/slither/pull/1643
• Improve tests from 1625 by @montyly in https://github.com/crytic/slither/pull/1741
• Improve parsing of contract's comment by @montyly in https://github.com/crytic/slither/pull/1734
• Update filter-paths help by @0xalpharush in https://github.com/crytic/slither/pull/1749
• Slithir printer improve top level functions format by @smonicas in https://github.com/crytic/slither/pull/1744
• Add issue template for false neg. and positive by @0xalpharush in https://github.com/crytic/slither/pull/1753
• Make web3 required dependency by @0xalpharush in https://github.com/crytic/slither/pull/1743
• Update reentrancy_eth.py by @sidarth16 in https://github.com/crytic/slither/pull/1706

• CI
  • Run tests in parallel by @0xalpharush in https://github.com/crytic/slither/pull/1637
  • Only run python linters when .py changed by @0xalpharush in https://github.com/crytic/slither/pull/1638
  • Cancel action on new commits by @montyly in https://github.com/crytic/slither/pull/1661
  • Improvements to GH actions by @montyly in https://github.com/crytic/slither/pull/1662
  • Further CI improvements by @montyly in https://github.com/crytic/slither/pull/1663
  • Update linter.yml name by @0xalpharush in https://github.com/crytic/slither/pull/1770
  • Upgrade nix installation to fix CI installation by @0xalpharush in https://github.com/crytic/slither/pull/1711

Fixed

• Fix ternary in nested expressions @0xalpharush in https://github.com/crytic/slither/pull/1650
• Fix CI badge in README by @elopez in https://github.com/crytic/slither/pull/1603
• Bugs fixed in strongly connected components and cyclomatic complexity algorithms by @bart1e in https://github.com/crytic/slither/pull/1617
• 'Not in UPPER_CASE_WITH_UNDERSCORES' warning for public constant vars removed by @bart1e in https://github.com/crytic/slither/pull/1530
• Missing references fix by @bart1e in https://github.com/crytic/slither/pull/1604
• Fix support for constant variable lookup in yul by @montyly in https://github.com/crytic/slither/pull/1611
• Uninitialized storage fix by @0xalpharush in https://github.com/crytic/slither/pull/1725
• Fix stdout capture by @0xalpharush in https://github.com/crytic/slither/pull/1740
• Move assertion to proper branch by @montyly in https://github.com/crytic/slither/pull/1691
• Include salt in operation, NewContract, reads by @0xalpharush in https://github.com/crytic/slither/pull/1762
• Fix declaration and evm printer by @0xalpharush in https://github.com/crytic/slither/pull/1765
• Fix IR operation when initializing array with one-element array literal by @Troublor in https://github.com/crytic/slither/pull/1761
• WIKI URL fixed by @bart1e in https://github.com/crytic/slither/pull/1695
• Fix using for global function name collision by @0xalpharush in https://github.com/crytic/slither/pull/1625

New Contributors

• @CodeSandwich made their first contribution in https://github.com/crytic/slither/pull/1599
• @samalws made their first contribution in https://github.com/crytic/slither/pull/1665
• @sidarth16 made their first contribution in https://github.com/crytic/slither/pull/1722
• @bsamuels453 made their first contribution in https://github.com/crytic/slither/pull/1679
• @Troublor made their first contribution in https://github.com/crytic/slither/pull/1761

Full Changelog: https://github.com/crytic/slither/compare/0.9.2...0.9.3

0.9.2 - 2023-01-11

This release integrates codex into Slither via two features:

• slither-documentation, a tool to auto-generate natspec for every function. See the usage on solmate.
• the codex detector, which uses GPT3 to find vulnerabilities. This detector is not run by default and requires an explicit opt-in by using the --codex flag.

For both features, the environment variable OPENAI_API_KEY must be set. These features are experimental, and we recommend reading OpenAI's ToS, in particular, if you are using it on a private codebase. We will be exploring other areas where we can leverage LLM within Slither, and we would love the community's feedback and ideas.

Additionally, this release contains two new detectors, and refinements to existing detectors. This includes a better handling of nonReentrant for reentrancy detection, lowering the number of false alarms. Finally, this release contains several bug fixes and improvements for Solidity features such as "using for" directives and user defined value types.

We would like to thank all of our external contributors: -@ardislu -@bart1e -@devtooligan -@devtooligan -@mds1 -@Pavan-Nambi -@pcaversaccio -@plotchy

Thanks to the community effort, slither has now reached 100+ contributors.

Added

• Add Codex vulnerability detector by @montyly and @devtooligan in https://github.com/crytic/slither/pull/1498, https://github.com/crytic/slither/pull/1499
• Use Codex to generate solidity documentation by @montyly in https://github.com/crytic/slither/pull/1494
• New detectors:
  • recommend reading variable without this keyword to reduce STATICCALLs by @0xalpharush in https://github.com/crytic/slither/pull/1484
  • recommend making state variables immutable by @0xalpharush in https://github.com/crytic/slither/pull/1455
• Enable ignore comments for sections of code by @mds1 in https://github.com/crytic/slither/pull/1461, https://github.com/crytic/slither/pull/1483
  • // slither-disable-start [detector] ... // slither-disable-end [detector]
• Mark contract as proxy/ upgradeable with custom comments by @webthethird and @montyly in https://github.com/crytic/slither/pull/1517, https://github.com/crytic/slither/pull/1522
  • @custom:security isDelegatecallProxy, @custom:security isUpgradeable, @custom:security version name=[v1]
• Support ternaries in function call options by @0xalpharush in https://github.com/crytic/slither/pull/1501
• Fold binary expressions with constant operands for fuzzing guidance by @0xalpharush in https://github.com/crytic/slither/pull/1508
• Support abi.encodeCall by @plotchy in https://github.com/crytic/slither/pull/1460
• Add VULNERABLE_SOLC_VERSIONS to detectors by @devtooligan and @montyly in https://github.com/crytic/slither/pull/1477, https://github.com/crytic/slither/pull/1485
• Filter upgradeability checks by name/impact by @webthethird in https://github.com/crytic/slither/pull/1532
• Add --no-fail mode for echidna printer by @montyly in https://github.com/crytic/slither/pull/1571
• Create CODEOWNERS by @montyly in https://github.com/crytic/slither/pull/1561
• slither-doctor: check PATH configuration by @elopez in https://github.com/crytic/slither/pull/1550

Changed

• Improve reentrancy detectors by @montyly in https://github.com/crytic/slither/pull/1351
  • Functions with nonReentrant modifiers will be filtered out unless a risk of cross-function reentrancy is detected
• Improve support using for directive by @smonicas in https://github.com/crytic/slither/pull/1378
• Improve support using for with aliasing by @smonicas in https://github.com/crytic/slither/pull/1563
• Replace pysha3 with pycryptodome by @0xalpharush in https://github.com/crytic/slither/pull/1454
• Remove unused PUSH operation from IR by @0xalpharush in https://github.com/crytic/slither/pull/1489
• Sort printer outputs for determinism by @bart1e in https://github.com/crytic/slither/pull/1513
• Use latest setuptools in CI by @montyly in https://github.com/crytic/slither/pull/1542
• Update to the latest crytic-compile source unit API by @montyly in https://github.com/crytic/slither/pull/1528
• Install only necessary solc versions in CI by @Pavan-Nambi in https://github.com/crytic/slither/pull/1546
• Run tests by specific ID by @0xalpharush in https://github.com/crytic/slither/pull/1555

Fixed

• Fix broken links by @pcaversaccio in https://github.com/crytic/slither/pull/1457
• Fix typo in divide before multiply by @0xalpharush in https://github.com/crytic/slither/pull/1449
• Fix dapp CI integration test by @montyly in https://github.com/crytic/slither/pull/1496
• Improve protected variable detector by @montyly in https://github.com/crytic/slither/pull/1497
• Update missing events wiki by @0xalpharush in https://github.com/crytic/slither/pull/1487
• Copy event arguments during ssa conversion by @0xalpharush in https://github.com/crytic/slither/pull/1488
• Fix ExtraVariablesProxy upgradeability check by @webthethird in https://github.com/crytic/slither/pull/1504
• Fix naming-convention to flag single letter O or I variable by @ardislu in https://github.com/crytic/slither/pull/1470
• Fix top level struct parsing by @smonicas in https://github.com/crytic/slither/pull/1545
• Upgradeability: include inherited private variables, ignore immutables by @0xalpharush in https://github.com/crytic/slither/pull/1451
• Fix and re-enable etherscan test by @elopez in https://github.com/crytic/slither/pull/1556
• Fix using for directives in libraries by @smonicas in https://github.com/crytic/slither/pull/1568
• Remove incomplete submodule by @elopez in https://github.com/crytic/slither/pull/1564
• Handle malformed alias solc<0.6.0 by @0xalpharush in https://github.com/crytic/slither/pull/1547
• Improve Yul parsing by @montyly in https://github.com/crytic/slither/pull/1559
• Fix type conversion of user defined value types by @0xalpharush in https://github.com/crytic/slither/pull/1573
• Resolve error referenced as member of contract by @0xalpharush in https://github.com/crytic/slither/pull/1574

New Contributors

• @ardislu made their first contribution in https://github.com/crytic/slither/pull/1470
• @bart1e made their first contribution in https://github.com/crytic/slither/pull/1513
• @devtooligan made their first contribution in https://github.com/crytic/slither/pull/1477
• @mds1 made their first contribution in https://github.com/crytic/slither/pull/1461
• @Pavan-Nambi made their first contribution in https://github.com/crytic/slither/pull/1546
• @webthethird made their first contribution in https://github.com/crytic/slither/pull/1504

Full Changelog: https://github.com/crytic/slither/compare/0.9.1...0.9.2

0.9.1 - 2022-11-03

This release contains several bug fixes, and a new tool - slither-doctor - to help debugging slither.

We would like to thank all our external contributors:

• @emretepedev
• @JorgeAtPaladin
• @mds1
• @medariox
• @PatrickAlphaC
• @zhiqiangxu

Added

• slither-doctor: a new tool to help diagnose issues with Slither (https://github.com/crytic/slither/pull/1384)

Changed

• Add contract types in constant optimization detector (https://github.com/crytic/slither/pull/1443)
• Remove redundant calls (https://github.com/crytic/slither/pull/1434)
• Missing text in solc version recommendation (https://github.com/crytic/slither/pull/1406)
• slither-flat support for top level objects (#1441 )

Fixed

• Missing inherited storage slots in slither-read-storage (https://github.com/crytic/slither/pull/1444)
• Triage mode not working properly (https://github.com/crytic/slither/pull/1435)
• An incorrect parsing of library events (https://github.com/crytic/slither/pull/1442)

0.9.0 - 2022-10-05

This release contains:

• 3 new detectors
• Reduction of false positives in detectors
• Refactoring that will help us adding new features
• Breaking changes in the internal APIs
• Fixes for several bugs and improvements to testing

This release moves the Python requirement to 3.8.

We would like to thank all our external contributors:

• BoboTiG
• CharesFang
• TheStarBoys
• edag94
• h00p30
• htadashi
• jmhickman
• pcaversaccio
• plotchy
• sveitser
• vladyan18
• zjuchenyuan

For Foundry users: we do not support multiple compiler versions at the moment (see https://github.com/foundry-rs/foundry/issues/3450).

Refactored

• The source mapping API, to ease integration with third parties (https://github.com/crytic/slither/pull/877) API breaking change
• Solidity signature API (https://github.com/crytic/slither/pull/1323, https://github.com/crytic/slither/pull/1349, https://github.com/crytic/slither/pull/1356) API breaking change
• slither-read-storage to make it easier to maintain (https://github.com/crytic/slither/pull/1311)

Added

• Detector:
  • arbitrary-send-erc20 (https://github.com/crytic/slither/pull/1025)
  • arbitrary-send-erc20-permit (https://github.com/crytic/slither/pull/1025)
  • domain-separator-collision (https://github.com/crytic/slither/pull/1334)
• Printer
  • Dominator tree (https://github.com/crytic/slither/pull/1342)
• New flags
  • --checklist, to produce a markdown containing slither's results (https://github.com/crytic/slither/pull/1190)
  • --convert-library-to-internal in slither-flat (https://github.com/crytic/slither/issues/1298)
• Hash of known codebase to detect known libraries (https://github.com/crytic/slither/pull/1134)
• Support for ERC1363, ERC4524 in slither-check-erc(https://github.com/crytic/slither/pull/1274)
• Solidity support
  • IdentifierPath(https://github.com/crytic/slither/pull/1227)
  • min/max support for enum (https://github.com/crytic/slither/pull/1276)
  • Top level enum (https://github.com/crytic/slither/pull/1300)
• More python type hints (https://github.com/crytic/slither/pull/1388)
• Testing
  • Tests for unification of path filtering across POSIX and Windows (https://github.com/crytic/slither/pull/1303)
  • Detectors tests (https://github.com/crytic/slither/pull/858)
  • New SSA tests (https://github.com/crytic/slither/pull/1205)
  • Unit tests for new solc version (https://github.com/crytic/slither/pull/1268)
• pip-audit in the CI (https://github.com/crytic/slither/pull/1243)
• Improve setup.py with dev deps (https://github.com/crytic/slither/pull/1178)
• New API to detect if a type is dynamicType.is_dynamic (https://github.com/crytic/slither/pull/1175)

Changed

• Change the exit code returned by Slither (https://github.com/crytic/slither/pull/1278, https://github.com/crytic/slither/pull/1359) If you are using Slither in a CI, check out the new flags --fail-pedantic/--fail-high/--fail-medium/ ... and --no-fail-pedantic. The default behavior is --fail-pedantic, but this will be updated to be --no-fail-pedantic in a future release
• Updated the solc-version recommendations (https://github.com/crytic/slither/pull/1389)
• Remove FPs on the external-functions detectors (https://github.com/crytic/slither/pull/1318)
• Remove FPs on the unprotected_upgradeable detector (https://github.com/crytic/slither/pull/1344)
• Remove immutable variable from the variable order printer (https://github.com/crytic/slither/pull/1184)
• too-many-digits detector: ignore checksummed address (https://github.com/crytic/slither/pull/1193)
• Better python regex (https://github.com/crytic/slither/pull/1200, https://github.com/crytic/slither/pull/1185)
• Improvements to the dockerfile (https://github.com/crytic/slither/pull/1242, https://github.com/crytic/slither/pull/1335, https://github.com/crytic/slither/pull/1369)
• Unify path across POSIX and Windows (https://github.com/crytic/slither/pull/1196)
• Improve debug info in case of name reuse (https://github.com/crytic/slither/pull/870)
• Improvements to the exclude-dependencies flag (https://github.com/crytic/slither/pull/1317)
• Improvements to the function-id printer (https://github.com/crytic/slither/pull/886)
• Improvements to the constant parsing (https://github.com/crytic/slither/pull/1377)
• Improvements to the support of virtual modifier (https://github.com/crytic/slither/pull/1387)
• Use of the latest crytic-compile version (https://github.com/crytic/slither/commit/a008df72bc8ffd6b220ac775d6fd5b9048d00e1d)

Fixed

• Documentation and typos (https://github.com/crytic/slither/pull/1233, https://github.com/crytic/slither/pull/1149, https://github.com/crytic/slither/pull/1239, https://github.com/crytic/slither/pull/1257, https://github.com/crytic/slither/pull/1339, https://github.com/crytic/slither/pull/1386, https://github.com/crytic/slither/pull/1394, https://github.com/crytic/slither/pull/1310)
• Fail if there is not results in sarif output (https://github.com/crytic/slither/pull/1229)
• Disable coloring if output is not a terminal (https://github.com/crytic/slither/pull/1244)
• slither-check-erc output (https://github.com/crytic/slither/pull/1277)
• Custom error with library support (https://github.com/crytic/slither/pull/1267)
• IR related issues (https://github.com/crytic/slither/pull/1230, https://github.com/crytic/slither/pull/1306, https://github.com/crytic/slither/pull/1188, https://github.com/crytic/slither/pull/1348, https://github.com/crytic/slither/pull/1347)
• Incorrect type in function.entry_point (https://github.com/crytic/slither/pull/1307)
• contract_kind assignment (https://github.com/crytic/slither/pull/1308)
• Support for user defined value (https://github.com/crytic/slither/pull/1271)
• Bugs in yul parsing (https://github.com/crytic/slither/pull/1395)