The goals of this workshop are to:

• Learn about Slither's API
• Write your first detectors
• Experiment with writing new detectors rules
• Experiment with how to evaluate static analyzers

For each detector:

• Use the example.sol file in the evaluation/NAME directory
• Create more test cases, and try your detector on various codebases
• Highlight any edge-case that is properly detected by your detector in its documentation

The list does not follow a particular order. The read-only-reentrancy is considered as the most challenging detector to write (you might take inspiration from the existing detectors). We would recommend trying to write your own detector's idea after writing 2-3 of the provided ones.

• Novelty and complexity handling
• False alarms rate
• Code quality
• Test quality

• Fork this repo
• Update the detectors in detectors/NAME/detector_name.py
  • For a new detector, update detectors/all_detectors.py to import the class
• Add more tests in evaluation/NAME/. Ensure the code compile with solc 0.8.20 (if another version is needed, precise it)

• Use a python virtual environement.
  • For example: https://virtualenvwrapper.readthedocs.io/en/latest/
  • mkvirtualenv secureum - generate a python virtual env
  • workon secureum - open the virtual env
• From the virtual env, run pip install -e .. This will add the detectors in slither.
• You can then run you new detector with slither path/to/file.sol --detect NAME

Ask in discord if you have problems

Send your fork of this repo to josselin@trailofbits.com by Sunday 23th end of day (no timezone requirement):

• Either with a zipfile
• Or if you use a private github repo, add montyly to the repo

You can provide a readme with any relevant details (ex: highligting specific edge case handled, showing the different tests)

• Tutorials
• Adding a new detector
• Slides