Slither
cli Freegithub.com
πΊπΈ United States
Quick Facts
What it does
Python-based static analysis framework by Trail of Bits that examines Solidity (0.4+) and Vyper smart contracts for vulnerabilities. Runs 90+ built-in detectors covering reentrancy, uninitialized storage, unchecked calls, and more. Uses an SSA-based intermediate representation (SlithIR) with taint tracking for precise analysis. Integrates with Hardhat, Foundry, Dapp, and Brownie frameworks. Provides an API for writing custom Python-based detectors and built-in printers for contract summaries. Released under AGPL-3.0 license.
When to use it
- Auditing Solidity/Vyper contracts for common vulnerabilities
- Integrating automated security checks into CI/CD pipelines
- Fast first-pass analysis before deeper manual review
- Identifying gas optimization opportunities
- Analyzing inherited contract hierarchies
When not to use it
- Non-EVM blockchains (Solana
- Cosmos
- etc.)
- Complex business logic flaws requiring runtime context
- Deployed bytecode without source code
- As a sole security measure
Limitations
- Solidity/Vyper only
- no Rust
- Move
- or other smart contract languages
- Static analysis cannot catch all exploit paths
- Requires source code
- not bytecode analysis
Frequently Asked Questions
Is Slither free to use?
What platforms does Slither support?
Does Slither require an account?
Is Slither open source?
What are the limitations of Slither?
What does Slither do?
Related Tools
A curated directory and browser-based toolkit for security researchers. GhostKit combines 14+ client-side tools β JS deobfuscation, encoding/decoding, URL analysis, email header parsing, hash generation, JWT/SAML decoding, and more β with a comprehensive directory of external security tools.
Symbolic execution engine for EVM bytecode that detects vulnerabilities like reentrancy and integer overflows by exploring multiple execution paths via SMT solving.
Browser-based smart contract scanner and DeFi security platform that checks tokens for rug pull indicators and vulnerability risk scores across 50+ blockchains.
Enterprise-grade blockchain forensics platform that traces cryptocurrency transactions across 27+ blockchains, identifying real-world entities and following funds through mixers, bridges, and DEXs.