← All Providers

Slither

cli Free

github.com

πŸ‡ΊπŸ‡Έ United States

Quick Facts

Open Source
Yes GitHub
Platforms
windowsmaclinux
API Available
yes
Account
Required
Skill Level
intermediate
Offline Capable
Yes
Output Formats
jsontxtmarkdown

What it does

Python-based static analysis framework by Trail of Bits that examines Solidity (0.4+) and Vyper smart contracts for vulnerabilities. Runs 90+ built-in detectors covering reentrancy, uninitialized storage, unchecked calls, and more. Uses an SSA-based intermediate representation (SlithIR) with taint tracking for precise analysis. Integrates with Hardhat, Foundry, Dapp, and Brownie frameworks. Provides an API for writing custom Python-based detectors and built-in printers for contract summaries. Released under AGPL-3.0 license.

When to use it

  • Auditing Solidity/Vyper contracts for common vulnerabilities
  • Integrating automated security checks into CI/CD pipelines
  • Fast first-pass analysis before deeper manual review
  • Identifying gas optimization opportunities
  • Analyzing inherited contract hierarchies

When not to use it

  • Non-EVM blockchains (Solana
  • Cosmos
  • etc.)
  • Complex business logic flaws requiring runtime context
  • Deployed bytecode without source code
  • As a sole security measure

Limitations

  • Solidity/Vyper only
  • no Rust
  • Move
  • or other smart contract languages
  • Static analysis cannot catch all exploit paths
  • Requires source code
  • not bytecode analysis

Frequently Asked Questions

Is Slither free to use?
Yes, Slither is completely free to use with no subscription required.
What platforms does Slither support?
Slither is available on Windows, macOS, Linux.
Does Slither require an account?
No, Slither does not require an account. You can use it without signing up.
Is Slither open source?
Yes, Slither is open source. The source code is available on GitHub.
What are the limitations of Slither?
Solidity/Vyper only no Rust Move
What does Slither do?
Slither is a command-line tool for web3 security. Python-based static analysis framework by Trail of Bits that examines Solidity (0.4+) and Vyper smart contracts for vulnerabilities. Runs 90+ built-in detectors covering reentrancy, uninitialized stor

Categories

Comparing (/4):

Tool Comparison

Feature
Type
Pricing
Platforms
Description