mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 14:14:56 +03:00
mukul975
2.6 KiB
2.6 KiB
API Reference: Analyzing Ethereum Smart Contract Vulnerabilities
Slither CLI
# Basic analysis
slither contracts/
# JSON output
slither contracts/ --json slither-report.json
# Run specific detector only
slither contracts/ --detect reentrancy-eth,unprotected-upgrade
# List all detectors
slither --list-detectors
# Print contract summary
slither contracts/ --print human-summary
# Generate inheritance graph
slither contracts/ --print inheritance-graph
Mythril CLI
# Analyze single contract
myth analyze contracts/Token.sol
# JSON output
myth analyze contracts/Token.sol -o json
# Set execution timeout
myth analyze contracts/Token.sol --execution-timeout 300
# Analyze deployed bytecode
myth analyze --address 0x1234... --rpc infura
# Increase analysis depth
myth analyze contracts/Token.sol --max-depth 50 --transaction-count 3
Slither Detector Severity Levels
| Impact | Confidence | Example Detectors |
|---|---|---|
| High | High | reentrancy-eth, suicidal, arbitrary-send-eth |
| High | Medium | controlled-delegatecall, reentrancy-no-eth |
| Medium | High | locked-ether, incorrect-equality |
| Medium | Medium | uninitialized-state, shadowing-state |
| Low | High | naming-convention, solc-version |
| Informational | High | pragma, dead-code |
SWC Registry (Key Entries)
| SWC ID | Title | Tool Coverage |
|---|---|---|
| SWC-101 | Integer Overflow/Underflow | Mythril |
| SWC-104 | Unchecked Call Return | Slither + Mythril |
| SWC-106 | Unprotected SELFDESTRUCT | Slither + Mythril |
| SWC-107 | Reentrancy | Slither + Mythril |
| SWC-110 | Assert Violation | Mythril |
| SWC-112 | Delegatecall to Untrusted Callee | Slither |
| SWC-115 | tx.origin Authentication | Slither |
| SWC-116 | Block Timestamp Dependence | Mythril |
| SWC-120 | Weak Randomness | Slither |
Installation
# Slither (requires solc)
pip install slither-analyzer
solc-select install 0.8.20
solc-select use 0.8.20
# Mythril
pip install mythril
Slither JSON Output Structure
{
"success": true,
"results": {
"detectors": [{
"check": "reentrancy-eth",
"impact": "High",
"confidence": "Medium",
"description": "Reentrancy in Contract.withdraw()",
"elements": [{"source_mapping": {"filename_short": "Contract.sol", "lines": [42, 43]}}]
}]
}
}
References
- Slither: https://github.com/crytic/slither
- Mythril: https://github.com/Consensys/mythril
- SWC Registry: https://swcregistry.io/
- Solidity Security: https://docs.soliditylang.org/en/latest/security-considerations.html