v0.9.0

0.9.0 - 2022-10-05

This release contains:

• 3 new detectors
• Reduction of false positives in detectors
• Refactoring that will help us adding new features
• Breaking changes in the internal APIs
• Fixes for several bugs and improvements to testing

This release moves the Python requirement to 3.8.

We would like to thank all our external contributors:

• BoboTiG
• CharesFang
• TheStarBoys
• edag94
• h00p30
• htadashi
• jmhickman
• pcaversaccio
• plotchy
• sveitser
• vladyan18
• zjuchenyuan

For Foundry users: we do not support multiple compiler versions at the moment (see foundry-rs/foundry#3450).

Refactored

• The source mapping API, to ease integration with third parties (#877) API breaking change
• Solidity signature API (#1323, #1349, #1356) API breaking change
• slither-read-storage to make it easier to maintain (#1311)

Added

• Detector:
  • arbitrary-send-erc20 (#1025)
  • arbitrary-send-erc20-permit (#1025)
  • domain-separator-collision (#1334)
• Printer
  • Dominator tree (#1342)
• New flags
  • --checklist, to produce a markdown containing slither's results (#1190)
  • --convert-library-to-internal in slither-flat (#1298)
• Hash of known codebase to detect known libraries (#1134)
• Support for ERC1363, ERC4524 in slither-check-erc(#1274)
• Solidity support
  • IdentifierPath(#1227)
  • min/max support for enum (#1276)
  • Top level enum (#1300)
• More python type hints (#1388)
• Testing
  • Tests for unification of path filtering across POSIX and Windows (#1303)
  • Detectors tests (#858)
  • New SSA tests (#1205)
  • Unit tests for new solc version (#1268)
• pip-audit in the CI (#1243)
• Improve setup.py with dev deps (#1178)
• New API to detect if a type is dynamicType.is_dynamic (#1175)

Changed

• Change the exit code returned by Slither (#1278, #1359) If you are using Slither in a CI, check out the new flags --fail-pedantic/--fail-high/--fail-medium/ ... and --no-fail-pedantic. The default behavior is --fail-pedantic, but this will be updated to be --no-fail-pedantic in a future release
• Updated the solc-version recommendations (#1389)
• Remove FPs on the external-functions detectors (#1318)
• Remove FPs on the unprotected_upgradeable detector (#1344)
• Remove immutable variable from the variable order printer (#1184)
• too-many-digits detector: ignore checksummed address (#1193)
• Better python regex (#1200, #1185)
• Improvements to the dockerfile (#1242, #1335, #1369)
• Unify path across POSIX and Windows (#1196)
• Improve debug info in case of name reuse (#870)
• Improvements to the exclude-dependencies flag (#1317)
• Improvements to the function-id printer (#886)
• Improvements to the constant parsing (#1377)
• Improvements to the support of virtual modifier (#1387)
• Use of the latest crytic-compile version (a008df7)

Fixed

• Documentation and typos (#1233, #1149, #1239, #1257, #1339, #1386, #1394, #1310)
• Fail if there is not results in sarif output (#1229)
• Disable coloring if output is not a terminal (#1244)
• slither-check-erc output (#1277)
• Custom error with library support (#1267)
• IR related issues (#1230, #1306, #1188, #1348, #1347)
• Incorrect type in function.entry_point (#1307)
• contract_kind assignment (#1308)
• Support for user defined value (#1271)
• Bugs in yul parsing (#1395)