How To Find Smart Contract Vulnerabilities Automatically: Slither Complete Tutorial
Вставка
- Опубліковано 8 чер 2024
- Welcome to another tutorial where we delve into the world of smart contract security. In this video, we'll be exploring the powerful tool called Slither, which automates the process of finding vulnerabilities and exploits in smart contracts.
Learn how to Hack Smart Contracts:
johnnytime.xyz/smart-contract...
Slither is a Python-based static analyzer that employs static analysis techniques to scan the code of solidity smart contracts. By analyzing the code, Slither can detect various patterns of vulnerabilities such as re-entrancy attacks and unchecked returns. It's like having a smart contract security expert who thoroughly inspects your code for potential weaknesses.
Slither Repo:
github.com/crytic/slither
The installation process for Slither is straightforward. You'll need to have Python installed on your machine, which is compatible with Windows, Linux, and Mac. Once Python is set up, you can install Slither using pip, the Python package manager. Simply run the command 'pip3 install Slither-Analyzer' or 'pip install Slither-Analyzer' to download and install Slither.
Once Slither is installed, you can unleash its power on your smart contracts. By running Slither on your code, it automatically scans the contracts and generates a detailed report highlighting the vulnerabilities it has detected. The report provides information on the specific lines of code and functions where vulnerabilities are found. It even includes references to additional documentation to help you understand the nature of the vulnerability and how to mitigate it.
While Slither is a valuable tool for automated vulnerability detection, it's important to note that it has its limitations. It may not be able to catch all vulnerabilities, especially more complex and advanced ones. Therefore, it's crucial to understand that Slither should not replace manual smart contract auditing. For comprehensive security, it's recommended to engage the services of professional auditors who can bring their expertise and creativity to identify vulnerabilities from an attacker's perspective.
In summary, Slither is an invaluable tool in your smart contract development toolkit. By using it, you can proactively identify and address common vulnerabilities. Remember to run Slither on your code before seeking an audit to mitigate risks and optimize the security of your smart contracts.
If you're interested in diving deeper into smart contract hacking and learning more about securing your contracts, check out this link for a complete practical smart contract hacking course:
johnnytime.xyz/smart-contract...
It provides exercises and knowledge to take your smart contract security skills to the next level.
00:00 Introduction
01:12 Overview of Slither Features
05:30 Installing Slither
06:10 Getting Started with Slither
06:50 Slither Finds Reentrancy Vulnerabilities
10:50 Slither Fails to Find Vulnerabilities
12:30 Summary
Don't forget to like this video and subscribe to our channel for more educational content on smart contract security.
Follow on Twitter:
/ realjohnnytime
Connect with me on LinkedIn:
/ johnnytime - Наука та технологія
great content ! thanks JohnnyTime
Glad it was helpful! ❤️
Awesome👍
Thanks 🤗
Hello, I have a question and if I find a high severity error, what would be the right thing to do to prepare a report? or try on my own or try with another tool and if I prepare the report as it would be
I know it is not that you will always be sending reports but at least you could receive a reward I am not saying a million but come on it would be a boost
Usually the vulnerabilities that are being found by Slither are well know and not very well paid
would be nice if you could cover MAIAN and do some demonstrations 👍
Added to my backlog 😉
Why i cant roll up my terminal to see the red and yellow warnings?it stucks somehow and showing only the greens!
upgrade slither, n pip .Fixed.
Pip upgrade always solves issues 👏
video starts at 5:50 , you can skip the rest
If use paid tools is better ?
What tools?
@@JohnnyTime mythy scanner