v0.6.15

0.6.15 - 2020-12-07

This release adds several performance optimizations to Slither. From our limited benchmark on codebases where Slither takes more than 1 minute to run, the optimizations lead to 2x improvements on average and up to x14 in certain cases. We also fixed an indeterministic detector output issue that could interact poorly with CIs and improved legacy AST support. Finally, we made improvements to slither-prop.

Thanks to @elenadimitrova for helping us debug the indeterministic detector output issue.

If you want access to additional detectors, try Crytic. It has 96 total vulnerabilities detectors.

Addded

• Hidden --perf flag (debug) (#701)

Changed

• Optimizations
  • Use of get_line_from_offset from crytic-compile (see [email protected] release note). It impacts codebase with a large number of files
  • Memoization for properties that are frequently used (#703). It impacts all the codebases
  • Rewrote the immediate dominator (#705). It impacts functions with complex cfg
  • Rewrote the fixpoint on the data dependencies (#707). It impacts functions for which the fixpoint is difficult to reach
• Use of [email protected]. Among others, this improves hardhat and dapp support.
• Multiple improvements to slither-prop (#693, #713)

Fixed

• Removed recursion in divide-before-multiply (#706)
• Indeterministic output for multiple detectors (#486). This might lead previously triaged results to appear again (the finding IDs can have been affected)
• Parsing of comments in legacy ast for Solidity 0.6.3 - 0.6.10 (#720). This mostly impacts dapp codebases.