v0.9.4

0.9.4 - 2023-06-26

This release adds initial support of user defined operators, improves support for try catch, reduces false positives, and fixes numerous bugs. Finally three new detectors, one new printer, and one new tool were added.

We would like to thank all of our external contributors:

• @0xGusMcCrae
• @0xxfu
• @A-23187
• @DarrenChangJR
• @PaulRBerg
• @Tiko7454
• @Troublor
• @aga7hokakological
• @bossjoker1
• @daog1
• @duelinggalois
• @kevinclancy
• @ydm

For CI integration: If you were using the fail-high, fail-medium, fail-low, fail-pedantic in slither.conf.json, Slither will warn these configurations are deprecated and recommend migrating to the respective fail-on config e.g. fail-high becomes fail-on: high. These flags are now decoupled from excluding which detectors run, meaning the flags --exclude-informational and --exclude-optimization will be honored without also passing --no-fail-pedantic. Consider using slither-action for CI integration

Added

• Detectors
  • cache-array-length: Detects for loops that use length member of some storage array in their loop condition and don't modify it by @bart1e in #1694
  • encode-packed-collision: Detects collisions caused by use of encode packed on dynamic types by @0xalpharush in #1845
  • incorrect-using-for: Detects using-for statement usage when no function from a given library matches a given type by @bart1e in #1653
• Printer
  • loc- Count the total number lines of code (LOC), source lines of code (SLOC), and comment lines of code (CLOC) found in source files (SRC), dependencies (DEP), and test files (TEST) - by @devtooligan in #1882
• Tool
  • slither-interface generates a Solidity interface for a given contract. by @0xGusMcCrae in #1898
  • slither-read-storage can know retrieve custom storage layouts e.g. proxy with the --unstructured flag by @webthethird and @0xalpharush in #1963
  • slither-read-storage native POA support by @webthethird in #1843

• Solidity
  • Support user defined operators by @smonicas in #1684
  • Add support for prevrando (solc 0.8.18) by @0xalpharush in #1946
• Testing
  • Run tests in parallel locally with makefile by @0xalpharush in #1808
  • Snapshot testing insta by @0xalpharush in #1820
• APIs
  • Generate interface code in new slither.utils.code_generation by @webthethird in #1730
  • Add upgradeability utils by @webthethird in #1757

• Add more types hints by @montyly in #1666

Changed

• Remove ExpressionTyped by @montyly in #1672
• Remove core.children by @montyly in #1673
• Remove unused visitors by @montyly in #1674
• Remove is_top_level dead code by @0xalpharush in #1812
• Remove modulo binop from can_be_checked_for_overflow by @0xalpharush in #1894
• Update CONTRIBUTING.md to explain compiling and adding snapshot tests by @0xalpharush in #1844
• Upgrade prettytable, use colored table by @0xalpharush in #1766
• Fail-on: rework feature by @elopez in #1462
• Changed name of the printer pausable -> not-pausable by @aga7hokakological in #1823

Fixed

• Do not detect incorrect-shift when rhs is constant by @0xalpharush in #1891
• Reduce false positives for incorrect-equality detector by @0xalpharush in #1890
• Incorrect-equality: do not check addresses by @ydm in #1713
• Fix is_storage for calldata variables by @smonicas in #1806
• Fixed: pausable printer includes checks on constructor() by @aga7hokakological in #1824
• Support new bytes expr in ternary by @0xalpharush in #1817
• Fix try catch infinite recursion by @smonicas in #1832
• Fix abi.decode with a UserDefinedType fixed array by @smonicas in #1855
• Preserve the order of sons when splitting ternary node by @Troublor in #1850
• Bug Fix: Contract obj is_fully_implemented by @DarrenChangJR in #1848
• Remove assertion in unary operation by @smonicas in #1856
• Improved interface code generation in slither.utils.code_generation by @webthethird in #1802
• Fix abi decode by @daog1 in #1892
• Improve reentrancy events documentation by @0xalpharush in #1903
• Add tx.gasprice to generic taints by @0xalpharush in #1769
• Make slither-flat work for top level errors, structs, enums by @smonicas in #1852
• Fix issue #1849: type_str not returning str by @DarrenChangJR in #1914
• FIx return variables shadowing compact AST by @smonicas in #1912
• Fix pop IR by @smonicas in #1905
• Parse assembly in modifier by @smonicas in #1896
• Improve tuple analysis for unused-return detector by @smonicas in #1861
• Uninitialized-local don't report variable in loop header by @smonicas in #1911
• Make type information of NewArray more precise by @Troublor in #1784
• Catch AssertionError and log context and raise again while parsing by @duelinggalois in #1873
• Fix generate_source_to_evm_ins_mapping by @A-23187 in #1567
• Local variable location fix by @Tiko7454 in #1942
• Fix: make _convert_to_structure_to_list return a type instead of an ElementaryType's type field by @kevinclancy in #1935
• Detect when ether is sent in Yul by @smonicas in #1909
• Fix bytes pop ir by @smonicas in #1926
• Do not recommend changing mutability for abstract contracts by @0xalpharush in #1952
• Improve try-catch parsing by @smonicas in #1862
• Fix yul function calls by @smonicas in #1917
• Optimizations for similar_variables.py by @0xGusMcCrae in #1945
• Inform user if inheritance cannot be resolved by @0xalpharush in #1956
• Handle if crytic-compile returns an empty ast by @smonicas in #1961
• Reduce false positives on modifying storage array by value detector by @bossjoker1 in #1962
• Docs: update recommendation for msg.value-inside-a-loop by @PaulRBerg in #1971
• Use current scope instead of parent scope to determine if arith. is checked by @0xalpharush in #1951
• Improved is_function_modified in upgradeability util by @webthethird in #1938
• Perform cross-contract taint analysis from diff of two upgrade versions by @webthethird in #1816
• Additional optimizations for similar_variables.py by @0xGusMcCrae in #1980
• Fix/canonical event name by @0xxfu in #1976
• Fixed issue which disallowed using operator[] with TopLevelVariables by @Tiko7454 in #1968

New Contributors

• @aga7hokakological made their first contribution in #1824
• @DarrenChangJR made their first contribution in #1848
• @ydm made their first contribution in #1713
• @daog1 made their first contribution in #1892
• @0xGusMcCrae made their first contribution in #1898
• @duelinggalois made their first contribution in #1873
• @A-23187 made their first contribution in #1567
• @Tiko7454 made their first contribution in #1942
• @kevinclancy made their first contribution in #1935
• @PaulRBerg made their first contribution in #1971

Full Changelog: 0.9.3...0.9.4