refer to:
https://github.com/crytic/slither#how-to-install
slither也是一款contract的代码审查工具。
安装
pip3 install slither-analyzer
一次安装不成功就安装两次。
使用
cd <your-hardhat-project>
slither . # 这个是帧对整个hardhat项目
slither YourContract.sol # 针对某个sol文件的
针对单个文件的结果
如下,可以看到,它是分别把内容列出来的。
// 这里是出现问题的地方
Lock.constructor(uint256) (Lock.sol#10-18) uses timestamp for comparisons Dangerous comparisons: - require(bool,string)(block.timestamp < _unlockTime,Unlock time should be in the future) (Lock.sol#11-14) Lock.withdraw() (Lock.sol#20-27) uses timestamp for comparisons Dangerous comparisons: - require(bool,string)(block.timestamp >= unlockTime,You can't withdraw yet) (Lock.sol#21) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp Pragma version^0.8.9 (Lock.sol#2) allows old versions solc-0.8.15 is not recommended for deployment
// 这里是需要参考文档的地方。 Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
针对多个文件的结果
