v0.7.2

Minor Updates and Optimization

Updates

1. Added steps on how to install Slitherin via pipx. Issue #177 and fix #172. Thx @vile.
2. pess-vyper-version-reentrancy detector. New name for the pess-curve-vyper-reentrancy detector.

Optimizations

1. pess-unprotected-initialize detector. Now has more advanced search of modifiers protecting the function. Thx @Yhtiyar.
2. pess-dubious-typecast detector. Whitelisted libs SafeCastUpgradeable and SignedMathUpgradeable. Thx @Yhtiyar.

v0.7.1

Major Updates

Reworks and additions

1. Added a new flag --obsolete to the Slitherin CLI. Allows to launch detectors that are currently considered irrelevant and removed from general Slitherin detectors set. Thx @Yhtiyar
2. pess-call-forward-to-protected detector. Removed. Now is in the obsolete detectors set. Thx @Yhtiyar
3. pess-readonly-reentrancy detector. Removed. Now is in the obsolete detectors set. Thx @Yhtiyar

Minor Updates and Optimization

Minor Fixes

1. Fixed PYPI-package publish action.
2. pess-event-setter detector. Optimization. Enhanced by ignoring libraries when searching. Thx @Yhtiyar
3. pess-magic-number detector. Optimization. Enhance with a whitelist of SafeCast and Math libraries. Thx @Yhtiyar
4. pess-dubious-typecast detector. Optimization. Enhanced with a whitelist of SafeCast and SignedMath libraries. Thx @Yhtiyar
5. pess-strange-setter detector. Optimization. Enhanced with filtering libraries and do not detect parameters used in internal calls. Thx @Yhtiyar and Thx @VuKhuongDuy for the #158
6. Benchmark updates. Details of detections are added to the results tables. Thx @nikolay19.

v0.7.0

Major Updates

Reworks and additions

1. pess-arb-chainlink-price-feed. New detector. Details. Thx @Yhtiyar.
2. pess-balancer-readonly-reentrancy. New detector. Details. Thx @Yhtiyar.
3. pess-curve-readonly-reentrancy. New detector. Details. Thx @Yhtiyar
4. pess-curve-vyper-reentrancy. New detector. Details. Thx @olegggatttor.
5. pess-price-manipulation. New detector. Details. Thx @olegggatttor.

Crucial Fixes

1. pess-strange-setter detector. Bug fix. Thx @olegggatttor.
2. pess-potential-arithmetic-overflow detector. Bug fix. Thx @shortdoom.

Minor Updates and Optimization

Minor Fixes

1. pess-nft-approve-warning detector. Optimization. Thx @olegggatttor.
2. ConsenSys Napalm Integration. Slitherin now can be installed via Napalm. Thx @JoranHonig.
3. Benchmark fixes. Thx @nikolay19.

v0.6.1

Major Updates

Crucial Fixes

1. pess-arb-solidity-version: Removed detector. PUSH0 opcode is now supported in ArbitrumOS. Thx @Yhtiyar, @0xalpharush and @0xEVom.

Minor Updates and Optimization

Minor Fixes

1. Removed a redundant directory.

v0.6.0

Major Updates

Reworks and additions

1. Slitherin Arbitrum: New Slitherin custom plugin (--arbitrum) which includes 3 Arbitrum-specific security detectors. Thx @Yhtiyar and @olegggatttor.
2. pess-arb-solidity-version detector: New Arbitrum-specific detector which spots usage of block.number and block.timestamp.
3. pess-arb-prevrandao-difficulty detector: New Arbitrum-specific detector which spots usage of prevRandao/difficulty.
4. pess-arb-solidity-version detector: New Arbitrum-specific detector which spots usage of solidity version >= 0.8.20.
5. pess-potential-arithmetic-overflow detector: New detector. The detector sees if there are assignments/returns that calculate some arithmetic expressions and if some intermediate calculations contain a type that is lower than the expected result. Thx @olegggatttor.
6. pess-aave-flashloan-callback detector: Improvement. Now detector also spots the callback cases of Uniswap V3. Thx @Yhtiyar.
7. Slitherin-benchmark. We created a benchmark with database of contracts on which we run our detectors and measure the FP rates. Thx @nikolay19

Crucial Fixes

1. pess-ecrecover detector: Bug fix. Handles solidity types properly. Thx @olegggatttor.
2. Slitherin CLI: Improvement. Now handles errors properly. Thx @Yhtiyar.

Minor Updates and Optimization

Minor Fixes

1. pess-strange-setter detector. Optimization. Less FP. Thx @olegggatttor.
2. pess-unprotected-initialize detector. Optimization. Less FP. Thx @olegggatttor.
3. pess-call-forward-to-protected detector. Optimization. Less FP. Skips standard libraries (OZ/Uniswap/Balancer). Thx @olegggatttor.
4. pess-public-vs-external detector. Optimization. Less FP. Skips constructor functions. Thx @olegggatttor.

v0.5.0

Major Updates

Reworks and additions

1. Slitherin CLI: Now, Slitherin and Slither detectors can be run separately. More information on CLI usage can be found here. Thx @Yhtiyar
2. pess-arbitrary-call detector: Got divided into several detectors. Each detector has its own confidence and severity level. Descriptions of detectors can be found here. Thx @Yhtiyar
3. pess-aave-callback detector: New detector. Checks if the callback executeOperation has initiator and msg.sender validation. Thx @Yhtiyar

Crucial Fixes

1. pess-only-eoa-check detector: Had an IndexError in one of the cases, which has been fixed. Thx @YanhuiJessica
2. pess-arbitrary-call detector: Had a bug in which the variable was read before declaration. This has now been fixed.

Minor Updates and Optimization

Minor Fixes

1. General. We changed the repo structure. Some files had paths to redundant files. Fixed. Thx @Yhtiyar and @YanhuiJessica

v0.4.1

Major Updates

Includes some updates that we'll mention in the next release.

Crucial Fixes

1. Fixed the build of the Python package. Utils are now included and are used in detectors code.

v0.4.0

Major Updates

Reworks and additions

1. pess-uni-v2 detector: Now enabled by default. Launches checks when detects Uniswap V2 smart contracts inheritance. Thx @Yhtiyar
2. pess-public-vs-external detector: New detector. Detects public functions that could be marked as external. Thx @Yhtiyar
3. pess-ecrecover detector: New detector. Detects when error-result (0) of ecrecover function is not checked. Thx @Yhtiyar
4. pess-magic-number detector: Now detects 3 or more values that are not assigned to variables. Thx @Yhtiyar

Crucial Fixes

1. pess-unprotected-setter detector: Now handles functions with unnamed parameters.
2. pess-call-forward-to-protected detector: Now handles functions with unnamed parameters.
3. pess-unprotected-initialize detector: Now handles variable as Slither Variable.

Minor Updates and Optimization

Minor Fixes

1. pess-arbitrary-call detector: Now detects assembly calls and delegatecalls. Thx @Yhtiyar
2. General. Removed unused imports and comments.
3. General. Notification to the Slitherin Telegram chat is sent with release (not with pushes to a master branch).
4. General. Updated README with Pessimistic.io link, ETH Belgrade talk and AuditWizard integration.

v0.3.0

Major Updates

Reworks and additions

1. pess-arbitrary-call detector: New detector. Thx @Yhtiyar

Crucial Fixes

1. pess-strange-setter detector: Functions with no parameters are no longer detected. Thx @Yhtiyar

Minor Updates and Optimization

Minor Fixes

1. pess-unprotected-setter detector: Now has a separate test file.

v0.2.1

Major Updates

Crucial Fixes

1. Fixed the build of the Python package. Added a Github action to prevent such kind of problem.