Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add Slither to CI #10

Merged
merged 5 commits into from
Jan 20, 2025
Merged

feat: Add Slither to CI #10

merged 5 commits into from
Jan 20, 2025

Conversation

tamaralipows
Copy link
Contributor

@tamaralipows tamaralipows commented Jan 17, 2025
edited
Loading

Slither automatically detects vulnerabilities in our solidity smart contracts.
This tool was recommended by Max in the last audit.

It now automatically runs in the CI, we have instructions to run it locally, and our first issue is fixed: Solidity version with known vulnerabilities (see commit for more details).

feat: Add Slither to CI
f0620bd 
- make foundry workflow kebab case
@tamaralipows tamaralipows force-pushed the ci/tnl/ENG-4031-add-slither branch from 414df7f to f0620bd Compare January 17, 2025 17:26
TAMARA LIPOWSKI added 3 commits January 17, 2025 16:39
feat: Add Slither to README.md and include contract file to test
2998bb3
fix: Specify foundry subdir when running slither in CI
40f0a2a 
Otherwise there will be no contract to analyze
fix: Bump to latest Solidity version (0.8.28)
f987125 
Earlier versions have known vulnerabilities.

Slither output:
```
INFO:Detectors:
Version constraint ^0.8.13 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
	- VerbatimInvalidDeduplication
	- FullInlinerNonExpressionSplitArgumentEvaluationOrder
	- MissingSideEffectsOnSelectorAccess
	- StorageWriteRemovalBeforeConditionalTermination
	- AbiReencodingHeadOverflowWithStaticArrayCleanup
	- DirtyBytesArrayToStorage
	- InlineAssemblyMemorySideEffects
	- DataLocationChangeInInternalOverride
	- NestedCalldataArrayAbiReencodingSizeValidation.
It is used by:
	- ^0.8.13 (src/Counter.sol#2)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
INFO:Slither:foundry/ analyzed (2 contracts with 93 detectors), 1 result(s) found
```
@tamaralipows tamaralipows force-pushed the ci/tnl/ENG-4031-add-slither branch from a2c5bdc to f987125 Compare January 17, 2025 21:57
chore: Rename TychoRouter typo
68dddc0 
- Accidentally copy pasta'd
@tamaralipows tamaralipows force-pushed the ci/tnl/ENG-4031-add-slither branch from c62c1a1 to 68dddc0 Compare January 17, 2025 22:58
dianacarvalho1
dianacarvalho1 approved these changes Jan 20, 2025
View reviewed changes
Copy link
Collaborator

@dianacarvalho1 dianacarvalho1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Veeeery niceee!! 🙏🏼 Thank you so much @tamaralipows ! This will be veeery useful for future us!

@tamaralipows tamaralipows merged commit 3037edd into main Jan 20, 2025
5 checks passed
@tamaralipows tamaralipows deleted the ci/tnl/ENG-4031-add-slither branch January 20, 2025 14:17
@propellerci
Copy link

propellerci bot commented Jan 20, 2025

This PR is included in version 0.4.0 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dianacarvalho1 dianacarvalho1 dianacarvalho1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tamaralipows @dianacarvalho1