From f0620bd18043d7d53daf5660493955e131f27e5a Mon Sep 17 00:00:00 2001
From: TAMARA LIPOWSKI <data.lipowski@extaccount.com>
Date: Fri, 17 Jan 2025 12:23:10 -0500
Subject: [PATCH 1/5] feat: Add Slither to CI

- make foundry workflow kebab case
---
 .../{evm_foundry_ci.yml => evm-foundry-ci.yml}     |  0
 .github/workflows/slither.yml                      | 14 ++++++++++++++
 2 files changed, 14 insertions(+)
 rename .github/workflows/{evm_foundry_ci.yml => evm-foundry-ci.yml} (100%)
 create mode 100644 .github/workflows/slither.yml

diff --git a/.github/workflows/evm_foundry_ci.yml b/.github/workflows/evm-foundry-ci.yml
similarity index 100%
rename from .github/workflows/evm_foundry_ci.yml
rename to .github/workflows/evm-foundry-ci.yml
diff --git a/.github/workflows/slither.yml b/.github/workflows/slither.yml
new file mode 100644
index 00000000..a7dfab38
--- /dev/null
+++ b/.github/workflows/slither.yml
@@ -0,0 +1,14 @@
+name: Slither Analysis
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: crytic/slither-action@v0.4.0
\ No newline at end of file

From 2998bb3fb15709cac0f844ae662d4e20db9371fc Mon Sep 17 00:00:00 2001
From: TAMARA LIPOWSKI <data.lipowski@extaccount.com>
Date: Fri, 17 Jan 2025 16:39:21 -0500
Subject: [PATCH 2/5] feat: Add Slither to README.md and include contract file
 to test

---
 README.md                   | 17 ++++++++++++++++-
 foundry/src/TychoRouter.sol |  3 +++
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 foundry/src/TychoRouter.sol

diff --git a/README.md b/README.md
index 61ac890c..db429f99 100644
--- a/README.md
+++ b/README.md
@@ -4,4 +4,19 @@ TODO: add banner
 
 Tycho Execution makes it easy to trade on different DEXs by handling the complex encoding for you. Instead of creating
 custom code for each DEX, you get a simple, ready-to-use tool that generates the necessary data to execute trades. It’s
-designed to be safe, straightforward, and quick to set up, so anyone can start trading without extra effort.
\ No newline at end of file
+designed to be safe, straightforward, and quick to set up, so anyone can start trading without extra effort.
+
+# Contract Analysis
+
+We use [Slither](https://github.com/crytic/slither) to detect any potential vulnerabilities in our contracts.
+
+To run locally, simply install Slither in your conda env and run it inside the foundry directory.
+
+```
+conda create --name tycho-execution python=3.10
+conda activate tycho-execution
+
+python3 -m pip install slither-analyzer`
+cd foundry
+slither .
+```
\ No newline at end of file
diff --git a/foundry/src/TychoRouter.sol b/foundry/src/TychoRouter.sol
new file mode 100644
index 00000000..b3423ade
--- /dev/null
+++ b/foundry/src/TychoRouter.sol
@@ -0,0 +1,3 @@
+contract FrontendSwapRouter {
+    constructor() {}
+}

From 40f0a2a2b7c06003a20a6b7c81ce8887b8ddc10a Mon Sep 17 00:00:00 2001
From: TAMARA LIPOWSKI <data.lipowski@extaccount.com>
Date: Fri, 17 Jan 2025 16:49:29 -0500
Subject: [PATCH 3/5] fix: Specify foundry subdir when running slither in CI

Otherwise there will be no contract to analyze
---
 .github/workflows/slither.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/slither.yml b/.github/workflows/slither.yml
index a7dfab38..55a9f72c 100644
--- a/.github/workflows/slither.yml
+++ b/.github/workflows/slither.yml
@@ -11,4 +11,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: crytic/slither-action@v0.4.0
\ No newline at end of file
+      - uses: crytic/slither-action@v0.4.0
+        with:
+          target: 'foundry/'
\ No newline at end of file

From f987125489ce1e31d1046009c0fee6f728cfe359 Mon Sep 17 00:00:00 2001
From: TAMARA LIPOWSKI <data.lipowski@extaccount.com>
Date: Fri, 17 Jan 2025 16:56:37 -0500
Subject: [PATCH 4/5] fix: Bump to latest Solidity version (0.8.28)

Earlier versions have known vulnerabilities.

Slither output:
```
INFO:Detectors:
Version constraint ^0.8.13 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
	- VerbatimInvalidDeduplication
	- FullInlinerNonExpressionSplitArgumentEvaluationOrder
	- MissingSideEffectsOnSelectorAccess
	- StorageWriteRemovalBeforeConditionalTermination
	- AbiReencodingHeadOverflowWithStaticArrayCleanup
	- DirtyBytesArrayToStorage
	- InlineAssemblyMemorySideEffects
	- DataLocationChangeInInternalOverride
	- NestedCalldataArrayAbiReencodingSizeValidation.
It is used by:
	- ^0.8.13 (src/Counter.sol#2)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
INFO:Slither:foundry/ analyzed (2 contracts with 93 detectors), 1 result(s) found
```
---
 foundry/foundry.toml        | 2 +-
 foundry/src/Counter.sol     | 2 +-
 foundry/src/TychoRouter.sol | 3 +++
 foundry/test/Counter.t.sol  | 2 +-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/foundry/foundry.toml b/foundry/foundry.toml
index 086c3aca..a3c8d7b8 100644
--- a/foundry/foundry.toml
+++ b/foundry/foundry.toml
@@ -2,7 +2,7 @@
 src = 'src'
 out = 'out'
 libs = ['lib']
-solc = "0.8.18"
+solc = "0.8.28"
 evm_version = 'shanghai'
 optimizer = true
 optimizer_runs = 1000
diff --git a/foundry/src/Counter.sol b/foundry/src/Counter.sol
index aded7997..574cf8fe 100644
--- a/foundry/src/Counter.sol
+++ b/foundry/src/Counter.sol
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.28;
 
 contract Counter {
     uint256 public number;
diff --git a/foundry/src/TychoRouter.sol b/foundry/src/TychoRouter.sol
index b3423ade..1de6e9c9 100644
--- a/foundry/src/TychoRouter.sol
+++ b/foundry/src/TychoRouter.sol
@@ -1,3 +1,6 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.28;
+
 contract FrontendSwapRouter {
     constructor() {}
 }
diff --git a/foundry/test/Counter.t.sol b/foundry/test/Counter.t.sol
index 54b724f7..3840a3f1 100644
--- a/foundry/test/Counter.t.sol
+++ b/foundry/test/Counter.t.sol
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.28;
 
 import {Test, console} from "forge-std/Test.sol";
 import {Counter} from "../src/Counter.sol";

From 68dddc0663a3f50934d4b6c13e0264f2d6a2c6bf Mon Sep 17 00:00:00 2001
From: TAMARA LIPOWSKI <data.lipowski@extaccount.com>
Date: Fri, 17 Jan 2025 17:55:13 -0500
Subject: [PATCH 5/5] chore: Rename TychoRouter typo

- Accidentally copy pasta'd
---
 foundry/src/TychoRouter.sol | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/foundry/src/TychoRouter.sol b/foundry/src/TychoRouter.sol
index 1de6e9c9..36034d43 100644
--- a/foundry/src/TychoRouter.sol
+++ b/foundry/src/TychoRouter.sol
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: UNLICENSED
 pragma solidity ^0.8.28;
 
-contract FrontendSwapRouter {
+contract TychoRouter {
     constructor() {}
 }