Adding a new detector

Dan Guido edited this page Nov 8, 2018 · 18 revisions

Slither's plugin architecture lets you integrate new detectors that run from the command line.

Detector Skeleton

The skeleton for a detector is:

from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification

class Skeleton(AbstractDetector):

    ARGUMENT = 'mydetector' # slither will launch the detector with --mydetector
    HELP = 'Help printed by slither'
    IMPACT = DetectorClassification.HIGH
    CONFIDENCE = DetectorClassification.HIGH

    def detect(self):
        return []
  • ARGUMENT lets you run the detector from the command line
  • HELP is the information printed from the command line
  • IMPACT indicates the impact of the issue. Allowed values are:
    • DetectorClassification.INFORMATIONAL: printed in green
    • DetectorClassification.LOW: printed in green
    • DetectorClassification.MEDIUM: printed in yellow
    • DetectorClassification.HIGH: printed in red
  • CONFIDENCE indicates your confidence in the analysis. Allowed values are:
    • DetectorClassification.LOW
    • DetectorClassification.MEDIUM
    • DetectorClassification.HIGH

detect() needs to return a list of findings. To facilitate the automation of Slither, a finding is a dictionary containing a vuln key associated with the vulnerability name and additional information according to the vulnerability itself.

An AbstractDetector object has the slither attribute, which returns the current Slither object, and the log(str) function to print the result.


You can integrate your detector into Slither by:

Test the detector

If you want to add your detector to trailofbits/slither, create a unit-test in tests and update scripts/ to run the unit-test automatically.

Example will detect any function with backdoor in its name.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.