crytic · nsiregar · May 17, 2025 · May 18, 2025 · May 18, 2025 · May 18, 2025
@@ -0,0 +1,15 @@
+---
+extends: "markdownlint/style/prettier"
+
+MD010:
+  code_blocks: false
+
+MD013: false
+
+MD024:
+  siblings_only: true
+  allow_different_nesting: true
+
+MD033:
+  allowed_elements:
+    - img
@@ -44,10 +44,6 @@ jobs:
         run: |
           echo "::add-matcher::.github/workflows/matchers/yamllint.json"
 
-      - name: Remove part of the doc
-        run: |
-          rm -rf docs/src/
-
       - name: Lint everything else
         uses: super-linter/super-linter/[email protected]
         if: always()

@@ -10,7 +10,7 @@
 > Join the Empire Hacking Slack
 >
 > [![Slack Status](https://slack.empirehacking.nyc/badge.svg)](https://slack.empirehacking.nyc/)
-> > <sub><i>- Discussions and Support </i></sub>
+> > _\- Discussions and Support_
 
 **Slither** is a Solidity & Vyper static analysis framework written in Python3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.
 
@@ -66,7 +66,7 @@ slither tests/uninitialized.sol
 
 ## How to install
 
-> **Note** <br />
+> **Note**  
 > Slither requires Python 3.8+.
 If you're **not** going to use one of the [supported compilation frameworks](https://github.com/crytic/crytic-compile), you need [solc](https://github.com/ethereum/solidity/), the Solidity compiler; we recommend using [solc-select](https://github.com/crytic/solc-select) to conveniently switch between solc versions.
 

@@ -1,3 +1,5 @@
+# Summary
+
 - [Introduction](./README.md)
 - [Usage](./Usage.md)
 - [API](./api/README.md)

@@ -1,4 +1,4 @@
-## Usage
+# Usage
 
 - [How to run Slither](#how-to-run-slither)
   - [Foundry/Hardhat](#foundryhardhat)
@@ -11,7 +11,7 @@
   - [Path Filtering](#path-filtering)
   - [Triage mode](#triage-mode)
   - [Configuration file](#configuration-file)
-- [IDE integrations](#ide-integration)
+- [IDE integrations](#ide-integrations)
 
 ## How to run Slither
 
@@ -21,41 +21,47 @@ All the [`crytic-compile`](https://github.com/crytic/crytic-compile/wiki/Configu
 
 To run Slither on a Foundry/hardhat directory:
 
-```
+```sh
 slither .
 ```
 
 ### solc
 
 To run Slither from a Solidity file:
 
-```
+```sh
 slither file.sol
 ```
 
 ### Etherscan
 
 To run Slither from a contract hosted on Etherscan, run
 
-```
+```sh
 slither 0x7F37f78cBD74481E593F9C737776F7113d76B315
 ```
 
+### AST File
+
+This section is work in progress
+
 We recommend installing [solc-select](https://github.com/crytic/solc-select/) so Slither can switch to the expected solc version automatically.
 
+## Options
+
 ### Detector selection
 
 Slither runs all its detectors by default.
 
 To run only selected detectors, use `--detect detector1,detector2`. For example:
 
-```
+```sh
 slither file.sol --detect arbitrary-send,pragma
 ```
 
 To exclude detectors, use `--exclude detector1,detector2`. For example:
 
-```
+```sh
 slither file.sol --exclude naming-convention,unused-state,suicidal
 ```
 
@@ -69,7 +75,7 @@ By default, no printers are run.
 
 To run selected printers, use `--print printer1,printer2`. For example:
 
-```
+```sh
 slither file.sol --print inheritance-graph
 ```
 
@@ -81,20 +87,18 @@ slither file.sol --print inheritance-graph
 
 Examples:
 
-```
+```sh
 slither . --filter-paths "openzepellin"
 ```
 
 Filter all the results only related to openzepellin.
 
-```
+```sh
 slither . --filter-paths "Migrations.sol|ConvertLib.sol"
 ```
 
 Filter all the results only related to the file `SafeMath.sol` or `ConvertLib.sol`.
 
-### Triage mode
-
 Slither offers two ways to remove results:
 
 - By adding `//slither-disable-next-line DETECTOR_NAME` before the issue
@@ -108,7 +112,7 @@ Slither offers two ways to remove results:
 
 Examples:
 
-```
+```sh
 slither . --triage-mode
 [...]
 0: C.destination (test.sol#3) is never initialized. It is used in:
@@ -130,7 +134,7 @@ Options passed via the CLI have priority over options set in the configuration f
 
 The following flags are supported:
 
-```
+```sh
 {
     "detectors_to_run": "all",
     "printers_to_run": None,
@@ -168,3 +172,7 @@ The following flags are supported:
 ```
 
 For flags related to the compilation, see the [`crytic-compile` configuration](https://github.com/crytic/crytic-compile/blob/master/crytic_compile/cryticparser/defaults.py)
+
+## IDE integrations
+
+This section is work in progress
@@ -37,7 +37,7 @@ If we consider the contract entirely (with all the functions), we have:
 
 As a result, in our previous example, `is_dependent(b, a, funcA)` will return `False`, while `is_dependent(b, a, myContract)` will return `True`:
 
-```
+```python
 from slither import Slither
 from slither.analyses import is_dependent
 

@@ -1,3 +1,5 @@
+# JSON Output
+
 - [Top-level Command Output](https://github.com/crytic/slither/wiki/JSON-output#top-level-command-output): Standard top-level (for detectors, printers and tools)
 - [Detectors output](https://github.com/crytic/slither/wiki/JSON-output#detector-results)
 - [Upgradeability output](https://github.com/crytic/slither/wiki/JSON-output#slither-check-upgradeability)
@@ -36,7 +38,7 @@ The underlying `results` item above will appear in the following format:
 
 A detector result found in the `detectors` array above will be of the following format:
 
-```
+```json
 {
 	"check": "...",
 	"impact": "...",
@@ -92,7 +94,7 @@ Each element found in `elements` above is of the form:
 
 Each `source_mapping` object is used to map an element to some portion of source. It is of the form:
 
-```
+```json
 "source_mapping": {
 	"start": 45
 	"length": 58,
@@ -165,7 +167,7 @@ The `slither-check-upgradeability` tool also produces JSON output (with the use
 - `error` (string | null): If `success` is `false`, this will be a string with relevant error information. Otherwise, it will be `null`.
 - `results` (upgradeability-check-results, see below): If `success` is `true`, this will contain an `upgradeability-check` object populated with the different upgradeability checks. If `success` is `false`, `upgradeability-check` object will be empty.
 
-## Command Results
+## Upgradeability Check Results
 
 The underlying `upgradeability-check` item above will appear in the following format:
 

@@ -1,3 +1,5 @@
+# Slither API
+
 Slither is fully customizable:
 
 - [Static Analysis](./static_analysis.md): learn about the basics of static analysis

@@ -1,4 +1,4 @@
-## SSA
+# SSA
 
 Slither possess a Static Single Assignment (SSA) form representation of SlithIR. SSA is a commonly used representation in compilation and static analysis in general. It requires that each variable is assigned at least one time. SSA is a key component for building an efficient data-dependency analysis.
 

@@ -20,7 +20,7 @@ Additionally, Slither can include non-trivial variable tracking by default by tr
 
 `$ slither file.sol --print slithir` will output the IR for every function.
 
-```
+```sh
 $ slither examples/printers/slihtir.sol --printers slithir
 Contract UnsafeMath
 	Function add(uint256,uint256)
@@ -49,9 +49,9 @@ Contract MyContract
 			REF_3 := TMP_1
 ```
 
-# SlithIR Specification
+## SlithIR Specification
 
-## Variables
+### Variables
 
 - `StateVariable`
 - `LocalVariable`
@@ -66,18 +66,18 @@ In the following we use:
 - `LVALUE` can be: `StateVariable`, `LocalVariable`, `TemporaryVariable`, `ReferenceVariable` or `TupleVariable`
 - `RVALUE` can be: `StateVariable`, `LocalVariable`, `Constant`, `SolidityVariable`, `TemporaryVariable` or `ReferenceVariable`
 
-## Operators
+### Operators
 
 - All the operators inherit from `Operation` and have a `read` attribute returning the list of variables read (see [slither/slithir/operations/operation.py](https://github.com/crytic/slither/blob/master/slither/slithir/operations/operation.py)).
 - All the operators writing to a `LVALUE` inherit from `OperationWithLValue` and have the `lvalue` attribute (see [slither/slithir/operations/lvalue.py](https://github.com/crytic/slither/blob/master/slither/slithir/operations/lvalue.py)).
 
-### Assignment
+#### Assignment
 
 - `LVALUE := RVALUE`
 - `LVALUE := Tuple`
 - `LVALUE := Function` (for dynamic function)
 
-### Binary Operation
+#### Binary Operation
 
 - `LVALUE = RVALUE ** RVALUE`
 - `LVALUE = RVALUE * RVALUE`
@@ -99,26 +99,26 @@ In the following we use:
 - `LVALUE = RVALUE && RVALUE`
 - `LVALUE = RVALUE -- RVALUE`
 
-### Unary Operation
+#### Unary Operation
 
 - `LVALUE = ! RVALUE`
 - `LVALUE = ~ RVALUE`
 
-### Index
+#### Index
 
 - `REFERENCE -> LVALUE [ RVALUE ]`
 
 Note: The reference points to the memory location
 
-### Member
+#### Member
 
 - `REFERENCE -> LVALUE . RVALUE`
 - `REFERENCE -> CONTRACT . RVALUE`
 - `REFERENCE -> ENUM . RVALUE`
 
 Note: The reference points to the memory location
 
-### New Operators
+#### New Operators
 
 - `LVALUE = NEW_ARRAY ARRAY_TYPE DEPTH(:int)`
 
@@ -132,32 +132,32 @@ Note: The reference points to the memory location
 
 `ELEMENTARY_TYPE` is defined in [slither/core/solidity_types/elementary_type.py](https://github.com/crytic/slither/blob/master/slither/core/solidity_types/elementary_type.py)
 
-### Push Operator
+#### Push Operator
 
 - `PUSH LVALUE RVALUE`
 - `PUSH LVALUE Function` (for dynamic function)
 
-### Delete Operator
+#### Delete Operator
 
 - `DELETE LVALUE`
 
-### Conversion
+#### Conversion
 
 - `CONVERT LVALUE RVALUE TYPE`
 
 TYPE is a [solidity_types](https://github.com/crytic/slither/tree/master/slither/core/solidity_types)
 
-### Unpack
+#### Unpack
 
 - `LVALUE = UNPACK TUPLEVARIABLE INDEX(:int)`
 
-### Array Initialization
+#### Array Initialization
 
 - `LVALUE = INIT_VALUES`
 
 `INIT_VALUES` is a list of `RVALUE`, or a list of lists in case of a multidimensional array.
 
-### Calls Operators
+#### Calls Operators
 
 In the following, `ARG` is a variable as defined in [SlithIR#variables](https://github.com/crytic/slither/wiki/SlithIR#variables)
 
@@ -186,15 +186,15 @@ Optional arguments:
 
 - `GAS` and `VALUE` for `HIGH_LEVEL_CALL` / `LOW_LEVEL_CALL`.
 
-### Return
+#### Return
 
 - `RETURN RVALUE`
 - `RETURN TUPLE`
 - `RETURN None`
 
 `Return None` represents an empty return statement.
 
-### Condition
+#### Condition
 
 - `CONDITION RVALUE`
 

@@ -1,4 +1,4 @@
-## Static analysis
+# Static analysis
 
 The capabilities and design of the Slither static analysis framework have been described in blog posts ([1](https://blog.trailofbits.com/2018/10/19/slither-a-solidity-static-analysis-framework/), [2](https://blog.trailofbits.com/2019/05/27/slither-the-leading-static-analyzer-for-smart-contracts/)) and an [academic paper](https://github.com/trailofbits/publications/blob/master/papers/wetseb19.pdf).
 
@@ -10,7 +10,7 @@ In this article, we will not provide an exhaustive review of static analysis tec
 - [Code analysis](#analysis)
 - [Intermediate representation](#intermediate-representation)
 
-### Code representation
+## Code representation
 
 Unlike dynamic analysis, which reasons about a single execution path, static analysis reasons about all paths at once. To do so, it relies on a different code representation. The two most common ones are the abstract syntax tree (AST) and the control flow graph (CFG).
 

@@ -1,3 +1,5 @@
+# Adding New Detectors
+
 Slither's plugin architecture lets you integrate new detectors that run from the command-line.
 
 ## Detector Skeleton
-Original file line number
+Diff line change
@@ -1,4 +1,4 @@
-    ## SSA
+    # SSA
     Slither possess a Static Single Assignment (SSA) form representation of SlithIR. SSA is a commonly used representation in compilation and static analysis in general. It requires that each variable is assigned at least one time. SSA is a key component for building an efficient data-dependency analysis.
@@ Expand Down @@