Officer's Blog

Posted on Jun 29, 2023Read on Mirror.xyz

Slitherin Timeline

Greetings, dear readers! Today we’ll look at the significant news and updates pertaining to our Slitherin project in this article. We assure you that it will be fascinating — Slitherin, our own set of custom detectors for Slither, got the first community-origin update!

https://officercia.mirror.xyz/ucWYWnhBXmkKq54BIdJcH5GnrAB-nQkUsZ2F-ytEsR4

We’ve applied some significant community-origin updates during this time, and we appreciate all of your love and attention.

Thank you, let’s get it started!

I — Slitherin Timeline

In recent months we have been actively developing our own Slither detectors to help with code review and audit process. More recently, we have released several new detectors and we encourage you to use them for your initial internal audit, particularly the Read-Only Reentrancy and For-Continue-Increment detectors!

But let’s now get back to the point of our conversation today… Simply put, our detectors are a kind of automation of the checks implemented in the checklist, their main purpose is to look for issues and assist the code auditor!

Read-Only Reentrancy Detector

This detector highlights the use of getter functions that return a value that theoretically could be manipulated during the execution.

  • Check: pess-readonly-reentrancy

  • Severity: High

  • Confidence: Low

Ensure that getter function values aren’t crucial and can’t be maliciously used in other contract parts during external calls before being updated!

https://officercia.mirror.xyz/DBzFiDuxmDOTQEbfXhvLdK0DXVpKu1Nkurk0Cqk3QKc

Detector structure:

If you have any further questions or suggestions, please join our Discord Server or Telegram chat. We hope to see you there, and we intend to support the community and its initiatives!

New Detector For-Continue-Increment

It’s a common practice to use unchecked {++i;} to save gas in for loops. However in this situation a continue statement before the index increase might lead to an infinite loop.

  • Check: pess-for-continue-increment

  • Severity: Medium

  • Confidence: Low

So that, we’ve got a new detector For-Continue-Increment, here is a detector structure:

Also, if you are interested in the related vulnerability, check this resource! Big thanks to ljmanini for the idea and Idrocortisone for the code!

Please let us know if you have discovered an issue/bug/vulnerability via our custom Slither detectors. You may contact us via opening a PR/Issue or directly, whichever is more convenient for you!

II — Slitherin News Feed

FileCoin Proposal X Slitherin:

We’ve made a proposal to Filecoin Foundation (FileCoin): github.com/filecoin-project/devgrants/issues/1587please support our initiative:

https://github.com/filecoin-project/devgrants/issues/1587

HackFs Hackathon X Slitherin:

We’ve also participated in the HackFs Hackathon! Here is the link:

https://www.ethglobal.com/showcase/filecoin-security-plugin-0wfdr

ETH Belgrade X Slitherin:

We also attended the ETH Belgrade conference where we talked about Slitherin & Spotter:

https://twitter.com/kirillmadorin/status/1665295295519903744?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1665295295519903744%7Ctwgr%5E8dabbbaaa75478d742b6a29788687dd70ec31390%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Ftype%3Dtext2Fhtmlkey%3Da19fcc184b9711e1b4764040d3dc5c07schema%3Dtwitterurl%3Dhttps3A%2F%2Ftwitter.com%2Fkirillmadorin%2Fstatus%2F16652952955199037443Fref_src3Dtwsrc255Etfw257Ctwcamp255Etweetembed257Ctwterm255E1665295295519903744257Ctwgr255E25cd9ca4371c90887aec37ceb6a3675b75fe2f03257Ctwcon255Es1_26ref_url3Dhttps253A252F252Fcdn.embedly.com252Fwidgets252Fmedia.html253Ftype253Dtext2Fhtmlkey253Da19fcc184b9711e1b4764040d3dc5c07schema253Dtwitterurl253Dhttps3A252F252Ftwitter.com252Fkirillmadorin252Fstatus252F16652952955199037443Ft3DqoXLOtnmWUax95y6U6J6Nw26s3D19image253Dhttps3A252F252Fi.embed.ly252F1252Fimage3Furl3Dhttps253A252F252Fabs.twimg.com252Ferrors252Flogo46x38.png26key3Da19fcc184b9711e1b4764040d3dc5c07image%3Dhttps3A%2F%2Fi.embed.ly%2F1%2Fimage3Furl3Dhttps253A252F252Fabs.twimg.com252Ferrors252Flogo46x38.png26key3Da19fcc184b9711e1b4764040d3dc5c07

We would like to thank the organizers and everyone we met there!

In the near future, we intend to pitch Spotter at a significant number of conferences and turn on protection for a couple of our cordial DeFi protocols. This year promises to be full with exciting events!

Future Plans

  1. We plan to create a more straightforward installation using a pip package, much thanks Aganinev for the idea!

  2. Optimizations to our detectors are coming soon. Much thanks to Idrocortisone and his own tool which helps us to check the FP rate!

  3. More detectors to be released soon as well!

Stay tuned!

III — Thank You!

If you have any further questions or suggestions, please join our Discord Server or Telegram chat! We hope to see you there, and we intend to support the community and its initiatives!

Several audits have been completed successfully! By the way, here are some vacant slots now so if your project needs an audit — feel free to write to us, visit our public reports page here!

https://github.com/pessimistic-io/slitherin

Our team would also like to express our deepest gratitude to the Slither tool creators: Josselin Feist, Gustavo Grieco, and Alex Groce, as well as Crytic, Trail of Bits’ blockchain security division, and all the people who believe in the original tool and its evolution:

https://blog.pessimistic.io/slither-an-auditors-cornucopia-a8793ea96e67

We sincerely hope you find our work useful and appreciate any feedback, so please do not hesitate to contact us! The best answers and questions may be included in the next blog post. We hope that this article was informative and useful for you!

Stay safe!

ARWEAVE TX

HZdGZTbYlpJ1hv2mULIm_uH08Nbp2jNSxapSpFuuoIE

ETHEREUM ADDRESS

0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A

CONTENT DIGEST

onJHwOT23WMZyjNYus0yngOZybnBGWAi18XCQFFVW7Q

Recommended Reading
🚀TrendX Financing Daily News 04/22/2024