Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Slither is Trail of Bits' static analyser for Solidity — ~80 detectors covering everything from reentrancy to weak randomness to incorrect ERC-20 returns. It's not a fuzzer; it's pattern-matching on the AST. False-positive heavy, but fast and free. Every audit starts with a Slither run before any manual review.
Workflow: slither <repo> produces JSON + console output. Filter by severity (--exclude informational). Triage the High/Critical hits manually. Most are false positives; the few real ones are bugs you'd find in manual review eventually, faster here.
pip install slither-analyzer. Run on a known-vulnerable contract (DamnVulnerableDeFi's UnstoppableVault). Read every High/Critical finding.Use these three in order. Each builds on the one before.
In one paragraph, describe Slither and its place in the audit workflow.
Walk me through a Slither finding from output to remediation.
Write a custom Slither detector for a project-specific pattern.