Leveraging Slither and Interval Analysis to build a Static Analysis Tool

TL;DR

This paper introduces a static analysis approach combining Slither and interval analysis to detect smart contract defects that are often missed by existing tools, aiming to improve security and reliability.

Contribution

We developed a novel static analysis tool based on Slither and interval analysis, extending it with instruction-specific constraints to enhance defect detection accuracy.

Findings

Potential to detect previously missed smart contract defects

Effective integration with existing static analysis tools

Promising results on benchmark smart contracts

Abstract

Even though much progress has been made in identifying and mitigating smart contract vulnerabilities, we often hear about coding or design issues leading to great financial losses. This paper presents our progress toward finding defects that are sometimes not detected or completely detected by state-of-the-art analysis tools. Although it is still in its incipient phase, we developed a working solution built on top of Slither that uses interval analysis to evaluate the contract state during the execution of each instruction. To improve the accuracy of our results, we extend interval analysis by also considering the constraints imposed by specific instructions. We present the current solution architecture in detail and show how it could be extended to other static analysis techniques, including how it can be integrated with other third-party tools. Our current benchmarks contain examples of smart contracts that highlight the potential of this approach to detect certain code defects.