<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>ディテクタ</title>
	<atom:link href="https://techgrowup.net/tag/%e3%83%87%e3%82%a3%e3%83%86%e3%82%af%e3%82%bf/feed/" rel="self" type="application/rss+xml" />
	<link>https://techgrowup.net</link>
	<description>エンジニアを強くする</description>
	<lastBuildDate>Mon, 21 Apr 2025 23:00:00 +0000</lastBuildDate>
	<language>ja</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://techgrowup.net/wp-content/uploads/2021/05/hp-icon-150x150.png</url>
	<title>ディテクタ</title>
	<link>https://techgrowup.net</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Solidity静的解析ツール「Slither」ガイド──インストールから独自ディテクタ実装・CI統合まで網羅</title>
		<link>https://techgrowup.net/blockchain-slither/</link>
					<comments>https://techgrowup.net/blockchain-slither/?noamp=mobile#respond</comments>
		
		<dc:creator><![CDATA[techgrowup]]></dc:creator>
		<pubDate>Mon, 21 Apr 2025 23:00:00 +0000</pubDate>
				<category><![CDATA[ブロックチェーン]]></category>
		<category><![CDATA[Crytic]]></category>
		<category><![CDATA[Python API]]></category>
		<category><![CDATA[SARIF]]></category>
		<category><![CDATA[Slither]]></category>
		<category><![CDATA[Solidity静的解析]]></category>
		<category><![CDATA[スマートコントラクト監査]]></category>
		<category><![CDATA[セキュリティツール]]></category>
		<category><![CDATA[ディテクタ]]></category>
		<guid isPermaLink="false">https://techgrowup.net/?p=2799</guid>

					<description><![CDATA[はじめに スマートコントラクトは不変性こそ最大の長所ですが、同時に「脆弱性を後から修正しづらい」という致命的な短所を抱えています。実際、多くのDeFiハッキング事件が再入可能性や整数オーバーフローといった基本的ミスに起因 [&#8230;]]]></description>
										<content:encoded><![CDATA[
<h1 class="wp-block-heading">はじめに</h1>



<p class="wp-block-paragraph">スマートコントラクトは不変性こそ最大の長所ですが、同時に「脆弱性を後から修正しづらい」という致命的な短所を抱えています。実際、多くのDeFiハッキング事件が<strong>再入可能性</strong>や<strong>整数オーバーフロー</strong>といった基本的ミスに起因しています。こうした問題を早期に発見する手段として注目されるのが<strong>静的解析ツール</strong>です。中でも <strong>Slither</strong> はCrytic（Trail of Bits傘下）が開発し、GitHubスター数3k超を誇る事実上の標準フレームワークになっています。本記事ではリポジトリ <a rel="noopener" target="_blank" class="" href="https://github.com/crytic/slither">https://github.com/crytic/slither<span class="fa fa-external-link external-icon anchor-icon"></span></a> を参照しつつ、Slitherの導入から高度な活用法までを解説します。</p>



<h2 class="wp-block-heading">Slitherの概要</h2>



<h3 class="wp-block-heading">特徴</h3>



<ul class="wp-block-list">
<li><strong>80種類以上のディテクタ</strong>：再入可能性、写像初期化忘れ、tx.origin 誤用などを自動検出</li>



<li><strong>ゼロ依存インストール</strong>：<code>pip install slither-analyzer</code> のみ</li>



<li><strong>詳細メトリクス</strong>：関数サイクロマティック複雑度、ガスコスト推定</li>



<li><strong>Python API</strong>：AST/CFG/SSAを取得し、独自解析が可能</li>



<li><strong>SARIF出力</strong>：GitHub Advanced Securityでの可視化に対応</li>
</ul>



<h3 class="wp-block-heading">高速解析の仕組み</h3>



<p class="wp-block-paragraph">SlitherはSolidityコンパイラ<code>solc</code>の<strong>AST (Abstract Syntax Tree)をJSONで取得し、内部でStatic Single Assignment (SSA)</strong> へ変換します。制御フローグラフ (CFG) を生成し、パターンマッチ＋データフロー解析で脆弱性を判断。バイトコード解析型のMythrilに比べ高速で、CIでもタイムアウトしにくいのが利点です。</p>



<h2 class="wp-block-heading">インストールと基本コマンド</h2>



<div class="wp-block-kevinbatdorf-code-block-pro" data-code-block-pro-font-family="Code-Pro-JetBrains-Mono" style="font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)"><span style="display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E"><svg xmlns="http://www.w3.org/2000/svg" width="54" height="14" viewBox="0 0 54 14"><g fill="none" fill-rule="evenodd" transform="translate(1 1)"><circle cx="6" cy="6" r="6" fill="#FF5F56" stroke="#E0443E" stroke-width=".5"></circle><circle cx="26" cy="6" r="6" fill="#FFBD2E" stroke="#DEA123" stroke-width=".5"></circle><circle cx="46" cy="6" r="6" fill="#27C93F" stroke="#1AAB29" stroke-width=".5"></circle></g></svg></span><span role="button" tabindex="0" data-code="# Python 3.8+
pip install slither-analyzer            # グローバル導入
cd my-contracts                         # Truffle/Hardhat プロジェクト直下
slither .                               # 全.sol解析" style="color:#D4D4D4;display:none" aria-label="Copy" class="code-block-pro-copy-button"><svg xmlns="http://www.w3.org/2000/svg" style="width:24px;height:24px" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path class="with-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4"></path><path class="without-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2"></path></svg></span><pre class="shiki dark-plus" style="background-color: #1E1E1E" tabindex="0"><code><span class="line"><span style="color: #6A9955"># Python 3.8+</span></span>
<span class="line"><span style="color: #DCDCAA">pip</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">install</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">slither-analyzer</span><span style="color: #D4D4D4">            </span><span style="color: #6A9955"># グローバル導入</span></span>
<span class="line"><span style="color: #DCDCAA">cd</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">my-contracts</span><span style="color: #D4D4D4">                         </span><span style="color: #6A9955"># Truffle/Hardhat プロジェクト直下</span></span>
<span class="line"><span style="color: #DCDCAA">slither</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">.</span><span style="color: #D4D4D4">                               </span><span style="color: #6A9955"># 全.sol解析</span></span></code></pre></div>



<p class="wp-block-paragraph"><code>solc-select</code>で特定バージョンを使う場合</p>



<div class="wp-block-kevinbatdorf-code-block-pro" data-code-block-pro-font-family="Code-Pro-JetBrains-Mono" style="font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)"><span style="display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E"><svg xmlns="http://www.w3.org/2000/svg" width="54" height="14" viewBox="0 0 54 14"><g fill="none" fill-rule="evenodd" transform="translate(1 1)"><circle cx="6" cy="6" r="6" fill="#FF5F56" stroke="#E0443E" stroke-width=".5"></circle><circle cx="26" cy="6" r="6" fill="#FFBD2E" stroke="#DEA123" stroke-width=".5"></circle><circle cx="46" cy="6" r="6" fill="#27C93F" stroke="#1AAB29" stroke-width=".5"></circle></g></svg></span><span role="button" tabindex="0" data-code="solc-select install 0.8.23
solc-select use 0.8.23
slither . --solc-version 0.8.23" style="color:#D4D4D4;display:none" aria-label="Copy" class="code-block-pro-copy-button"><svg xmlns="http://www.w3.org/2000/svg" style="width:24px;height:24px" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path class="with-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4"></path><path class="without-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2"></path></svg></span><pre class="shiki dark-plus" style="background-color: #1E1E1E" tabindex="0"><code><span class="line"><span style="color: #DCDCAA">solc-select</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">install</span><span style="color: #D4D4D4"> </span><span style="color: #B5CEA8">0.8</span><span style="color: #CE9178">.23</span></span>
<span class="line"><span style="color: #DCDCAA">solc-select</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">use</span><span style="color: #D4D4D4"> </span><span style="color: #B5CEA8">0.8</span><span style="color: #CE9178">.23</span></span>
<span class="line"><span style="color: #DCDCAA">slither</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">.</span><span style="color: #D4D4D4"> </span><span style="color: #569CD6">--solc-version</span><span style="color: #D4D4D4"> </span><span style="color: #B5CEA8">0.8</span><span style="color: #CE9178">.23</span></span></code></pre></div>



<p class="wp-block-paragraph">出力例（抜粋）</p>



<div class="wp-block-kevinbatdorf-code-block-pro" data-code-block-pro-font-family="Code-Pro-JetBrains-Mono" style="font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)"><span style="display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E"><svg xmlns="http://www.w3.org/2000/svg" width="54" height="14" viewBox="0 0 54 14"><g fill="none" fill-rule="evenodd" transform="translate(1 1)"><circle cx="6" cy="6" r="6" fill="#FF5F56" stroke="#E0443E" stroke-width=".5"></circle><circle cx="26" cy="6" r="6" fill="#FFBD2E" stroke="#DEA123" stroke-width=".5"></circle><circle cx="46" cy="6" r="6" fill="#27C93F" stroke="#1AAB29" stroke-width=".5"></circle></g></svg></span><span role="button" tabindex="0" data-code="Reentrancy in MyVault.withdraw(uint256) [ReentrancyInFunctions] 
  External calls:
      - TransferHelper.safeTransfer(...)
  State variables written after the call(s):
      - balances[msg.sender] = 0

Low level call in …" style="color:#D4D4D4;display:none" aria-label="Copy" class="code-block-pro-copy-button"><svg xmlns="http://www.w3.org/2000/svg" style="width:24px;height:24px" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path class="with-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4"></path><path class="without-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2"></path></svg></span><pre class="shiki dark-plus" style="background-color: #1E1E1E" tabindex="0"><code><span class="line"><span style="color: #D4D4D4">Reentrancy in MyVault.withdraw(uint256) [</span><span style="color: #9CDCFE">ReentrancyInFunctions</span><span style="color: #D4D4D4">] </span></span>
<span class="line"><span style="color: #D4D4D4">  External calls:</span></span>
<span class="line"><span style="color: #D4D4D4">      - TransferHelper.safeTransfer(...)</span></span>
<span class="line"><span style="color: #D4D4D4">  State variables written after the call(</span><span style="color: #D7BA7D">s</span><span style="color: #D4D4D4">):</span></span>
<span class="line"><span style="color: #D4D4D4">      - balances[msg.sender] = 0</span></span>
<span class="line"></span>
<span class="line"><span style="color: #D4D4D4">Low level call in …</span></span></code></pre></div>



<h2 class="wp-block-heading">代表的ディテクタと対策</h2>



<figure class="wp-block-table"><div class="scrollable-table"><table class="has-fixed-layout"><thead><tr><th>カテゴリ</th><th>ディテクタ名</th><th>検出内容</th><th>典型的修正</th></tr></thead><tbody><tr><td>再入可能性</td><td><code>reentrancy-eth</code></td><td>外部呼び出し後に状態更新</td><td>Checks-Effects-Interactions パターン</td></tr><tr><td>アクセス制御</td><td><code>tx-origin</code></td><td><code>tx.origin</code> の誤用</td><td><code>msg.sender</code> に置換</td></tr><tr><td>数学的安全性</td><td><code>divide-before-multiply</code></td><td>乗算前の除算で精度損失</td><td>SafeMath or Solidity 0.8 での built‑in チェック</td></tr><tr><td>初期化</td><td><code>missing-zero-check</code></td><td>コンストラクタでmap[key]==0を前提</td><td>マッピング初期値の明示</td></tr><tr><td>ガス最適</td><td><code>costly-loop</code></td><td>ガス高いfor/while</td><td>ループ回数制限・イベント分割</td></tr></tbody></table></div></figure>



<p class="wp-block-paragraph">詳細は<code>slither --list-detectors</code>で確認すると自動出力されます。</p>



<h2 class="wp-block-heading">プリンタ（Printers）でコード理解を加速</h2>



<div class="wp-block-kevinbatdorf-code-block-pro" data-code-block-pro-font-family="Code-Pro-JetBrains-Mono" style="font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)"><span style="display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E"><svg xmlns="http://www.w3.org/2000/svg" width="54" height="14" viewBox="0 0 54 14"><g fill="none" fill-rule="evenodd" transform="translate(1 1)"><circle cx="6" cy="6" r="6" fill="#FF5F56" stroke="#E0443E" stroke-width=".5"></circle><circle cx="26" cy="6" r="6" fill="#FFBD2E" stroke="#DEA123" stroke-width=".5"></circle><circle cx="46" cy="6" r="6" fill="#27C93F" stroke="#1AAB29" stroke-width=".5"></circle></g></svg></span><span role="button" tabindex="0" data-code="slither . --print contract-summary
slither . --print function-summary --filter &quot;MyToken&quot;
slither . --print cfg --export-graph cfg.png" style="color:#D4D4D4;display:none" aria-label="Copy" class="code-block-pro-copy-button"><svg xmlns="http://www.w3.org/2000/svg" style="width:24px;height:24px" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path class="with-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4"></path><path class="without-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2"></path></svg></span><pre class="shiki dark-plus" style="background-color: #1E1E1E" tabindex="0"><code><span class="line"><span style="color: #DCDCAA">slither</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">.</span><span style="color: #D4D4D4"> </span><span style="color: #569CD6">--print</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">contract-summary</span></span>
<span class="line"><span style="color: #DCDCAA">slither</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">.</span><span style="color: #D4D4D4"> </span><span style="color: #569CD6">--print</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">function-summary</span><span style="color: #D4D4D4"> </span><span style="color: #569CD6">--filter</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">&quot;MyToken&quot;</span></span>
<span class="line"><span style="color: #DCDCAA">slither</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">.</span><span style="color: #D4D4D4"> </span><span style="color: #569CD6">--print</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">cfg</span><span style="color: #D4D4D4"> </span><span style="color: #569CD6">--export-graph</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">cfg.png</span></span></code></pre></div>



<ul class="wp-block-list">
<li><strong>contract-summary</strong>：継承関係・関数一覧</li>



<li><strong>function-summary</strong>：呼び出しグラフ、state変数読書一覧</li>



<li><strong>cfg</strong>：Control Flow GraphをGraphVizで可視化</li>
</ul>



<p class="wp-block-paragraph">これにより、外部監査前の内部レビューや新人教育が効率化します。</p>



<h2 class="wp-block-heading">Python APIで独自ディテクタを書く</h2>



<div class="wp-block-kevinbatdorf-code-block-pro" data-code-block-pro-font-family="Code-Pro-JetBrains-Mono" style="font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)"><span style="display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E"><svg xmlns="http://www.w3.org/2000/svg" width="54" height="14" viewBox="0 0 54 14"><g fill="none" fill-rule="evenodd" transform="translate(1 1)"><circle cx="6" cy="6" r="6" fill="#FF5F56" stroke="#E0443E" stroke-width=".5"></circle><circle cx="26" cy="6" r="6" fill="#FFBD2E" stroke="#DEA123" stroke-width=".5"></circle><circle cx="46" cy="6" r="6" fill="#27C93F" stroke="#1AAB29" stroke-width=".5"></circle></g></svg></span><span role="button" tabindex="0" data-code="from slither.slither import Slither
from slither.detectors.abstract_detector import AbstractDetector, DETECTOR_INFO, DetectorClassification

class NoPayable(AbstractDetector):
    ARGUMENT = &quot;no-payable&quot;
    HELP = &quot;Detect missing payable in public functions&quot;
    IMPACT = DetectorClassification.HIGH
    CONFIDENCE = DetectorClassification.MEDIUM

    @classmethod
    def _detect(cls, slither: Slither):
        results = []
        for contract in slither.contracts:
            for func in contract.functions_declared:
                if func.visibility == &quot;public&quot; and func.payable:
                    continue
                if &quot;value&quot; in [c.name for c in func.state_variables_written]:
                    res = cls.generate_result(f&quot;{func.full_name} writes value but is not payable&quot;, func.source_mapping)
                    results.append(res)
        return results" style="color:#D4D4D4;display:none" aria-label="Copy" class="code-block-pro-copy-button"><svg xmlns="http://www.w3.org/2000/svg" style="width:24px;height:24px" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path class="with-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4"></path><path class="without-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2"></path></svg></span><pre class="shiki dark-plus" style="background-color: #1E1E1E" tabindex="0"><code><span class="line"><span style="color: #C586C0">from</span><span style="color: #D4D4D4"> slither.slither </span><span style="color: #C586C0">import</span><span style="color: #D4D4D4"> Slither</span></span>
<span class="line"><span style="color: #C586C0">from</span><span style="color: #D4D4D4"> slither.detectors.abstract_detector </span><span style="color: #C586C0">import</span><span style="color: #D4D4D4"> AbstractDetector, DETECTOR_INFO, DetectorClassification</span></span>
<span class="line"></span>
<span class="line"><span style="color: #569CD6">class</span><span style="color: #D4D4D4"> </span><span style="color: #4EC9B0">NoPayable</span><span style="color: #D4D4D4">(</span><span style="color: #4EC9B0">AbstractDetector</span><span style="color: #D4D4D4">):</span></span>
<span class="line"><span style="color: #D4D4D4">    ARGUMENT = </span><span style="color: #CE9178">&quot;no-payable&quot;</span></span>
<span class="line"><span style="color: #D4D4D4">    HELP = </span><span style="color: #CE9178">&quot;Detect missing payable in public functions&quot;</span></span>
<span class="line"><span style="color: #D4D4D4">    IMPACT = DetectorClassification.HIGH</span></span>
<span class="line"><span style="color: #D4D4D4">    CONFIDENCE = DetectorClassification.MEDIUM</span></span>
<span class="line"></span>
<span class="line"><span style="color: #D4D4D4">    </span><span style="color: #DCDCAA">@</span><span style="color: #4EC9B0">classmethod</span></span>
<span class="line"><span style="color: #D4D4D4">    </span><span style="color: #569CD6">def</span><span style="color: #D4D4D4"> </span><span style="color: #DCDCAA">_detect</span><span style="color: #D4D4D4">(</span><span style="color: #9CDCFE">cls</span><span style="color: #D4D4D4">, </span><span style="color: #9CDCFE">slither</span><span style="color: #D4D4D4">: Slither):</span></span>
<span class="line"><span style="color: #D4D4D4">        results = []</span></span>
<span class="line"><span style="color: #D4D4D4">        </span><span style="color: #C586C0">for</span><span style="color: #D4D4D4"> contract </span><span style="color: #C586C0">in</span><span style="color: #D4D4D4"> slither.contracts:</span></span>
<span class="line"><span style="color: #D4D4D4">            </span><span style="color: #C586C0">for</span><span style="color: #D4D4D4"> func </span><span style="color: #C586C0">in</span><span style="color: #D4D4D4"> contract.functions_declared:</span></span>
<span class="line"><span style="color: #D4D4D4">                </span><span style="color: #C586C0">if</span><span style="color: #D4D4D4"> func.visibility == </span><span style="color: #CE9178">&quot;public&quot;</span><span style="color: #D4D4D4"> </span><span style="color: #569CD6">and</span><span style="color: #D4D4D4"> func.payable:</span></span>
<span class="line"><span style="color: #D4D4D4">                    </span><span style="color: #C586C0">continue</span></span>
<span class="line"><span style="color: #D4D4D4">                </span><span style="color: #C586C0">if</span><span style="color: #D4D4D4"> </span><span style="color: #CE9178">&quot;value&quot;</span><span style="color: #D4D4D4"> </span><span style="color: #569CD6">in</span><span style="color: #D4D4D4"> [c.name </span><span style="color: #C586C0">for</span><span style="color: #D4D4D4"> c </span><span style="color: #C586C0">in</span><span style="color: #D4D4D4"> func.state_variables_written]:</span></span>
<span class="line"><span style="color: #D4D4D4">                    res = </span><span style="color: #569CD6">cls</span><span style="color: #D4D4D4">.generate_result(</span><span style="color: #569CD6">f</span><span style="color: #CE9178">&quot;</span><span style="color: #569CD6">{</span><span style="color: #D4D4D4">func.full_name</span><span style="color: #569CD6">}</span><span style="color: #CE9178"> writes value but is not payable&quot;</span><span style="color: #D4D4D4">, func.source_mapping)</span></span>
<span class="line"><span style="color: #D4D4D4">                    results.append(res)</span></span>
<span class="line"><span style="color: #D4D4D4">        </span><span style="color: #C586C0">return</span><span style="color: #D4D4D4"> results</span></span></code></pre></div>



<p class="wp-block-paragraph"><code>python my_detector.py</code> 実行で独自ルールが適用され、社内標準ポリシーの自動チェックが可能になります。</p>



<h2 class="wp-block-heading">CI/CD統合（GitHub&nbsp;Actions例）</h2>



<div class="wp-block-kevinbatdorf-code-block-pro" data-code-block-pro-font-family="Code-Pro-JetBrains-Mono" style="font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)"><span style="display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#1E1E1E"><svg xmlns="http://www.w3.org/2000/svg" width="54" height="14" viewBox="0 0 54 14"><g fill="none" fill-rule="evenodd" transform="translate(1 1)"><circle cx="6" cy="6" r="6" fill="#FF5F56" stroke="#E0443E" stroke-width=".5"></circle><circle cx="26" cy="6" r="6" fill="#FFBD2E" stroke="#DEA123" stroke-width=".5"></circle><circle cx="46" cy="6" r="6" fill="#27C93F" stroke="#1AAB29" stroke-width=".5"></circle></g></svg></span><span role="button" tabindex="0" data-code="name: Slither
on: [pull_request]
jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup
        run: |
          pip install slither-analyzer
          solc-select install 0.8.23 &amp;&amp; solc-select use 0.8.23
      - name: Run Slither
        run: |
          slither . --sarif slither.sarif || true
      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: slither.sarif" style="color:#D4D4D4;display:none" aria-label="Copy" class="code-block-pro-copy-button"><svg xmlns="http://www.w3.org/2000/svg" style="width:24px;height:24px" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path class="with-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4"></path><path class="without-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2"></path></svg></span><pre class="shiki dark-plus" style="background-color: #1E1E1E" tabindex="0"><code><span class="line"><span style="color: #569CD6">name</span><span style="color: #D4D4D4">: </span><span style="color: #CE9178">Slither</span></span>
<span class="line"><span style="color: #569CD6">on</span><span style="color: #D4D4D4">: [</span><span style="color: #CE9178">pull_request</span><span style="color: #D4D4D4">]</span></span>
<span class="line"><span style="color: #569CD6">jobs</span><span style="color: #D4D4D4">:</span></span>
<span class="line"><span style="color: #D4D4D4">  </span><span style="color: #569CD6">analyze</span><span style="color: #D4D4D4">:</span></span>
<span class="line"><span style="color: #D4D4D4">    </span><span style="color: #569CD6">runs-on</span><span style="color: #D4D4D4">: </span><span style="color: #CE9178">ubuntu-latest</span></span>
<span class="line"><span style="color: #D4D4D4">    </span><span style="color: #569CD6">steps</span><span style="color: #D4D4D4">:</span></span>
<span class="line"><span style="color: #D4D4D4">      - </span><span style="color: #569CD6">uses</span><span style="color: #D4D4D4">: </span><span style="color: #CE9178">actions/checkout@v3</span></span>
<span class="line"><span style="color: #D4D4D4">      - </span><span style="color: #569CD6">name</span><span style="color: #D4D4D4">: </span><span style="color: #CE9178">Setup</span></span>
<span class="line"><span style="color: #D4D4D4">        </span><span style="color: #569CD6">run</span><span style="color: #D4D4D4">: </span><span style="color: #C586C0">|</span></span>
<span class="line"><span style="color: #CE9178">          pip install slither-analyzer</span></span>
<span class="line"><span style="color: #CE9178">          solc-select install 0.8.23 &amp;&amp; solc-select use 0.8.23</span></span>
<span class="line"><span style="color: #D4D4D4">      - </span><span style="color: #569CD6">name</span><span style="color: #D4D4D4">: </span><span style="color: #CE9178">Run Slither</span></span>
<span class="line"><span style="color: #D4D4D4">        </span><span style="color: #569CD6">run</span><span style="color: #D4D4D4">: </span><span style="color: #C586C0">|</span></span>
<span class="line"><span style="color: #CE9178">          slither . --sarif slither.sarif || true</span></span>
<span class="line"><span style="color: #D4D4D4">      - </span><span style="color: #569CD6">name</span><span style="color: #D4D4D4">: </span><span style="color: #CE9178">Upload SARIF</span></span>
<span class="line"><span style="color: #D4D4D4">        </span><span style="color: #569CD6">uses</span><span style="color: #D4D4D4">: </span><span style="color: #CE9178">github/codeql-action/upload-sarif@v2</span></span>
<span class="line"><span style="color: #D4D4D4">        </span><span style="color: #569CD6">with</span><span style="color: #D4D4D4">:</span></span>
<span class="line"><span style="color: #D4D4D4">          </span><span style="color: #569CD6">sarif_file</span><span style="color: #D4D4D4">: </span><span style="color: #CE9178">slither.sarif</span></span></code></pre></div>



<p class="wp-block-paragraph"><strong>GitHub Advanced Security</strong> のUIで脆弱性がPRレビューにインライン表示され、修正フローが高速化します。</p>



<h2 class="wp-block-heading">高度な活用：Slither&nbsp;in&nbsp;Foundry &amp; Hardhat</h2>



<ul class="wp-block-list">
<li><strong>Foundry</strong>：<code>forge install crytic/slither</code> でビルトイン。一行で<code>forge slither</code>が実行可。</li>



<li><strong>Hardhat</strong>：<code>hardhat-slither-plugin</code> を導入し、コンパイル後フックで解析を自動化。</li>
</ul>



<p class="wp-block-paragraph">Gasレポートと合わせて実行し、セキュリティとコストの両面を同時にチェックできます。</p>



<h2 class="wp-block-heading">既知の制限と将来ロードマップ</h2>



<figure class="wp-block-table"><div class="scrollable-table"><table class="has-fixed-layout"><thead><tr><th>項目</th><th>現状</th><th>今後の改善</th></tr></thead><tbody><tr><td>Yul 支持</td><td>部分対応</td><td>Full&nbsp;YulとInline&nbsp;Assembly対応予定</td></tr><tr><td>多言語VM</td><td>Solidityのみ</td><td>Vyper ASTを進行中</td></tr><tr><td>実行時間</td><td>大型monorepoで数分</td><td>マルチプロセス化＆キャッシュ導入計画</td></tr></tbody></table></div></figure>



<p class="wp-block-paragraph">コミュニティIssueに「EIP‑7201 StorageLayout」チェック追加が提案されており、大規模アップグレードにも対応予定です。</p>



<h2 class="wp-block-heading">まとめ</h2>



<p class="wp-block-paragraph">Slitherは<strong>高速・高精度</strong>かつ<strong>拡張性が高い</strong>Solidity静的解析フレームワークです。標準ディテクタで一般的な脆弱性を網羅しつつ、Python&nbsp;APIで独自ルールを組み込むことで、プロジェクト固有のセキュリティポリシーも自動で検証できます。</p>



<ul class="wp-block-list">
<li>まずは<code>pip install slither-analyzer</code>で導入し、<code>slither .</code>で現状のバグを洗い出す</li>



<li>GitHub ActionsやFoundry CIに組み込み、開発サイクルの初期段階で脆弱性を捕捉</li>



<li>重要ロジックにはカスタムディテクタ＋Echidna Fuzzで二重防御</li>
</ul>



<p class="wp-block-paragraph">これらの手順を踏むことで、スマートコントラクトの信頼性と運用コストを大幅に改善できます。Trail&nbsp;of&nbsp;Bitsの監査レベルの解析を日常的な開発フローへ──それがSlither活用の真価です。</p>
]]></content:encoded>
					
					<wfw:commentRss>https://techgrowup.net/blockchain-slither/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/?utm_source=w3tc&utm_medium=footer_comment&utm_campaign=free_plugin

Disk: Enhanced  を使用したページ キャッシュ

Served from: techgrowup.net @ 2026-07-04 08:53:15 by W3 Total Cache
-->