From 3d8c72082085a47611bdef2457947e5f8f67f126 Mon Sep 17 00:00:00 2001
From: Jun Kimura <jun.kimura@datachain.jp>
Date: Fri, 20 Sep 2024 16:54:32 +0900
Subject: [PATCH] add slither analysis to CI

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>
---
 .github/workflows/test.yml | 13 +++++++++++++
 Makefile                   |  5 +++++
 slither.config.json        |  4 ++++
 3 files changed, 22 insertions(+)
 create mode 100644 slither.config.json

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 7122d04..945a786 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -36,3 +36,16 @@ jobs:
 
     - name: Lint
       run: make lint
+
+  slither:
+    name: Slither analysis
+    needs: contract-test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: crytic/slither-action@v0.4.0
+        with:
+          node-version: 20.13
+          slither-version: 0.10.1
diff --git a/Makefile b/Makefile
index 513f7e9..8694cc1 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,6 @@
 SOLC_VERSION=0.8.20
 FORGE=forge
+SLITHER=slither
 TEST_UPGRADEABLE=false
 
 .PHONY: build
@@ -18,6 +19,10 @@ test:
 coverage:
 	@$(FORGE) coverage --ffi --use solc:$(SOLC_VERSION)
 
+.PHONY: slither
+slither:
+	@$(SLITHER) .
+
 .PHONY: fmt
 fmt:
 	@$(FORGE) fmt $(FORGE_FMT_OPTS) \
diff --git a/slither.config.json b/slither.config.json
new file mode 100644
index 0000000..bbcdead
--- /dev/null
+++ b/slither.config.json
@@ -0,0 +1,4 @@
+{
+  "detectors_to_run": "arbitrary-send-erc20,array-by-reference,incorrect-shift,name-reused,rtlo,suicidal,uninitialized-storage,arbitrary-send-erc20-permit,controlled-array-length,controlled-delegatecall,delegatecall-loop,msg-value-loop,reentrancy-eth,unchecked-transfer,weak-prng,domain-separator-collision,erc20-interface,erc721-interface,locked-ether,mapping-deletion,shadowing-abstract,tautology,write-after-write,boolean-cst,reentrancy-no-eth,reused-constructor,tx-origin,unchecked-lowlevel,unchecked-send,variable-scope,void-cst,events-access,events-maths,incorrect-unary,boolean-equal,deprecated-standards,erc20-indexed,function-init-state,pragma,reentrancy-unlimited-gas,immutable-states,var-read-using-this",
+  "filter_paths": "(test/|node_modules/|contracts/proto/)"
+}
\ No newline at end of file