For developers familiar with Slither, you can directly navigate to the detectors interface to view the rules. https://github.com/MetaTrustLabs/falcon-metatrust/tree/main/falcon/detectors
We also have about 40 original rules that have not been released yet. In the future, we will gradually make the rule source code public. Part of these rules,Please check "[Part of] Optimized and Added Detectors"
Join the Club
Metatrust Telegram- Discussions and Support
Welcome! We are the Metatrust.Labs. Over recent months, we've devoted our energies to refining and expanding the capabilities of the renowned Slither detectors. As a result, we proudly introduce Falcon — our advanced iteration of the Slither detectors.
Recognizing the challenges associated with code review and audit processes, we took it upon ourselves not just to enhance the sensitivity of our detectors, but also to drastically reduce the frequency of false positives. By doing so, we believe we've created the most efficient version of the Slither detectors to date. Falcon has been enriched with an abundance of new detectors, while nearly 100 of the existing ones have been optimized for better precision.
Our detectors in Falcon are designed with the primary goal of identifying potential issues to assist code auditors. They serve as a highly efficient automation tool, meticulously scanning against a vast checklist of potential vulnerabilities.
Falcon is a comprehensive Solidity static analysis framework crafted in Python3. Not only does it run an extensive suite of vulnerability detectors, but it also offers visual insights about contract specifics and furnishes an API designed for the easy development of custom analyses.
Building upon the foundations laid by Slither, Falcon introduces dozens of novel rules tailored for the current smart contract landscape. This includes detection mechanisms for logic inconsistencies, DeFi price manipulation vulnerabilities, centralization risks, and Time-of-Check to Time-of-Use (ToD) vulnerabilities. However, we'd like to highlight that some of these advanced checks come as premium offerings and are subject to fees.
By leveraging Falcon, developers can unearth vulnerabilities in their code, gain deeper insights into their contracts, and rapidly draft custom analyses tailored to their unique requirements.
Should you come across any issues, bugs, or vulnerabilities while utilizing our Falcon detectors, please don't hesitate to reach out. Whether it's through opening a PR/Issue or contacting us directly, we appreciate all feedback. For any further inquiries or suggestions, join our vibrant community on Discord or Telegram. We're committed to fostering a robust community, continuously enhancing our offerings, and championing collective initiatives.
- MWE Wiki
- MWE Category Tree
- GPTScan
- This is our unique smart contract vulnerability scanning engine based on GPT and Falcon’s AI empower
Ensure you have Python (version 3.9 or newer) installed on your system.
-
Navigate to the Falcon project root directory.
-
Run the following command to install Falcon:
pip3 install -r requirements-dev.txt python setup.py install
-
After successful installation, you should have access to the Falcon command-line interface.
This is similar to the slither
folder in the Slither project. The /falcon
folder contains the core functionalities and components of the Falcon static analysis engine, including:
- The main framework for AST analysis.
- Libraries and modules responsible for parsing smart contracts.
- Intermediate representations (IRs) for smart contracts.
- The core logic that drives the Falcon static analysis processes.
This folder contains the set of detectors, primarily inspired by Slither's rules. They are designed to identify vulnerabilities, misconfigurations, and potential issues within the smart contracts:
- Each detector script in this folder targets a specific vulnerability type.
- The detectors parse and analyze the smart contract IRs to discover any potential threats.
- Detected issues will be reported with their severity, type, and a brief description to assist in understanding and mitigation.
To scan a smart contract without installing the package:
-
Navigate to the Falcon project root directory.
-
Run the following command:
pip3 install -r requirements-dev.txt python -m falcon [relative file based on root directory of falcon]
For example, to scan a contract located at contracts/MyContract.sol
:
pip3 install -r requirements-dev.txt
python -m falcon contracts/MyContract.sol
Detector Name | Detector File | Release Date | Note | Status |
---|---|---|---|---|
Arbitrary send erc20 Basic Library | - | 1 week later | We have optimized Arbitrary send erc20 to reduce false positives | Implemented |
Centralized | - | relaease | We believe that centralized risk is one of the risks that should not be ignored, so we have implemented multiple centralized risk vulnerability detection rules with different risk levels. | Implemented |
bad_prng | - | 1 week later | We believe that random number vulnerabilities only occur in functions with certain specific functions, so we simply filter the functions | Implemented |
Transfer Inside a Loop | - | relaease | Transfers in the loop can easily cause DOS attacks | Implemented |
DeFi Related Detectors | - | relaease | We implemented a simple price manipulation detector to detect whether there is suspicious price manipulation through taint analysis, and divided it into multiple risk levels. | Implemented |
ERC | - | 1 week later | We have implemented detectors for multiple ERC standards | Implemented |
Transaction Order Dependency | - | relaease | We implemented a detector for the Transaction Order Dependency vulnerability and divided it into multiple risk levels. | Implemented |
Reentrancy Basic Library | - | released | We have optimized a variety of corner cases and significantly reduced the false alarm rate. | Implemented |
Support on-chain data fetch | - | - | - | TODO |
Prompt-based AI vulnerability detection | - | - | Based on our unique prompt design and vulnerability confirmation logic, we can effectively dig out some logical vulnerabilities that are difficult to discover and summarize. | Implementing |
Here we indicate our updates, workflows and mark completed tasks and improvements!
You can add your own detector/idea/enhancement by opening the Issue at the following link.
Prior to adding a custom detector, ensure that:
- In a documentation file, your detector is comprehensively described;
- The detector test contract is presented and correctly compiles;
- The detector code is presented and works properly.
Prior to adding an idea, ensure that:
- Your concept or idea is well articulated;
- A vulnerability example (or PoC) is provided;
Prior to adding an enhancement, ensure that:
- Your enhancement does not make the base code worse;
- Your enhancement is commented.
Our team would like to express our deepest gratitude to the Slither tool creators: Josselin Feist, Gustavo Grieco, and Alex Groce, as well as Crytic, Trail of Bits' blockchain security division, and all the people who believe in the original tool and its evolution!
Articles:
- Slither
- How do we use Slither at Pessimistic.io
- Slither Explained
- Slither: In-Depth
- Slither Review
- Slither - Python
- Reentrancy Attacks on Smart Contracts Distilled
- Be sure to check out our blog as well!
Research Papers:
- GPTScanThis is our unique smart contract vulnerability scanning engine based on GPT and Falcon’s AIempower
- Slither: A Static Analysis Framework For Smart Contracts
- Detecting Vulnerable Ethereum Smart Contracts via Abstracted Vulnerability Signatures
- Evaluating Smart Contract Static Analysis Tools Using Bug Injection
- A Framework and DataSet for Bugs in Ethereum Smart Contracts
- A Comprehensive Survey of Upgradeable Smart Contract Patterns
Slither: In-Depth
- Accessing Private Data in Smart contracts
- Simplest way to run Slither for your Smart Contract project
- Slither Notes
- Dataset Card for Slither Audited Smart Contracts
- Auditing Tools Report: Slither
- Bridge Security Checklist: Client Side
- Slither & Echidna + Remappings
- Static Analysis of Smart Contracts with Slither & GitHub Actions
Slitherin in mass media