Merge pull request #10 from propeller-heads/ci/tnl/ENG-4031-add-slither

feat: Add Slither to CI
2025-01-20 09:17:44 -05:00
parent a16b2affed 68dddc0663
commit 3037edd3ab
7 changed files with 41 additions and 4 deletions
--- a/.github/workflows/evm-foundry-ci.yml
+++ b/.github/workflows/evm-foundry-ci.yml
--- a/.github/workflows/slither.yml
+++ b/.github/workflows/slither.yml
@@ -0,0 +1,16 @@
+name: Slither Analysis
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: crytic/slither-action@v0.4.0
+        with:
+          target: 'foundry/'
--- a/README.md
+++ b/README.md
@@ -4,4 +4,19 @@ TODO: add banner

 Tycho Execution makes it easy to trade on different DEXs by handling the complex encoding for you. Instead of creating
 custom code for each DEX, you get a simple, ready-to-use tool that generates the necessary data to execute trades. It’s
-designed to be safe, straightforward, and quick to set up, so anyone can start trading without extra effort.
+designed to be safe, straightforward, and quick to set up, so anyone can start trading without extra effort.
+
+# Contract Analysis
+
+We use [Slither](https://github.com/crytic/slither) to detect any potential vulnerabilities in our contracts.
+
+To run locally, simply install Slither in your conda env and run it inside the foundry directory.
+
+```
+conda create --name tycho-execution python=3.10
+conda activate tycho-execution
+
+python3 -m pip install slither-analyzer`
+cd foundry
+slither .
+```
--- a/foundry/foundry.toml
+++ b/foundry/foundry.toml
@@ -2,7 +2,7 @@
 src = 'src'
 out = 'out'
 libs = ['lib']
-solc = "0.8.18"
+solc = "0.8.28"
 evm_version = 'shanghai'
 optimizer = true
 optimizer_runs = 1000
--- a/foundry/src/Counter.sol
+++ b/foundry/src/Counter.sol
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.28;

 contract Counter {
    uint256 public number;
--- a/foundry/src/TychoRouter.sol
+++ b/foundry/src/TychoRouter.sol
@@ -0,0 +1,6 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.28;
+
+contract TychoRouter {
+    constructor() {}
+}
--- a/foundry/test/Counter.t.sol
+++ b/foundry/test/Counter.t.sol
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.28;

 import {Test, console} from "forge-std/Test.sol";
 import {Counter} from "../src/Counter.sol";