Merge pull request #10 from propeller-heads/ci/tnl/ENG-4031-add-slither

feat: Add Slither to CI

.github/workflows/slither.yml

@@ -0,0 +1,16 @@
+name: Slither Analysis
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: crytic/slither-action@v0.4.0
+        with:
+          target: 'foundry/'

README.md

@@ -5,3 +5,18 @@ TODO: add banner
 Tycho Execution makes it easy to trade on different DEXs by handling the complex encoding for you. Instead of creating
 custom code for each DEX, you get a simple, ready-to-use tool that generates the necessary data to execute trades. It’s
 designed to be safe, straightforward, and quick to set up, so anyone can start trading without extra effort.
+
+# Contract Analysis
+
+We use [Slither](https://github.com/crytic/slither) to detect any potential vulnerabilities in our contracts.
+
+To run locally, simply install Slither in your conda env and run it inside the foundry directory.
+
+```
+conda create --name tycho-execution python=3.10
+conda activate tycho-execution
+
+python3 -m pip install slither-analyzer`
+cd foundry
+slither .
+```

foundry/foundry.toml

@@ -2,7 +2,7 @@
 src = 'src'
 out = 'out'
 libs = ['lib']
-solc = "0.8.18"
+solc = "0.8.28"
 evm_version = 'shanghai'
 optimizer = true
 optimizer_runs = 1000

foundry/src/Counter.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.28;
 
 contract Counter {
     uint256 public number;

foundry/src/TychoRouter.sol

@@ -0,0 +1,6 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.28;
+
+contract TychoRouter {
+    constructor() {}
+}

foundry/test/Counter.t.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.28;
 
 import {Test, console} from "forge-std/Test.sol";
 import {Counter} from "../src/Counter.sol";