Use Slither for Solidity contracts static analysis (#48)

[Slither](https://github.com/crytic/slither) is static analysis
framework for Solidity contracts.

Author: r-czajkowski

.github/workflows/core.yaml

@@ -58,6 +58,40 @@ jobs:
             core/typechain/
           if-no-files-found: error
 
+  core-slither:
+    needs: [core-build]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: "core/.nvmrc"
+          cache: "yarn"
+          cache-dependency-path: "core/yarn.lock"
+
+      - name: Install Dependencies
+        run: yarn install --prefer-offline --frozen-lockfile
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+
+      - name: Install Slither
+        env:
+          SLITHER_VERSION: 0.9.6
+        run: pip3 install slither-analyzer==$SLITHER_VERSION
+
+      - name: Download Build Artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: core-build
+          path: core/
+
+      - name: Run Slither
+        run: slither --hardhat-ignore-compile .
+
   core-test:
     needs: [core-build]
     runs-on: ubuntu-latest

README.md

@@ -34,3 +34,24 @@ pre-commit run --all-files
 # Execute hooks for specific files (e.g. Acre.sol):
 pre-commit run --files ./core/contracts/Acre.sol
 ```
+
+### Slither
+
+[Slither](https://github.com/crytic/slither) is a static analysis framework used
+for Solidity contracts verification.
+
+#### Install
+
+To install Slither execute:
+
+```sh
+pip3 install slither-analyzer
+```
+
+#### Usage
+
+To run Slither execute:
+
+```sh
+slither .
+```

core/slither.config.json

@@ -1,4 +1,5 @@
 {
+  "detectors_to_exclude": "assembly,naming-convention,timestamp,pragma,solc-version",
   "hardhat_artifacts_directory": "build",
   "filter_paths": "node_modules/.*"
 }