From e5afaf7b9308e861fb143b354bc0049a16cdded2 Mon Sep 17 00:00:00 2001
From: Jakub Nowakowski <jakub.nowakowski@thesis.co>
Date: Thu, 23 Nov 2023 22:57:06 +0100
Subject: [PATCH 1/2] Use Slither for Solidity contracts static analysis

[Slither](https://github.com/crytic/slither) is a static analysis framework used
for Solidity contracts verification.

To install Slither execute:

```sh
pip3 install slither-analyzer
```

To run Slither execute:

```sh
slither .
```
---
 .github/workflows/core.yaml | 34 ++++++++++++++++++++++++++++++++++
 README.md                   | 21 +++++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/.github/workflows/core.yaml b/.github/workflows/core.yaml
index 7addece4a..f6113780d 100644
--- a/.github/workflows/core.yaml
+++ b/.github/workflows/core.yaml
@@ -58,6 +58,40 @@ jobs:
             core/typechain/
           if-no-files-found: error
 
+  core-slither:
+    needs: [core-build]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: "core/.nvmrc"
+          cache: "yarn"
+          cache-dependency-path: "core/yarn.lock"
+
+      - name: Install Dependencies
+        run: yarn install --prefer-offline --frozen-lockfile
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+
+      - name: Install Slither
+        env:
+          SLITHER_VERSION: 0.9.6
+        run: pip3 install slither-analyzer==$SLITHER_VERSION
+
+      - name: Download Build Artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: core-build
+          path: core/
+
+      - name: Run Slither
+        run: slither --hardhat-ignore-compile .
+
   core-test:
     needs: [core-build]
     runs-on: ubuntu-latest
diff --git a/README.md b/README.md
index de2f62834..df7d13b8b 100644
--- a/README.md
+++ b/README.md
@@ -34,3 +34,24 @@ pre-commit run --all-files
 # Execute hooks for specific files (e.g. Acre.sol):
 pre-commit run --files ./core/contracts/Acre.sol
 ```
+
+### Slither
+
+[Slither](https://github.com/crytic/slither) is a static analysis framework used
+for Solidity contracts verification.
+
+#### Install
+
+To install Slither execute:
+
+```sh
+pip3 install slither-analyzer
+```
+
+#### Usage
+
+To run Slither execute:
+
+```sh
+slither .
+```

From c580717aa429c547735e1abdecdeca1274253fa9 Mon Sep 17 00:00:00 2001
From: Jakub Nowakowski <jakub.nowakowski@thesis.co>
Date: Fri, 24 Nov 2023 00:10:43 +0100
Subject: [PATCH 2/2] Exclude slither's detectors

---
 core/slither.config.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/slither.config.json b/core/slither.config.json
index 684a9b7cb..fed211ee1 100644
--- a/core/slither.config.json
+++ b/core/slither.config.json
@@ -1,4 +1,5 @@
 {
+  "detectors_to_exclude": "assembly,naming-convention,timestamp,pragma,solc-version",
   "hardhat_artifacts_directory": "build",
   "filter_paths": "node_modules/.*"
 }