Static analysis is a code analysis technique that attempts to discover issues by scanning the source code (as opposed to executing it). In smart contract development, static analysis tools scan code against definitions of commonly found security vulnerabilities (e.g., reentrancy vulnerability). The most popular free static analysis tool is [Slither](/codex/slither) by Trail of Bits. ### Linter A simple type of static analysis tool is a linter. Linters usually focus on highlighting style and code quality issues but Solidity linters can also usually pick up on bad security patterns. A popular Solidity linter is Solhint. ### Trade-offs **Pros** - Since static analyzers work on the source code itself and only scan for patterns, they usually are faster than dynamic analysis and formal verification tools and can even be run in continuous integration, - Static analyzers encode a wide variety of patterns and can be educational for developers, - As new types of vulnerabilities are discovered in the wild, they are usually introduced in static analysis tooling. **Cons** - Static analyzers can result in a lot of false positives due to limitations of pattern matching, - Unfortunately, static analyzers will usually not catch logic or specification errors as they have no understanding of user intent, - Usually cannot analyze code unless it can be compiled and conforms to the specific syntax tree that the static analyzer can recognize. ### When to use static analyzers Given their ease and speed of use, static analyzers should be used liberally in the development process. Even in the earliest stages of development, they can be used as a code style assessment tool and highlight bad patterns. Finally, running static analysis is an essential early step in smart contract audits. ### Novel Static Analyzers More static analyzers have appeared recently including: - [Solstat](https://github.com/0xKitsune/solstat) - [Pyrometer](https://github.com/nascentxyz/pyrometer)