chore: add slither config

.gitignore

@@ -12,3 +12,7 @@ docs/
 
 # Dotenv file
 .env
+
+# Local development dependencies
+dev/node_modules/
+dev/.venv/

README.md

@@ -6,7 +6,6 @@ This project is meant to be used as a templated during the creation of new Githu
 
 It will contain some useful configuration files and scripts, that can be used also with existing projects (manually copied).
 
-
 ## Usage
 
 ### Build
@@ -27,6 +26,32 @@ forge test
 forge fmt
 ```
 
+### Local tooling
+
+Solhint and Slither are pinned as local development dependencies under `dev/`.
+Install them with:
+
+```shell
+npm install --prefix dev
+python -m venv dev/.venv
+dev/.venv/bin/pip install -r dev/requirements.txt
+```
+
+Use the local binaries when running these tools:
+
+```shell
+dev/node_modules/.bin/solhint --version
+dev/.venv/bin/slither --version
+```
+
+### Slither
+
+Slither uses the pinned local Python dependency and checks contracts under `src` by default:
+
+```shell
+dev/.venv/bin/slither src --config-file slither.config.json
+```
+
 ### Gas Snapshots
 
 ```shell
@@ -44,18 +69,18 @@ forge script script/Counter.s.sol:CounterScript --rpc-url <your_rpc_url> --priva
 The following operations need to be performed after this repository has been created.
 
 - [ ] In GitHub repo settings:
-    - [ ] Add a new ruleset called "Protected branches" and include the following changes:
-        - Enforcement status: active
-        - Target branches: Include default branch
-        - Require linear history
-        - Require a pull request before merging
-          - Required approvals: 1
-          - Allowed merge methods: Squash
-        - Block force pushes
-    - [ ] In General → Features → Pull requests:
-        - Select "Pull request title and description" in "Default commit message" option
-        - Unckeck "Allow merge commits" option
-        - Check "Allow auto-merge" option
+  - [ ] Add a new ruleset called "Protected branches" and include the following changes:
+    - Enforcement status: active
+    - Target branches: Include default branch
+    - Require linear history
+    - Require a pull request before merging
+      - Required approvals: 1
+      - Allowed merge methods: Squash
+    - Block force pushes
+  - [ ] In General → Features → Pull requests:
+    - Select "Pull request title and description" in "Default commit message" option
+    - Unckeck "Allow merge commits" option
+    - Check "Allow auto-merge" option
 - [ ] Run `forge install` to install the dependencies. This will create a new `foundry.lock` file which you should commit to the project
 - [ ] Make sure you use the [latest version of Solidity](https://github.com/argotorg/solidity/releases) by updating the `solc` version in `foundry.toml`
-- [ ] Once all entries in this list are checked, delete this section from the readme
+- [ ] Once all entries in this list are checked, delete this section from the readme

dev/requirements.txt

@@ -0,0 +1 @@
+slither-analyzer==0.11.5

slither.config.json

@@ -0,0 +1,4 @@
+{
+  "detectors_to_exclude": "solc-version",
+  "filter_paths": "(lib/|test/|script/)"
+}