Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Half of access-control bugs are not 'the modifier is wrong' but 'the function is public when nobody noticed'. Reachability analysis enumerates: for every state-changing function in the contract, which addresses can call it, under what conditions, with what arguments. Done systematically, it catches the 'I thought this was internal' class on the first pass.
Tools: Slither's function-summary printer dumps callers + permissions. Manual: grep -E 'function .* (public|external)' then for each, ask 'what's the gate?'. Most production bugs live in functions where the answer to that question is 'nothing'.
slither <repo> --print function-summary. Inspect the access matrix.Use these three in order. Each builds on the one before.
In one paragraph, explain reachability analysis for smart contracts.
Walk me through Slither's function-summary output.
Design a CI gate that fails when a previously-internal function becomes public.