Awesome MythX Smart Contract Security Tools
MythX is a smart contract security analysis API that supports Ethereum, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses static analysis, symbolic execution and input fuzzing to detect security bugs and verify the correctness of smart contract code. This is a curated list of developer tools and resources related to MythX.
IDEs with MythX support
- Remix IDE - Activate the "MythX Security Verification" module in plugin manager (Howto)
- MythX Plugin for Truffle - Security verification plugin for the Truffle Framework
- MythX for VS Code - MythX Extension for Visual Studio Code
- Brownie - Python framework for Ethereum smart contract deployment (native integration)
- MythX Plugin for Embark - Security verification plugin for Status Embark by Flex Dapps
- Truffle Sca2t - Smart contract audit assistant (generates Mocha test files for CI)
Command-line tools
- MythX CLI - Official command-line tool maintained by the MythX team
- Sabre - Security analyzer for Solidity smart contracts written in JavaScript
Continuous integration howtos
Support and documentation
Language bindings
Articles, papers and videos
Webinars
- Using MythX in Smart Contract Development (January 2020)
- Validating Smart Contract Correctness (April 2020)
- Using the MythX Command Line Client in CI (May 2020)
Presentation Videos
- The Ether Wars (DEFCON 27)
- Smashing Smart Contracts (HITB GSEC 2018)
- Advances in Smart Contract Vulnerability Detection (EthBerlin 2019)
- Detecting DeFi Composability Bugs (EthCC 2020)
- Detecting DeFi Bugs and Arbitrage Opportunities Using Symbolic Execution (Parallele Polis 2020)
MythX bug detection and property checking
- Detecting Generic Smart Contract Vulnerabilities with MythX (Medium)
- Checking Custom Security Properties with the MythX Plugin for Remix (Medium)
- Catching Weird Security Bugs with Contract Invariants (Medium)
- Checking Custom Correctness Properties of Smart Contracts Using the AssertionFailed Event (Medium)
- The Tech Behind MythX (MythX blog)
Symbolic execution / Mythril
- Intro to Symbolic Execution in Mythril (Medium)
- Smashing Smart Contracts (HITB GSEC 2018 / PDF)
- Advances in Smart Contract Vulnerability Detection (DEFCON 27 / PDF)
- Multi-contract bug detection with Mythril (Medium)
Grey-box fuzzing / Harvey
- Harvey Greybox Fuzzing Article Series (Medium)
- Fuzzing Smart Contracts Using Input Prediction (Medium)
- Fuzzing Smart Contracts Using Multiple Transactions (Medium)
- Detecting Reentrancy Issues in Smart Contracts Using Fuzzing (Medium)
- Targeted fuzzing using static lookahead analysis: how to guide fuzzers using online static analysis (MythX blog)
- Learning Inputs in Greybox Fuzzing (arXiv)
- Harvey: A Greybox Fuzzer for Smart Contracts (arXiv)
- Targeted Greybox Fuzzing with Static Lookahead Analysis (ICSE 2020)