Awesome MythX Smart Contract Security Tools

MythX is a smart contract security analysis API that supports Ethereum, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses static analysis, symbolic execution and input fuzzing to detect security bugs and verify the correctness of smart contract code. This is a curated list of developer tools and resources related to MythX.

IDEs with MythX support

• Remix IDE - Activate the "MythX Security Verification" module in plugin manager (Howto)
• MythX Plugin for Truffle - Security verification plugin for the Truffle Framework
• MythX for VS Code - MythX Extension for Visual Studio Code
• Brownie - Python framework for Ethereum smart contract deployment (native integration)
• MythX Plugin for Embark - Security verification plugin for Status Embark by Flex Dapps
• Truffle Sca2t - Smart contract audit assistant (generates Mocha test files for CI)

Command-line tools

• MythX CLI - Official command-line tool maintained by the MythX team
• Sabre - Security analyzer for Solidity smart contracts written in JavaScript

Continuous integration howtos

• Setting up MythX in CircleCI
• Setting up MythX in Travis CI
• MythX in CI DIY Guide

Support and documentation

• MythX CLI Docs
• MythX Developer and User Guide
• MythX Community Discord

Language bindings

• MythXJS - MythX JavaScript library
• PythX - A Python library for the MythX platform

Articles, papers and videos

Webinars

• Using MythX in Smart Contract Development (January 2020)
• Validating Smart Contract Correctness (April 2020)
• Using the MythX Command Line Client in CI (May 2020)

Presentation Videos

• The Ether Wars (DEFCON 27)
• Smashing Smart Contracts (HITB GSEC 2018)
• Advances in Smart Contract Vulnerability Detection (EthBerlin 2019)
• Detecting DeFi Composability Bugs (EthCC 2020)
• Detecting DeFi Bugs and Arbitrage Opportunities Using Symbolic Execution (Parallele Polis 2020)

MythX bug detection and property checking

• Detecting Generic Smart Contract Vulnerabilities with MythX (Medium)
• Checking Custom Security Properties with the MythX Plugin for Remix (Medium)
• Catching Weird Security Bugs with Contract Invariants (Medium)
• Checking Custom Correctness Properties of Smart Contracts Using the AssertionFailed Event (Medium)
• The Tech Behind MythX (MythX blog)

Symbolic execution / Mythril

• Intro to Symbolic Execution in Mythril (Medium)
• Smashing Smart Contracts (HITB GSEC 2018 / PDF)
• Advances in Smart Contract Vulnerability Detection (DEFCON 27 / PDF)
• Multi-contract bug detection with Mythril (Medium)

Grey-box fuzzing / Harvey

• Harvey Greybox Fuzzing Article Series (Medium)
• Fuzzing Smart Contracts Using Input Prediction (Medium)
• Fuzzing Smart Contracts Using Multiple Transactions (Medium)
• Detecting Reentrancy Issues in Smart Contracts Using Fuzzing (Medium)
• Targeted fuzzing using static lookahead analysis: how to guide fuzzers using online static analysis (MythX blog)
• Learning Inputs in Greybox Fuzzing (arXiv)
• Harvey: A Greybox Fuzzer for Smart Contracts (arXiv)
• Targeted Greybox Fuzzing with Static Lookahead Analysis (ICSE 2020)

Other

• Practical Mutation Testing in Smart Contracts (Springer)