Introduction:
Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis detect a variety of security vulnerabilities.
Install:
- install with docker:
1 | docker pull mythril/myth |
- install from Pypi:
1 | pip3 install mythril |
Use:
- Command:
1 | myth analyze <solidity-file> |
Analysis Modules:
The delegatecall module detects SWC-112 (DELEGATECALL to Untrusted Callee).
The predictable variables module detects SWC-120 (Weak Randomness) and SWC-116 (Timestamp Dependence).
The deprecated opcodes module detects SWC-111 (Use of Deprecated Functions).
The Ether Thief module detects SWC-105 (Unprotected Ether Withdrawal).
The exceptions module detects SWC-110 (Assert Violation).
The external calls module warns about SWC-117 (Reentrancy) by detecting calls to external contracts.
The integer module detects SWC-101 (Integer Overflow and Underflow).
The multiple sends module detects SWC-113 (Denial of Service with Failed Call) by checking for multiple calls or sends in a single transaction.
The suicide module detects SWC-106 (Unprotected SELFDESTRUCT).
The state change external calls module detects SWC-107 (Reentrancy) by detecting state change after calls to an external contract.
The unchecked retval module detects SWC-104 (Unchecked Call Return Value).
The user supplied assertion module detects SWC-110 (Assert Violation) for user-supplied assertions. User supplied assertions should be log messages of the form: emit AssertionFailed(string)
.
The arbitrary storage write module detects SWC-124 (Write to Arbitrary Storage Location).
Analyzing On-Chain Contracts:
In order to authenticate with the MythX API, set the environment variables
MYTHX_PASSWORD
andMYTHX_ETH_ADDRESS
.Analyzing a mainnet contract via INFURA:
1 | myth pro -a 0x5c436ff914c458983414019195e0f4ecbef9e6dd |
- Adding the
-l
flag will cause mythril to automatically retrieve dependencies, such as dynamically linked library contracts:
1 | myth -v4 pro -l -a 0xEbFD99838cb0c132016B9E117563CB41f2B02264 |