/M-Pro

Mythril Classic: Security analysis tool for Ethereum smart contracts

Primary LanguageHTMLMIT LicenseMIT

This project is no longer maintained

Mythril Pro

Mythril Pro is developed based on original Mythril-Classic symbolic engine, utilizing storage dependency analysis to prioritize path executions and prune unnecessary search spaces. Mythril Pro is significantly more efficient and scalable, while producing exactly the same result as Mythril-Classic.

Installation and setup

Prerequisite

See the Wiki to install required dependencies.

You can use solc-select to quickly switch between Solidity compiler versions

Note: do not run 'pip3 install mythril' in this step, as this command installs the original Mythril-Classic.

$ pip3 install mythril 

Mythril Pro also requires a slightly modified version of Slither to analyze state variable dependencies.

Using Git

To install the modified version of Slither:

$ git clone https://github.com/QuanZhang-William/slither.git && cd slither
$ pip3 install . 

To install Mythril Pro:

$ git clone https://github.com/QuanZhang-William/M-Pro.git && cd M-Pro
$ pip3 install . 

Get the RawOnly branch:

$ git checkout RawOnly
$ pip3 install . 

To Run the Tool:

navigate to directory M-Pro

python3 myth -w <contract address> 

Mythril Pro additional usage

Mythril Pro supports all functionalities and configuration flags of Mythril-Classic, with the following additional features:

To analyze a smart contract with branching heuristic enabled:

$ myth -w <smart contract file>

Example:

$ myth -w solidity_examples/calls.sol

To generate CFG with with branching heuristic enabled:

$ myth --sgraph <output file> <smart contract file>

Example:

$ myth --sgraph output.html solidity_examples/calls.sol

Mythril Classic

Discord PyPI Master Build Status Waffle.io - Columns and their card count Sonarcloud - Maintainability Downloads

Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities.

Whether you want to contribute, need support, or want to learn what we have cooking for the future, our Discord server will serve your needs.

Oh and by the way, we're also building an easy-to-use security analysis platform called MythX that integrates seamlessly with Truffle, Visual Studio Code, Github and other environments. If you're looking for tooling to plug into your SDLC you should check it out.

Installation and setup

Get it with Docker:

$ docker pull mythril/myth

Install from Pypi:

$ pip3 install mythril

See the Wiki for more detailed instructions.

Usage

Instructions for using Mythril Classic are found on the Wiki.

For support or general discussions please join the Mythril community on Discord.

Vulnerability Remediation

Visit the Smart Contract Vulnerability Classification Registry to find detailed information and remediation guidance for the vulnerabilities reported.