Mythril
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Openzeppelin Contracts | 21,798 |  | 51 | 1,033 | a day ago | 63 | September 07, 2022 | 179 | mit | JavaScript |
| OpenZeppelin Contracts is a library for secure smart contract development. | ||||||||||
| Smart Contract Best Practices | 6,529 | 3 months ago | 22 | |||||||
| A guide to smart contract security best practices | ||||||||||
| Capstone | 6,266 | 2 | a day ago | 2 | April 12, 2022 | 349 | other | C | ||
| Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings. | ||||||||||
| Awesome Solidity | 5,801 | 4 days ago | 7 | |||||||
| ⟠ A curated list of awesome Solidity resources, libraries, tools and more | ||||||||||
| Meshbird | 3,446 | 2 months ago | January 30, 2016 | 12 | apache-2.0 | Go | ||||
| Distributed private networking | ||||||||||
| Manticore | 3,371 |  | 1 | 1 | 7 days ago | 723 | July 07, 2022 | 261 | agpl-3.0 | Python |
| Symbolic execution tool | ||||||||||
| Mythril | 3,083 | | 8 | 3 | 10 days ago | 292 | June 20, 2022 | 92 | mit | Python |
| Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. | ||||||||||
| Lighthouse | 2,269 | a day ago | 1 | December 29, 2021 | 274 | apache-2.0 | Rust | |||
| Ethereum consensus client in Rust | ||||||||||
| Echidna | 2,014 | a day ago | 129 | agpl-3.0 | Solidity | |||||
| Ethereum smart contract fuzzer | ||||||||||
| Awesome Ethereum Security | 1,073 | 2 months ago | 19 | cc-by-4.0 | ||||||
| A curated list of awesome Ethereum security references | ||||||||||
Mythril
Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities. It's also used (in combination with other tools and techniques) in the MythX security analysis platform.
If you are a smart contract developer, we recommend using MythX tools which are optimized for usability and cover a wider range of security issues.
Whether you want to contribute, need support, or want to learn what we have cooking for the future, our Discord server will serve your needs.
Installation and setup
Get it with Docker:
$ docker pull mythril/myth
Install from Pypi (Python 3.6-3.9):
$ pip3 install mythril
See the docs for more detailed instructions.
Usage
Run:
$ myth analyze <solidity-file>
Or:
$ myth analyze -a <contract-address>
Specify the maximum number of transaction to explore with -t <number>. You can also set a timeout with --execution-timeout <seconds>.
Here is an example of running Mythril on the file killbilly.sol which is in the solidity_examples directory for 3 transactions:
> myth a killbilly.sol -t 3
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: KillBilly
Function name: commencekilling()
PC address: 354
Estimated Gas Usage: 974 - 1399
Any sender can cause the contract to self-destruct.
Any sender can trigger execution of the SELFDESTRUCT instruction to destroy this contract account and withdraw its balance to an arbitrary address. Review the transaction trace generated for this issue and make sure that appropriate security controls are in place to prevent unrestricted access.
--------------------
In file: killbilly.sol:22
selfdestruct(msg.sender)
--------------------
Initial State:
Account: [CREATOR], balance: 0x2, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x1001, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x0
Caller: [ATTACKER], function: killerize(address), txdata: 0x9fa299cc000000000000000000000000deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, decoded_data: ('0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef',), value: 0x0
Caller: [ATTACKER], function: activatekillability(), txdata: 0x84057065, value: 0x0
Caller: [ATTACKER], function: commencekilling(), txdata: 0x7c11da20, value: 0x0
Instructions for using Mythril are found on the docs.
For support or general discussions please join the Mythril community on Discord.
Building the Documentation
Mythril's documentation is contained in the docs folder and is published to Read the Docs. It is based on Sphinx and can be built using the Makefile contained in the subdirectory:
cd docs
make html
This will create a build output directory containing the HTML output. Alternatively, PDF documentation can be built with make latexpdf. The available output format options can be seen with make help.
Vulnerability Remediation
Visit the Smart Contract Vulnerability Classification Registry to find detailed information and remediation guidance for the vulnerabilities reported.
