mythril/README.md

# Mythril

<p align="center">
	<img src="/static/mythril_new.png" height="320px"/>
</p>

[![Discord](https://img.shields.io/discord/481002907366588416.svg)](https://discord.gg/E3YrVtG)
[![PyPI](https://badge.fury.io/py/mythril.svg)](https://pypi.python.org/pypi/mythril)
[![Read the Docs](https://readthedocs.org/projects/mythril-classic/badge/?version=master)](https://mythril-classic.readthedocs.io/en/master/)
![Master Build Status](https://img.shields.io/circleci/build/github/ConsenSys/mythril.svg?token=97124ecfaee54366859cae98b5dafc0714325f8b)
[![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril)
[![Pypi Installs](https://pepy.tech/badge/mythril)](https://pepy.tech/project/mythril)
[![DockerHub Pulls](https://img.shields.io/docker/pulls/mythril/myth.svg?label=DockerHub&nbsp;Pulls)](https://cloud.docker.com/u/mythril/repository/docker/mythril/myth)

Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities. It's also used (in combination with other tools and techniques) in the [MythX](https://mythx.io) security analysis platform.

If you are a smart contract developer, we recommend using [MythX tools](https://github.com/b-mueller/awesome-mythx-smart-contract-security-tools) which are optimized for usability and cover a wider range of security issues.

Whether you want to contribute, need support, or want to learn what we have cooking for the future, our [Discord server](https://discord.gg/E3YrVtG) will serve your needs.

## Installation and setup

Get it with [Docker](https://www.docker.com):

```bash
$ docker pull mythril/myth
```

Install from Pypi:

```bash
$ pip3 install mythril
```

See the [docs](https://mythril-classic.readthedocs.io/en/master/installation.html) for more detailed instructions. 

## Usage

Run:

```
$ myth analyze <solidity-file>
```

Or:

```
$ myth analyze -a <contract-address>
```

Specify the maximum number of transaction to explore with `-t <number>`. You can also set a timeout with `--execution-timeout <seconds>`. Example ([source code](https://gist.github.com/b-mueller/2b251297ce88aa7628680f50f177a81a#file-killbilly-sol)):

```
> myth a killbilly.sol -t 3
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: KillBilly
Function name: commencekilling()
PC address: 354
Estimated Gas Usage: 574 - 999
The contract can be killed by anyone.
Anyone can kill this contract and withdraw its balance to an arbitrary address.
--------------------
In file: killbilly.sol:22

selfdestruct(msg.sender)

--------------------
Transaction Sequence:

Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0
Caller: [ATTACKER], function: killerize(address), txdata: 0x9fa299ccbebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0
Caller: [ATTACKER], function: activatekillability(), txdata: 0x84057065, value: 0x0
Caller: [ATTACKER], function: commencekilling(), txdata: 0x7c11da20, value: 0x0
```


Instructions for using Mythril are found on the [docs](https://mythril-classic.readthedocs.io/en/master/). 

For support or general discussions please join the Mythril community on [Discord](https://discord.gg/E3YrVtG).

## Building the Documentation
Mythril's documentation is contained in the `docs` folder and is published to [Read the Docs](https://mythril-classic.readthedocs.io/en/develop/). It is based on Sphinx and can be built using the Makefile contained in the subdirectory:

```
cd docs
make html
```

This will create a `build` output directory containing the HTML output. Alternatively, PDF documentation can be built with `make latexpdf`. The available output format options can be seen with `make help`.

## Vulnerability Remediation

Visit the [Smart Contract Vulnerability Classification Registry](https://swcregistry.io/) to find detailed information and remediation guidance for the vulnerabilities reported.
Mythril Classic -> Mythril 6 years ago			`# Mythril`
Re-branding :) 6 years ago
			`<p align="center">`
			`<img src="/static/mythril_new.png" height="320px"/>`
			`</p>`

Update README.md 6 years ago			`[![Discord](https://img.shields.io/discord/481002907366588416.svg)](https://discord.gg/E3YrVtG)`
Update README.md 7 years ago			`[![PyPI](https://badge.fury.io/py/mythril.svg)](https://pypi.python.org/pypi/mythril)`
Change badge for docs 6 years ago			`[![Read the Docs](https://readthedocs.org/projects/mythril-classic/badge/?version=master)](https://mythril-classic.readthedocs.io/en/master/)`
Change the build branch for flag 6 years ago			`![Master Build Status](https://img.shields.io/circleci/build/github/ConsenSys/mythril.svg?token=97124ecfaee54366859cae98b5dafc0714325f8b)`
Add sonarcloud to the readme 6 years ago			`[![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril)`
Fix badges (2) 6 years ago			`[![Pypi Installs](https://pepy.tech/badge/mythril)](https://pepy.tech/project/mythril)`
Another fix of the previous commit 6 years ago			`[![DockerHub Pulls](https://img.shields.io/docker/pulls/mythril/myth.svg?label=DockerHub Pulls)](https://cloud.docker.com/u/mythril/repository/docker/mythril/myth)`
Add pixelated axe 7 years ago
Fixing a typo in README (#1363) 5 years ago			`Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities. It's also used (in combination with other tools and techniques) in the [MythX](https://mythx.io) security analysis platform.`
Update README.md 6 years ago
Update urls (#1345) 5 years ago			`If you are a smart contract developer, we recommend using [MythX tools](https://github.com/b-mueller/awesome-mythx-smart-contract-security-tools) which are optimized for usability and cover a wider range of security issues.`
Update README.md 6 years ago
Update README.md 6 years ago			`Whether you want to contribute, need support, or want to learn what we have cooking for the future, our [Discord server](https://discord.gg/E3YrVtG) will serve your needs.`
Update README.md 6 years ago
Update README.md 7 years ago			`## Installation and setup`
Create README.md 7 years ago
Few extra updates of CI/CD config and Docker releases 7 years ago			`Get it with [Docker](https://www.docker.com):`
Update README 7 years ago
			```bash
Few extra updates of CI/CD config and Docker releases 7 years ago			`$ docker pull mythril/myth`
Update README 7 years ago			```

Update README.md 7 years ago			`Install from Pypi:`
Create README.md 7 years ago
			```bash
Update README.md 7 years ago			`$ pip3 install mythril`
Fix messed-up formatting 6 years ago			```
Create README.md 7 years ago
Update wiki links to Read the Docs links 5 years ago			`See the [docs](https://mythril-classic.readthedocs.io/en/master/installation.html) for more detailed instructions.`
CODE: LevelDB support Submission #252303 by N1k1tung to the challenge https://www.topcoder.com/challenges/30063861 7 years ago
Update README.md 7 years ago			`## Usage`
CODE: LevelDB support Submission #252303 by N1k1tung to the challenge https://www.topcoder.com/challenges/30063861 7 years ago
Update README.md 5 years ago			`Run:`

			```
			`$ myth analyze <solidity-file>`
			```

			`Or:`

			```
			`$ myth analyze -a <contract-address>`
			```

Update README.md 5 years ago			Specify the maximum number of transaction to explore with `-t <number>`. You can also set a timeout with `--execution-timeout <seconds>`. Example ([source code](https://gist.github.com/b-mueller/2b251297ce88aa7628680f50f177a81a#file-killbilly-sol)):
Update README.md 5 years ago
			```
Update README.md 5 years ago			`> myth a killbilly.sol -t 3`
Update README.md 5 years ago			`==== Unprotected Selfdestruct ====`
			`SWC ID: 106`
			`Severity: High`
			`Contract: KillBilly`
			`Function name: commencekilling()`
Update README.md 5 years ago			`PC address: 354`
			`Estimated Gas Usage: 574 - 999`
Update README.md 5 years ago			`The contract can be killed by anyone.`
			`Anyone can kill this contract and withdraw its balance to an arbitrary address.`
			`--------------------`
			`In file: killbilly.sol:22`

			`selfdestruct(msg.sender)`

			`--------------------`
			`Transaction Sequence:`

			`Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0`
Update README.md 5 years ago			`Caller: [ATTACKER], function: killerize(address), txdata: 0x9fa299ccbebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0`
			`Caller: [ATTACKER], function: activatekillability(), txdata: 0x84057065, value: 0x0`
Update README.md 5 years ago			`Caller: [ATTACKER], function: commencekilling(), txdata: 0x7c11da20, value: 0x0`
			```


Update wiki links to Read the Docs links 5 years ago			`Instructions for using Mythril are found on the [docs](https://mythril-classic.readthedocs.io/en/master/).`
CODE: LevelDB support Submission #252303 by N1k1tung to the challenge https://www.topcoder.com/challenges/30063861 7 years ago
Update Discord links 6 years ago			`For support or general discussions please join the Mythril community on [Discord](https://discord.gg/E3YrVtG).`
Update README.md 6 years ago
Fix typo in README 5 years ago			`## Building the Documentation`
Use docs from develop 3 years ago			Mythril's documentation is contained in the `docs` folder and is published to [Read the Docs](https://mythril-classic.readthedocs.io/en/develop/). It is based on Sphinx and can be built using the Makefile contained in the subdirectory:
Add documentation guide to readme 6 years ago
			```
			`cd docs`
			`make html`
			```

			This will create a `build` output directory containing the HTML output. Alternatively, PDF documentation can be built with `make latexpdf`. The available output format options can be seen with `make help`.

Update README.md 6 years ago			`## Vulnerability Remediation`

Update urls (#1345) 5 years ago			`Visit the [Smart Contract Vulnerability Classification Registry](https://swcregistry.io/) to find detailed information and remediation guidance for the vulnerabilities reported.`