Mythril is a security analysis tool for Ethereum smart contracts. It uses the [LASER-ethereum symbolic virtual machine](https://github.com/b-mueller/laser-ethereum) to detect [various types of issues](security_checks.md). Use it to analyze source code or as a nmap-style black-box blockchain scanner (an "ethermap" if you will).
- [Mythril](#mythril)
* [Installation and setup](#installation-and-setup)
+ [Calculating function hashes](#calculating-function-hashes)
+ [Function signatures](#function-signatures)
* [Credit](#credit)
## Installation and setup
Build the [Docker](https://www.docker.com) image:
@ -70,15 +89,13 @@ $ myth -xo json underflow.sol
The `json` format is useful for integration into other tools, while `-o markdown` creates a [human-readable report](static/sample_report.md).
### Analyzing a Truffle project
#### Analyzing a Truffle project
[Truffle Suite](http://truffleframework.com) is a popular development framework for Ethereum. To analyze the smart contracts in a Truffle project, change in the project root directory and make run `truffle compile` followed by `myth --truffle`.
### Working with contracts on the mainnet and testnets
When analyzing contracts on the blockchain, Mythril will by default query a local node via IPC. If you want to analyze contracts on the live Ethereum network, you can also use the built-in [INFURA](https://infura.io) support. Alternatively, you can override the RPC settings with the `--rpc` argument.
### Analyzing on-chain contracts
The RPC/IPC options are as follows:
When analyzing contracts on the blockchain, Mythril will by default query a local node via RPC. You can also use the built-in [INFURA](https://infura.io) support. Alternatively, you can override the RPC settings with the `--rpc` argument.
| Argument | Description | RPC URL |
| ------------- |:-------------:| ---- |
@ -89,7 +106,7 @@ The RPC/IPC options are as follows:
| `-rpc HOST:PORT` | Connect to local Ganache | http(s)://[HOST]:[PORT] |
| `--ipc` | Connect to local Ethereum node via IPC | - |
To analyze a mainnet contract from a local node, run: