Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Nikhil Parasaram ca0edd6208
Handle CRLF line endings (#1637)
3 years ago
.circleci Fix issue with PluginSkipState (#1620) 3 years ago
.github/ISSUE_TEMPLATE swc_id -> swc-id 6 years ago
docs fixed module links in documentation (#1622) 3 years ago
mypy-stubs/z3 Add more precompile tests (#1576) 3 years ago
mythril Handle CRLF line endings (#1637) 3 years ago
solidity_examples Fix merge conflicts 6 years ago
static Rename logo file 6 years ago
tests Handle CRLF line endings (#1637) 3 years ago
.drone.yml Stop Edelweiss temporarily (#1593) 3 years ago
.editorconfig An extra newline was being added by the editor 7 years ago
.gitattributes Add highlight for solidity files (#732) 6 years ago
.gitignore Mock leveldb and fire_lasers tests 6 years ago
.pre-commit-config.yaml Add more precompile tests (#1576) 3 years ago
CONTRIBUTING.md Fix some minor typos (#1003) 6 years ago
Dockerfile Removes pyethereum Dependencies and leveldb libraries (#1555) 3 years ago
LICENSE Update LICENSE (#1585) 3 years ago
MANIFEST.in Use requirements in setup (#1564) 3 years ago
README.md dead link (#1616) 3 years ago
all_tests.sh Remove solc version check in tests 5 years ago
coverage_report.sh Use xml coverage report 6 years ago
docker_build_and_deploy.sh use more secure approach to call docker (#1614) 3 years ago
myth Handle cases with symbolic bytecode (#1581) 3 years ago
requirements.txt Unrestrict z3 to 4.8.15.0 (#1608) 3 years ago
setup.py Use requirements in setup (#1564) 3 years ago
tox.ini Handle changes in allow-paths in solc versions 0.8.8+ (#1584) 3 years ago

README.md

Mythril

Discord PyPI Read the Docs Master Build Status Sonarcloud - Maintainability Pypi Installs DockerHub Pulls

Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities. It's also used (in combination with other tools and techniques) in the MythX security analysis platform.

If you are a smart contract developer, we recommend using MythX tools which are optimized for usability and cover a wider range of security issues.

Whether you want to contribute, need support, or want to learn what we have cooking for the future, our Discord server will serve your needs.

Installation and setup

Get it with Docker:

$ docker pull mythril/myth

Install from Pypi:

$ pip3 install mythril

See the docs for more detailed instructions.

Usage

Run:

$ myth analyze <solidity-file>

Or:

$ myth analyze -a <contract-address>

Specify the maximum number of transaction to explore with -t <number>. You can also set a timeout with --execution-timeout <seconds>.

> myth a killbilly.sol -t 3
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: KillBilly
Function name: commencekilling()
PC address: 354
Estimated Gas Usage: 574 - 999
The contract can be killed by anyone.
Anyone can kill this contract and withdraw its balance to an arbitrary address.
--------------------
In file: killbilly.sol:22

selfdestruct(msg.sender)

--------------------
Transaction Sequence:

Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0
Caller: [ATTACKER], function: killerize(address), txdata: 0x9fa299ccbebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0
Caller: [ATTACKER], function: activatekillability(), txdata: 0x84057065, value: 0x0
Caller: [ATTACKER], function: commencekilling(), txdata: 0x7c11da20, value: 0x0

Instructions for using Mythril are found on the docs.

For support or general discussions please join the Mythril community on Discord.

Building the Documentation

Mythril's documentation is contained in the docs folder and is published to Read the Docs. It is based on Sphinx and can be built using the Makefile contained in the subdirectory:

cd docs
make html

This will create a build output directory containing the HTML output. Alternatively, PDF documentation can be built with make latexpdf. The available output format options can be seen with make help.

Vulnerability Remediation

Visit the Smart Contract Vulnerability Classification Registry to find detailed information and remediation guidance for the vulnerabilities reported.