Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
mythril/security_checks.md

2.2 KiB

Smart Contract Security Issues

Issue Description Mythril Detection Module(s) References
Unprotected functions Critical functions such as sends with non-zero value or suicide() calls are callable by anyone, or msg.sender is compared against an address in storage that can be written to. E.g. Parity wallet bugs. unchecked_suicide, ether_send
Missing check on CALL return value unchecked_retval Handle errors in external calls
Re-entrancy call to untrusted contract with gas
Multiple sends in a single transaction External calls can fail accidentally or deliberately. Avoid combining multiple send() calls in a single transaction. Favor pull over push for external calls¶
Function call to untrusted contract call to untrusted contract with gas
Delegatecall or callcode to untrusted contract delegatecall_forward, delegatecall_to_dynamic.py
Integer overflow/underflow integer_underflow
Type confusion
Predictable RNG
Transaction order dependence
Timestamp dependence
Information exposure
Payable transaction does not revert in case of failure
Call depth attack