Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
mythril/security_checks.md

2.6 KiB

Smart Contract Security Issues

Issue Description Mythril Detection Module(s) References
Unprotected functions Critical functions such as sends with non-zero value or suicide() calls are callable by anyone, or msg.sender is compared against an address in storage that can be written to. E.g. Parity wallet bugs. unchecked_suicide, ether_send
Missing check on CALL return value unchecked_retval Handle errors in external calls
Re-entrancy call to untrusted contract with gas
Multiple sends in a single transaction External calls can fail accidentally or deliberately. Avoid combining multiple send() calls in a single transaction. Favor pull over push for external calls
Function call to untrusted contract call to untrusted contract with gas
Delegatecall or callcode to untrusted contract delegatecall_forward, delegatecall_to_dynamic.py
Integer overflow/underflow integer_underflow, Integer overflow
Timestamp dependence
Payable transaction does not revert in case of failure
Call depth attack
Use of tx.origin tx_origin Solidity documentation, Avoid using tx.origin
Type confusion
Predictable RNG weak_random
Transaction order dependence
Information exposure