Awesome MythX Smart Contract Security Tools
MythX is a smart contract security analysis API for that supports Ethereum, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses static analysis, symbolic execution and input fuzzing to detect security bugs and verify the correctness of smart contract code. This is a curated list of developer tools and resources related to MythX.
IDEs with MythX support
- Remix IDE - Activate the "MythX Security Verification" module in plugin manager (Howto)
- MythX Plugin for Truffle - Security verification plugin for the Truffle Framework
- MythX for VS Code - MythX Extension for Visual Studio Code
- Brownie - Python framework for Ethereum smart contract deployment (native integration)
- MythX Plugin for Embark - Security verification plugin for Status Embark by Flex Dapps
- Truffle Sca2t - Smart contract audit assistant (generates Mocha test files for CI)
Command-line tools
- MythX CLI - Official command-line tool maintained by MythX the MythX team
- Sabre - JavaScript CLI for the MythX API
- Mythos - @ JavaScript client for the MythX API
Howtos
- Detecting Generic Smart Contract Vulnerabilities with MythX
- Checking Custom Security Properties with the MythX Plugin for Remix
- Checking Custom Correctness Properties of Smart Contracts Using the AssertionFailed Event
- Setting up MythX in CircleCI
- Setting up MythX in Travis CI
Support and documentation
Language bindings
Articles & papers
- The Tech Behind MythX
- Harvey Greybox Fuzzing Article Series
- Fuzzing Smart Contracts Using Input Prediction
- Fuzzing Smart Contracts Using Multiple Transactions
- Intro to Symbolic Execution in Mythril
- Learning Inputs in Greybox Fuzzing
- Smashing Smart Contracts (HITB GSEC 2018)
- Advances in Smart Contract Vulnerability Detection (DEFCON 27)
- Practical Mutation Testing in Smart Contracts
