Skip to content
CLI client for the MythX API
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Setup test framework (#29) Mar 29, 2019
.github/ISSUE_TEMPLATE Update issue templates Apr 3, 2019
.vscode Remove launch.json from repo May 17, 2019
bin Clean commit Feb 28, 2019
src Update May 17, 2019
test Update test May 17, 2019
.editorconfig Clean commit Feb 28, 2019
.gitignore Add launch.json to ignore list May 17, 2019
README.md Add changes for 0.9.0 May 17, 2019
output.txt Clean commit Feb 28, 2019
package.json
tsconfig.json Clean commit Feb 28, 2019
tslint.json Clean commit Feb 28, 2019
yarn.lock Update May 17, 2019

README.md

mythos

A CLI client for MythX

oclif Version Downloads Codacy Badge License: MIT CircleCI Discord

Installation

Install globally using:

$ npm -g install @cleanunicorn/mythos

Usage

Use this to scan Solidity source code.

You need to provide your MythX address and password.

As an env variable:

$ export MYTHX_ETH_ADDRESS='mythxEthAddress'
$ export MYTHX_PASSWORD='mythxPassword'
$ mythos analyze ./contract.sol Contract

Or as flags:

$ mythos analyze ./contract.sol Contract \
  --mythxEthAddress=mythxEthAddress \
  --mythxPassword=mythxPassword

Example:

$ mythos analyze no-pragma.sol NoPragma

Reading contract no-pragma.sol... done
Compiling with Solidity version: latest
 ›   Warning: no-pragma.sol:1:1: Warning: Source file does not specify required compiler version! Consider adding "pragma solidity ^0.5.7;"
 ›   contract NoPragma {
 ›   ^ (Relevant source part starts here and spans across multiple lines).

Compiling contract no-pragma.sol... done
Analyzing contract NoPragma... done

UUID: 9350d5c4-b89f-43ef-b1f7-48840fee8a02
API Version: v1.4.12
Harvey Version: 0.0.16
Maestro Version: 1.2.6
Maru Version: 0.4.2
Mythril Version: 0.20.3

Report found 2 issues
Meta:
Covered instructions: 40
Covered paths: 4
Selected compiler version: v0.4.25

Title: (SWC-106) Unprotected SELFDESTRUCT Instruction
Severity: High
Head: The contract can be killed by anyone.
Description: Anyone can kill this contract and withdraw its balance to an arbitrary address.
Source code:

no-pragma.sol 3:8
--------------------------------------------------
selfdestruct(msg.sender)
--------------------------------------------------

==================================================

Title: (SWC-103) Floating Pragma
Severity: Medium
Head: No pragma is set.
Description: It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently no version is set in the Solidity file.
Source code:

no-pragma.sol 1:0
--------------------------------------------------

--------------------------------------------------

==================================================

Done

Basic usage

$ npm install -g @cleanunicorn/mythos
$ mythos COMMAND
running command...
$ mythos (-v|--version|version)
@cleanunicorn/mythos/0.9.0 linux-x64 node-v11.15.0
$ mythos --help [COMMAND]
USAGE
  $ mythos COMMAND
...

Commands

mythos analyze CONTRACTFILE CONTRACTNAME

Scan a smart contract with MythX API

USAGE
  $ mythos analyze CONTRACTFILE CONTRACTNAME

ARGUMENTS
  CONTRACTFILE  Contract file to scan
  CONTRACTNAME  Contract name

OPTIONS
  -h, --help                         show CLI help

  --analysisMode=analysisMode        [default: quick] Define the analysis mode when requesting a scan. Choose one from:
                                     quick, full.

  --mythxEthAddress=mythxEthAddress  (required)

  --mythxPassword=mythxPassword      (required)

  --solcVersion=solcVersion          Solidity version to use when compiling (example: 0.4.21). If none is specified it
                                     will try to identify the version from the source code.

  --timeout=timeout                  [default: 180] How many seconds to wait for the result

See code: src/commands/analyze.ts

mythos get-analysis UUID

Retrieve analysis results scanned with MythX API

USAGE
  $ mythos get-analysis UUID

ARGUMENTS
  UUID  uuid to retrive analysis results

OPTIONS
  -h, --help                         show CLI help
  --mythxEthAddress=mythxEthAddress  (required)
  --mythxPassword=mythxPassword      (required)

See code: src/commands/get-analysis.ts

mythos help [COMMAND]

display help for mythos

USAGE
  $ mythos help [COMMAND]

ARGUMENTS
  COMMAND  command to show help for

OPTIONS
  --all  see all commands in CLI

See code: @oclif/plugin-help

Changelog

  • 0.9.0

    • Update to new armlet version and to new API changes
  • 0.8.1

    • Fix off by one source mapping
  • 0.8.0

    • Fix file name when running get-analysis to save response as issues-${uuid}.json
    • Make compilation errors more obvious
    • Display more information from report: compiler version used, API versions, SWC-ID, report's UUID
    • Display clear error when incorrect contract name is specified
    • Display compilation warnings
  • 0.7.0

    • Send the AST when requesting an analysis
  • 0.6.0

    • Fix external lib import, it sends the library information to MythX
    • Dump issues in a file as issues-[uuid].json for easy manual inspection
  • 0.5.2

    • Setup automatic tests
  • 0.5.1

    • Fix dynamic linking issue (thanks to @eswarasai).
  • 0.5.0

    • Automatically import other files (thanks to @eswarasai).
    • Fix minor issue when picking Solidty version (thanks to @eswarasai).
    • Fix issue count (thanks to @tagomaru).
  • 0.4.1

    • Update npm dependencies
  • 0.4.0

    • Correctly pick solidity version when an interval is set (thanks to @nanspro).
    • Add get-analysis command to retrieve a scanned result (thanks to @tagomaru).
    • Fix displaying severity in output list.
  • 0.3.2

    • Display message on syntax error.
  • 0.3.1

    • Add Severity to output.
  • 0.3.0

    • Request different depths of analyses with --analysisMode can be full or quick.
    • Add changelog.
  • 0.2.0

    • Stable version, first release.
You can’t perform that action at this time.