search

Consensys / mythril

Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.
https://mythx.io/
MIT License
3.88k stars 741 forks source link

How many smart contract problems can Mythril detect? #1209

Closed xf97 closed 4 years ago

xf97 commented 5 years ago

Hello, I am a graduate student from Hohai University. I want to know how many smart contract problems Mythril can detect today. I haven't found any descriptions on the GitHub page or mythx. io website, so I'm asking you a question here. If I have omitted an existing description, please let me know. Sorry to disturb your life, I wish you a happy life.

norhh commented 5 years ago

Hi @xf97, the links below might be helpful. Problems which mythril detects --> https://mythril-classic.readthedocs.io/en/master/module-list.html Problems which MythX detects --> https://mythx.io/swc-coverage

xf97 commented 5 years ago

Thank you for your reply, which has helped me, and I wish you a happy life!

At 2019-09-12 14:58:26, "Nikhil Parasaram" notifications@github.com wrote:

Hi @xf97, the links below might be helpful. Problems which mythril detects --> https://mythril-classic.readthedocs.io/en/master/module-list.html Problems which MythX detects --> https://mythx.io/swc-coverage

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

xf97 commented 5 years ago

Excuse me, I haven't found any documents or papers describing Mythx and mythril detection methods and problem determination criteria. Could you tell me where I can get them?

At 2019-09-12 14:58:26, "Nikhil Parasaram" notifications@github.com wrote:

Hi @xf97, the links below might be helpful. Problems which mythril detects --> https://mythril-classic.readthedocs.io/en/master/module-list.html Problems which MythX detects --> https://mythx.io/swc-coverage

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

norhh commented 5 years ago

Mythril keeps changing dynamically, it currently doesn't have a paper which explains it's full working. MythX is closed source and it uses some other tools too like harvey(https://arxiv.org/pdf/1905.06944.pdf, but this tool changed a lot from the time this paper was published), Maru.

I think it should be possible to go through the analysis modules to understand how Mythril detects various vulnerabilities(https://github.com/ConsenSys/mythril/tree/develop/mythril/analysis/modules), If you have any query regarding the working you can message us on discord or simply message here.

xf97 commented 5 years ago

Hello, could I ask the difference between Mythril and Mythx?

norhh commented 5 years ago

MythX uses Mythril and other non open source tools like a static analysis tool- Maru and a greybox fuzzer- harvey, so it detects a wide range of vulnerabilities. You can look into here https://medium.com/consensys-diligence/the-tech-behind-mythx-smart-contract-security-analysis-32c849aedaef for more details

nbanmp commented 4 years ago

I will close this for now, as the question seems to be answered. If you have another question, feel free to open another issue.