Build an Awesome MythX Tool - Category IDEs and Code Editors

[thec00n]

About MythX

MythX is a security analysis API that allows anyone to create purpose-built security tools for smart contract developers. Our vision is that tools built on MythX integrate seamlessly into the development environments and help developers make their smart contract systems safer and more resilient.

The hackathon

In general the objective of the hackathon bounties is to build awesome MythX tools that either:

• Helps smart contract developers build more secure smart contracts
• Makes it easier for others to build MythX tools.

For each MythX Challenge Category, our judges will choose a 1st place winner who will receive 750 DAI, and a 2nd place Runner-Up who will receive 250 DAI. In addition there will be an overall MythX champion selected who will receive an additional 1000 DAI! Judges will be made up of members of the MythX team who will determine the winners based on the rules and guidelines of the Ethereal hackathon. The winners will be announced during Ethereal conference.

In addition, tools and services that integrate with MythX will also be eligible to join the MythX Nexus Partner Directory after the hackathon and receive a 25% revenue share on traffic their tools send to the MythX API service.

Instructions

Check out the documentation and samples:

• Developer Guide
• Libraries: Armlet, PythX
• Examples: Sabre, Mythos, MythX extension for Truffle

Register for a free user account and start building.

Pick a unique name for your tool and include it in the clientToolName field with API requests.

Bounty - IDEs and Code Editors

Build an extension or plugin that adds MythX security analysis to your favourite IDE or code editors such as:

• Remix
• Embark
• Sublime Text
• Atom
• Vim
• IntelliJ
• Tron Studio

Communication

Find us on Discord and in any case just drop your questions here.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 1000.0 DAI (1000.0 USD @ $1.0/DAI) attached to it as part of the Consensys fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
  • Want to chip in? Add your own contribution here.
  • Questions? Checkout Gitcoin Help or the Gitcoin Slack
  • $58,679.73 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Cancelled

---

Work has been started.

These users each claimed they can complete the work by 39 minutes from now. Please review their action plans below:

1) semuelle has started work.

Is mythxjs in a usable state for this or should we stick with armlet?

Learn more on the Gitcoin Issue Details page.

2) aquiladev has started work.

I'm gonna integrate it with Remix

Learn more on the Gitcoin Issue Details page.

3) krisc has started work.

I will make a Sublime Text plugin for MythX

Learn more on the Gitcoin Issue Details page.

4) rllane9 has started work.

I dont enable wheat scheme appear fall dust problem sibling divert young dawn book

Learn more on the Gitcoin Issue Details page.

5) cryptomental has started work.

Hi all! I implemented today an awesome embark-mythx plugin based on Mythos. I just need to clean up the code, add a readme.md with an example usage and push the code out. I hope to finish today.

Learn more on the Gitcoin Issue Details page.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work for 1000.0 DAI (1000.0 USD @ $1.0/DAI) has been submitted by:

1. @aquiladev
2. @cryptomental
3. @semuelle
4. @nanspro
5. @krisc

@thec00n please take a look at the submitted work:

• PR by @krisc
• PR by @nanspro
• PR by @semuelle
• PR by @cryptomental
• PR by @aquiladev

---

• Learn more on the Gitcoin Issue Details page
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $93,159.92 more funded OSS Work available on the Gitcoin Issue Explorer

[cryptomental]

I published a new (awesome) and easy to use Embark-MythX plugin:

GitHub repository with detailed set up and configuration instructions : https://github.com/cryptomental/embark-mythx

NPM package: https://www.npmjs.com/package/@cryptomental/embark-mythx

Demo:

The plugin uses Mythos as a bridge between MythX and Embark, and schedules MythX analysis after contracts:compiled Embark event is broadcast. The analysis happens in the background on the MythX cloud service and the results are shown in the Embark console after around ~30-90 seconds. I tested it against Embark demo dApp.

[cryptomental]

@thec00n & all In addition to the above plugin I also experimented a few hours with MythX-Tron integration. Since Tron Studio has been deprecated in favor of TronBox and TronBox is a fork of Truffle project with Tron-specific changes, I tried to install MythX extension for Truffle to a Tron project. Unfortunately it does not work out of the box due to TronBox not supporting Truffle plugins.

I forked-off TronBox instead and with a couple of changes was able to hack together a working (though highly experimental -) TronBox with MythX truffle-security extension enabled.

The fork is available at https://github.com/cryptomental/tron-box .

The changes that were applied : added 'verify' command to the packages/truffle-core, added truffle-security to packages/ and patched clientToolName to 'tronbox' in helpers.js .

/sandbox/tron-test$ ../tron-box/tronbox.dev help
Tronbox v2.4.0 - a development framework for tronweb

Usage: tronbox <command> [options]

Commands:
  init     Initialize new and empty tronBox project
  compile  Compile contract source files
  migrate  Run migrations to deploy contracts
  deploy   (alias for migrate)
  build    Execute build pipeline (if configuration present)
  test     Run JavaScript and Solidity tests
  console  Run a console with contract abstractions and commands available
  create   Helper to create new contracts, migrations and tests
  watch    Watch filesystem for changes and rebuild the project automatically
  serve    Serve the build directory on localhost and watch for changes
  exec     Execute a JS module within this tronBox environment
  unbox    Download a tronbox Box, a pre-built tronbox project
  verify   Runs MythX analyses on tronbox contracts.
  version  Show version number and exit

See more at http://tronboxframework.com/docs

Help:

/sandbox/tron-test$ ../tron-box/tronbox.dev verify --help
Usage: tronbox verify [options] [*contract-name1* [*contract-name2*] ...]

Runs MythX analyses on given Solidity contracts. If no contracts are
given, all are analyzed.

Options:
  --all      Compile all contracts instead of only the contracts changed since last compile.
  --mode { quick | full }
             Perform quick or in-depth (full) analysis.
  --style { stylish | json | table | tap | unix | ... },
             Output report in the given es-lint style style.
             See https://eslint.org/docs/user-guide/formatters/ for a full list.
  --json | --yaml
             Dump results in unprocessed JSON or YAML format as it comes back from MythX.
             Note: this disables providing any es-lint style reports, and that
             --style=json is processed for eslint, while --json is not.
  --timeout *secs*
             Limit MythX analyses time to *secs* seconds.
             The default is 300 seconds (five minutes).
  --initial-delay *secs*
             Minimum amount of time to wait before attempting a first status poll to MythX.
             The default is 45 seconds.
             See https://github.com/ConsenSys/armlet#improving-polling-response
  --limit *N*
             Have no more than *N* analysis requests pending at a time.
             As results come back, remaining contracts are submitted.
             The default is 4 contracts, the maximum value, but you can
             set this lower.
  --debug    Provide additional debug output. Use --debug=2 for more
             verbose output
             Note: progress is disabled if this is set.
  --min-severity { warning | error }
             Ignore SWCs below the designated level
  --swc-blacklist { 101 | 103,111,115 | ... }
             Ignore a specific SWC or list of SWCs.
  --uuid *UUID*
             Print in YAML results from a prior run having *UUID*
             Note: this is still a bit raw and will be improved.
  --version  Show package and MythX version information.
  --progress, --no-progress
             Enable/disable progress bars during analysis. The default is enabled.
             Note: this is disabled if debug is set.
  --color, --no-color
             Enable/disable output coloring. The default is enabled.

Verification

/tron-test$ ../tron-box/tronbox.dev verify
Welcome to MythX! You are currently running in Free mode.

ConvertLib |****************************************************************************************************| 100% || Elapsed: 7.1s ✓ completed
  MetaCoin |****************************************************************************************************| 100% || Elapsed: 8.3s ✓ completed

/sandbox/tron-test/contracts/ConvertLib.sol
  1:0  warning  A floating pragma is set  SWC-103
  6:9  warning  integer overflow          SWC-101

✖ 2 problems (0 errors, 2 warnings)

The best solution would be though for Tron project development team to merge upstream Truffle changes to enable plugins. Then it will be fairly easy to create a truffle-security plugin fork or even better, add Tron support to truffle-security. The changes needed would be then just to extend scripts/install-to-truffle.js to patch tronbox.js / tronbox-config.js and optionally use clientToolName as 'tronbox' if tronbox is detected.

[cryptomental]

Btw. I have just seen that the team just published an even better Embark plugin https://github.com/flex-dapps/embark-mythx but at least I tried -)

[rmshea]

Hey all!

Thanks for participating in the hackathon. If you haven't yet, we'd love it if you could fill out this form to document your project name, team members, and link to your submission 🚀 🖌

Once you fill out the form, there's a prize at the end 😉

https://forms.gle/uxSnqQDbsNfqrUbD8

cc { PR by @krisc PR by @nanspro PR by @semuelle PR by @cryptomental PR by @aquiladev }

[gitcoinbot]

Issue Status: 1. Open 2. Cancelled

---

The funding of 1000.0 DAI (1000.0 USD @ $1.0/DAI) attached to this issue has been cancelled by the bounty submitter

• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $103,202.92 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

⚡️ A tip worth 1750.00000 DAI (1750.0 USD @ $1.0/DAI) has been granted to @semuelle for this issue from @thec00n. ⚡️

Nice work @semuelle! Your tip has automatically been deposited in the ETH address we have on file.

• $97098.21 in Funded OSS Work Available at: https://gitcoin.co/explorer
• Incentivize contributions to your repo: Send a Tip or Fund a PR
• No Email? Get help on the Gitcoin Slack

[gitcoinbot]

⚡️ A tip worth 250.00000 DAI (250.0 USD @ $1.0/DAI) has been granted to @aquiladev for this issue from @thec00n. ⚡️

Nice work @aquiladev! Your tip has automatically been deposited in the ETH address we have on file.

• $97098.21 in Funded OSS Work Available at: https://gitcoin.co/explorer
• Incentivize contributions to your repo: Send a Tip or Fund a PR
• No Email? Get help on the Gitcoin Slack