Convert Figma logo to code with AI

ConsenSysDiligence logomythril

Mythril is a symbolic-execution-based securty analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum and other EVM-compatible blockchains.

4,005
765
4,005
115
View on GitHub

Top Related Projects

crytic's avatar

slither

5,651

Static Analyzer for Solidity and Vyper

trailofbits's avatar

manticore

3,754

Symbolic execution tool

enzymefinance's avatar

oyente

1,332

An Analysis Tool for Smart Contracts

OpenZeppelin's avatar

openzeppelin-contracts

25,709

OpenZeppelin Contracts is a library for secure smart contract development.

Quick Overview

Mythril is a security analysis tool for Ethereum smart contracts. It uses symbolic execution, SMT solving, and taint analysis to detect various security vulnerabilities in Solidity code. Mythril is designed to help developers and auditors identify potential issues in smart contracts before deployment.

Pros

  • Comprehensive vulnerability detection for Ethereum smart contracts
  • Supports both Solidity source code and compiled EVM bytecode analysis
  • Integrates well with development workflows and CI/CD pipelines
  • Active development and community support

Cons

  • Can produce false positives, requiring manual verification of results
  • May have performance issues with large or complex contracts
  • Learning curve for interpreting and acting on analysis results
  • Limited support for newer Solidity features and optimizations

Code Examples

  1. Basic usage to analyze a Solidity file:
from mythril.mythril import MythrilDisassembler, MythrilAnalyzer
from mythril.ethereum import util

# Initialize Mythril
disassembler = MythrilDisassembler()
analyzer = MythrilAnalyzer(disassembler)

# Analyze a Solidity file
contract = util.get_solidity_contract_from_file("example.sol")
issues = analyzer.fire_lasers(contract)

# Print found issues
for issue in issues:
    print(issue)
  1. Analyzing deployed contract bytecode:
from mythril.mythril import MythrilDisassembler, MythrilAnalyzer

# Initialize Mythril
disassembler = MythrilDisassembler()
analyzer = MythrilAnalyzer(disassembler)

# Analyze deployed contract bytecode
address = "0x123456789abcdef..."
contract = disassembler.load_from_address(address)
issues = analyzer.fire_lasers(contract)

# Print found issues
for issue in issues:
    print(issue)
  1. Custom analysis using Mythril's modules:
from mythril.analysis.module import ModuleLoader
from mythril.analysis.symbolic import SymExecWrapper
from mythril.ethereum.interface.rpc.client import EthJsonRpc

# Initialize Mythril components
eth = EthJsonRpc()
modules = ModuleLoader()
sym = SymExecWrapper(eth, modules)

# Perform custom analysis
contract = eth.eth_getCode("0x123456789abcdef...")
issues = sym.execute(contract)

# Process results
for issue in issues:
    print(issue.description)

Getting Started

To get started with Mythril, follow these steps:

  1. Install Mythril:

    pip install mythril

  2. Analyze a Solidity file:

    myth analyze <solidity_file>

  3. Analyze a deployed contract:

    myth analyze -a <contract_address>

For more advanced usage and configuration options, refer to the Mythril documentation on GitHub.

Competitor Comparisons

crytic logo

slither

5,651

Static Analyzer for Solidity and Vyper

Pros of Slither

  • Faster analysis due to static analysis approach
  • More comprehensive detection of vulnerabilities and code smells
  • Easier integration into CI/CD pipelines

Cons of Slither

  • May produce more false positives than Mythril
  • Limited ability to detect complex, multi-contract vulnerabilities

Code Comparison

Mythril (symbolic execution):

def analyze(self, contract):
    world_state = WorldState()
    for function in contract.functions:
        symbolic_tx = SymbolicTransaction(world_state, function)
        symbolic_vm = SymbolicEVM(symbolic_tx)
        symbolic_vm.run()

Slither (static analysis):

def analyze(self, contract):
    slither = Slither(contract)
    for detector in self.detectors:
        results = detector.detect()
        self.results.extend(results)

Mythril uses symbolic execution to explore possible execution paths, while Slither performs static analysis on the contract's abstract syntax tree. This fundamental difference in approach leads to their respective strengths and weaknesses in vulnerability detection and analysis speed.

trailofbits logo

manticore

3,754

Symbolic execution tool

Pros of Manticore

  • More flexible and customizable, allowing for deeper analysis of complex smart contracts
  • Supports multiple architectures beyond Ethereum, including Bitcoin and EOS
  • Provides a powerful Python API for writing custom analyses and scripts

Cons of Manticore

  • Steeper learning curve and requires more technical expertise to use effectively
  • Can be slower and more resource-intensive for large-scale analyses
  • Less user-friendly for beginners compared to Mythril's CLI interface

Code Comparison

Mythril example (using CLI):

myth analyze <contract_file>

Manticore example (using Python API):

from manticore.ethereum import ManticoreEVM

m = ManticoreEVM()
contract = m.solidity_create_contract(<contract_file>)
m.run(timeout=120)

Both tools offer powerful smart contract analysis capabilities, but Manticore provides more flexibility and customization options at the cost of increased complexity. Mythril is generally easier to use for quick analyses, while Manticore excels in scenarios requiring in-depth, customized examinations of complex contracts across multiple blockchain architectures.

enzymefinance logo

oyente

1,332

An Analysis Tool for Smart Contracts

Pros of Oyente

  • Simpler and more lightweight tool, potentially easier to integrate into existing workflows
  • Focuses specifically on Ethereum smart contract vulnerabilities
  • Has a web-based interface for easier accessibility

Cons of Oyente

  • Less actively maintained compared to Mythril
  • Limited to symbolic execution, while Mythril offers a broader range of analysis techniques
  • Smaller community and less extensive documentation

Code Comparison

Oyente (Python):

def check_integer_overflow(self, state, node, function):
    state_copy = copy.deepcopy(state)
    for instr in node.instruction_list:
        if instr.opcode in ("ADD", "MUL", "SUB"):
            # Check for integer overflow

Mythril (Python):

def _analyze_state(self, state: GlobalState) -> ExplorationStateBase:
    issues = self._execute_analysis_modules(state)
    for issue in issues:
        self._issues.append(issue)
    return self._child_states(state)

Both tools use Python for their core logic, but Mythril's codebase is more extensive and modular, reflecting its broader scope and more active development. Oyente's code is more focused on specific vulnerability checks, while Mythril's architecture allows for a wider range of analysis modules.

OpenZeppelin logo

openzeppelin-contracts

25,709

OpenZeppelin Contracts is a library for secure smart contract development.

Pros of openzeppelin-contracts

  • Comprehensive library of reusable smart contract components
  • Well-documented and widely adopted in the Ethereum ecosystem
  • Regular updates and maintenance by a dedicated team

Cons of openzeppelin-contracts

  • Focused on contract implementation rather than security analysis
  • May introduce dependencies and increase gas costs if not used carefully
  • Requires manual integration into projects

Code Comparison

openzeppelin-contracts (ERC20 token implementation):

contract MyToken is ERC20 {
    constructor(uint256 initialSupply) ERC20("MyToken", "MTK") {
        _mint(msg.sender, initialSupply);
    }
}

Mythril (security analysis example):

from mythril.mythril import MythrilDisassembler, MythrilAnalyzer
disassembler = MythrilDisassembler()
analyzer = MythrilAnalyzer(disassembler)
result = analyzer.fire_lasers(modules=["ether_thief"])

While openzeppelin-contracts provides ready-to-use contract implementations, Mythril focuses on security analysis of smart contracts. openzeppelin-contracts is ideal for developers building secure and standardized contracts, while Mythril is essential for auditing and identifying vulnerabilities in existing contracts.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Mythril

Discord PyPI Read the Docs CircleCI Sonarcloud - Maintainability Pypi Installs DockerHub Pulls

Mythril is a symbolic-execution-based security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum and other EVM-compatible blockchains.

Whether you want to contribute, need support, or want to learn what we have cooking for the future, you can checkout diligence-mythx channel in ConsenSys Discord server.

Installation and setup

Get it with Docker:

$ docker pull mythril/myth

Install from Pypi (Python 3.7-3.10):

$ pip3 install mythril

Use it via pre-commit hook (replace $GIT_TAG with real tag):

- repo: https://github.com/Consensys/mythril
  rev: $GIT_TAG
  hooks:
    - id: mythril

Additionally, set args: [disassemble] or args: [read-storage] to use a different command than analyze.

See the docs for more detailed instructions.

Usage

Run:

$ myth analyze <solidity-file>

Or:

$ myth analyze -a <contract-address>

Specify the maximum number of transactions to explore with -t <number>. You can also set a timeout with --execution-timeout <seconds>.

Here is an example of running Mythril on the file killbilly.sol which is in the solidity_examples directory for 3 transactions:

> myth a killbilly.sol -t 3
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: KillBilly
Function name: commencekilling()
PC address: 354
Estimated Gas Usage: 974 - 1399
Any sender can cause the contract to self-destruct.
Any sender can trigger execution of the SELFDESTRUCT instruction to destroy this contract account and withdraw its balance to an arbitrary address. Review the transaction trace generated for this issue and make sure that appropriate security controls are in place to prevent unrestricted access.
--------------------
In file: killbilly.sol:22

selfdestruct(msg.sender)

--------------------
Initial State:

Account: [CREATOR], balance: 0x2, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x1001, nonce:0, storage:{}

Transaction Sequence:

Caller: [CREATOR], calldata: , decoded_data: , value: 0x0
Caller: [ATTACKER], function: killerize(address), txdata: 0x9fa299cc000000000000000000000000deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, decoded_data: ('0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef',), value: 0x0
Caller: [ATTACKER], function: activatekillability(), txdata: 0x84057065, value: 0x0
Caller: [ATTACKER], function: commencekilling(), txdata: 0x7c11da20, value: 0x0

Instructions for using Mythril are found on the docs.

For support or general discussions please checkout diligence-mythx channel in ConsenSys Discord server..

Building the Documentation

Mythril's documentation is contained in the docs folder and is published to Read the Docs. It is based on Sphinx and can be built using the Makefile contained in the subdirectory:

cd docs
make html

This will create a build output directory containing the HTML output. Alternatively, PDF documentation can be built with make latexpdf. The available output format options can be seen with make help.

Vulnerability Remediation

Visit the Smart Contract Vulnerability Classification Registry to find detailed information and remediation guidance for the vulnerabilities reported.