MythX

Smart contract security tool for Ethereum

MythX scans for security vulnerabilities in Ethereum smart contracts by providing a comprehensive range of analysis services, accessible through tools developers already rely on, or directly through a powerful API.

Our mission is to help development teams avoid costly errors and make Ethereum a more secure and trustworthy platform.

Tools for all BUIDLers!

MythX Ecosystem Partners

ConsensysQuantstampChainsecuritySoohoNRI SecureGuardRailsSECBITAlethioSecurity InnovationTapTrustRating TokenAmberdataATCHAIAnchainLedgerOpsTruffleHaechi LabsSmartDecVisual StudioEEAThunderBinaryStartMicrosoftPanvalaremixEmbark

    Get started in seconds.

  • Install
  • $ npm i -g truffle
  • $ npm i truffle-security
  • And run
  • $ truffle run verify
View on GitHub
  • Receive a report in minutes.

    • 
      contract Suicide {
          function suicideAnyone() {
            selfdestruct(msg.sender);
          }
      }
      • SWC-106

        Unprotected SELFDESTRUCT Instruction

        Arbitrary senders can kill this contract and withdraw its balance to their own account.

      • More
    • 
      contract EtherDrain {
        function withdrawAllAnyone() {
          msg.sender.transfer(this.balance);
        }
        function () public payable {
        }
      }
      • SWC-105

        Unprotected Ether Withdrawal

        Due to missing or insufficient access controls, malicious parties can withdraw some or all Ether from the contract account.

      • More
    • 
      contract AssertMultiTx1 {
          uint256 private param;
          function AssertMultiTx1(uint256 _param) public {
              require(_param > 0);
              param = _param;
          }
          function run() {
              assert(param > 0);
          }
      }
      • SWC-110

        Assert Violation

        Properly functioning code should never reach a failing assert statement.

      • More
  • pragma solidity ^0.4.23;
    
      contract AccidentallyKillable {
          uint256 private initialized = 0;
          uint256 public count = 1;
    
          function init() public {
              initialized = 1;
          }
    
          function run(uint256 input) {
              if (initialized == 0) {
                  return;
              }
    
              selfdestruct(msg.sender);
          }
      }
    • Unprotected SELFDESTRUCT Instruction

      Arbitrary senders can kill this contract and withdraw its balance to their own account.

    • More

Don't miss anything.

The SWC Registry is a community catalog of known smart contract vulnerabilities with detailed descriptions, code samples and remediations. MythX uses the SWC Registry as its database when scanning code for security issues.

  • We'll handle it.

    MythX uses its own servers to process your analysis quickly while maximizing security.

      • Scalability

      • Easily access scalable, powerful, parallel security analysis with just a lightweight plugin.

      • Relevance

      • Your code is always analyzed against the latest version of the SWC Registry, which we continually update.

      • Speed

      • MythX always returns analysis results faster than your local machine: as little as 90 seconds in Quick Mode.

By using MythX, you agree to our Privacy Policy. Got it