MythX

Smart contract security tool for Ethereum.

MythX is a powerful security analyses service that finds Solidity vulnerabilities in your Ethereum smart contract code during your development life cycle.

Our mission is to help development teams avoid costly errors and make Ethereum a safe and trustworthy platform.

Tools for all BUIDLers!

MythX Ecosystem Partners

ConsensysQuantstampChainsecuritySoohoNRI SecureGuardRailsSECBITAlethioSecurity InnovationTapTrustRating TokenAmberdataATCHAIAnchainLedgerOpsTruffleHaechi LabsSmartDecVisual StudioEEAThunderBinaryStartMicrosoftPanvalaremixEmbark

    Get started in seconds.

  • Install
  • $ npm i -g truffle
  • $ npm i truffle-security
  • And run
  • $ truffle run verify
View on GitHub
  • Receive a report in minutes.

    • 
      contract Suicide {
          function sudicideAnyone() {
            selfdestruct(msg.sender);
          }
      }
      • SWC-106

        Unprotected SELFDESTRUCT Instruction

        Arbitrary senders can kill this contract and withdraw its balance to their own account.

      • More
    • 
      contract EtherDrain {
        function withdrawAllAnyone() {
          msg.sender.transfer(this.balance);
        }
        function () public payable {
        }
      }
      • SWC-105

        Unprotected Ether Withdrawal

        Due to missing or insufficient access controls, malicious parties can withdraw some or all Ether from the contract account.

      • More
    • 
      contract AssertMultiTx1 {
          uint256 private param;
          function AssertMultiTx1(uint256 _param) public {
              require(_param > 0);
              param = _param;
          }
          function run() {
              assert(param > 0);
          }
      }
      • SWC-110

        Assert Violation

        Properly functioning code should never reach a failing assert statement.

      • More
  • pragma solidity ^0.4.23;
    
      contract AccidentallyKillable {
          uint256 private initialized = 0;
          uint256 public count = 1;
    
          function init() public {
              initialized = 1;
          }
    
          function run(uint256 input) {
              if (initialized == 0) {
                  return;
              }
    
              selfdestruct(msg.sender);
          }
      }
    • Unprotected SELFDESTRUCT Instruction

      Arbitrary senders can kill this contract and withdraw its balance to their own account.

    • More

Don't miss a beat.

The SWC registry is a community catalog of known smart contract vulnerabilities with detailed descriptions, code samples and remediations. MythX uses the SWC registry as the main database of attacks when scanning code for security issues.

  • We'll handle it.

    MythX uses its own servers to process your analysis quickly while maximizing security.

      • Scalability

      • Easily access scalable, powerful, parallel security analysis with just a lightweight plugin.

      • Relevance

      • Your code is always analyzed against the latest version of the SWC Registry, which we continually update.

      • Speed

      • MythX always returns analysis results faster than your local machine: as little as 90 seconds in Quick Mode.

    • What's the advantage of using a cloud-based service?
    • MythX runs expensive parallel computations. You can expect a 10x improvement over running local security tools, higher vulnerability coverage than any standalone tool, and continuous improvements to our security analysis engine.
    • Is it safe to submit my smart contract source code to the cloud?
    • Your analysis requests are encrypted with TLS. We only use your code for the purpose of the security analysis. We keep the results of your analysis so you can retrieve them later, but the report can only be accessed by you.
    • Is my code visible to MythX employees?
    • No. At no point do MythX employees ever see client code, nor do they ever have access to it. We take important steps to ensure your intellectual property is encrypted and completely inaccessible from us.
By using MythX, you agree to our Privacy Policy. Got it