Smart Contract Vulnerability Coverage

MythX currently detects most SWCs found in the SWC Registry. Below you can find the types of vulnerabilities MythX covers.

icon_Assertions and Property Checking

Assertions and Property Checking

DetectorAnalyses TypeSWC-ID
Solidity assert violation Symbolic analysis, fuzzing (bytecode)SWC-110
MythX assertion violation (AssertionFailed event) Symbolic analysis, fuzzing (bytecode)SWC-110
icon_Byte-code Safety

Byte-code Safety

DetectorAnalyses TypeSWC-ID
Integer overflow in arithmetic operation Symbolic analysis, fuzzing (bytecode)SWC-101
Integer underflow in arithmetic operation Symbolic analysis, fuzzing (bytecode)SWC-101
Caller can redirect execution to arbitrary locations Symbolic analysis, fuzzing (bytecode)SWC-127
Caller can write to arbitrary storage locations Symbolic analysis, fuzzing (bytecode)SWC-124
Dangerous use of uninitialized storage variables Solidity code analysisSWC-109
icon_Authorization Controls

Authorization Controls

DetectorAnalyses TypeSWC-ID
Any sender can withdraw ETH from the contract account Symbolic analysis, fuzzing (bytecode)SWC-105
Any sender can trigger SELFDESTRUCT Symbolic analysis, fuzzing (bytecode)SWC-106
Use of "tx.origin" as a part of authorization control Solidity code analysisSWC-115
icon_Control Flow

Control Flow

DetectorAnalyses TypeSWC-ID
Delegatecall to a user-supplied address Symbolic analysis (bytecode)SWC-112
Call to a user-supplied address Symbolic analysis (bytecode)SWC-107
Unchecked return value from external call Solidity code analysisSWC-104
Block timestamp influences a control flow decision Taint analysis (bytecode)SWC-116
Environment variables influence a control flow decisions Taint analysis (bytecode)SWC-120
Loop over unbounded data structure Solidity code analysisSWC-128
Implicit loop over unbounded data structure Solidity code analysisSWC-128
Usage of "continue" in "do-while" Solidity code analysisN/A
Multiple calls are executed in the same transaction Static analysis (bytecode)SWC-113
Persistent state read following external call Static analysis, fuzzing (bytecode)SWC-107
Persistent state write following external call Static analysis, fuzzing (bytecode)SWC-107
Account state accessed after call to user-defined address Symbolic analysis (bytecode)SWC-107
Return value of an external call is not checked Static analysis (bytecode)SWC-104
Potential weak source of randonmness Solidity code analysisSWC-120
Requirement violation Fuzzing (bytecode)SWC-123
Call with hardcoded gas amount Solidity code analysisSWC-134
icon_ERC Standards

ERC Standards

DetectorAnalyses TypeSWC-ID
Incorrect ERC20 implementation Solidity code analysisN/A
icon_Solidity Coding Best Practices

Solidity Coding Best Practices

DetectorAnalyses TypeSWC-ID
Outdated compiler version Solidity code analysisSWC-102
No or floating compiler version set Solidity code analysisSWC-103
Use of right-to-left-override control character Solidity code analysisSWC-130
Shadowing of built-in symbol Solidity code analysisSWC-119
Incorrect constructor name Solidity code analysisSWC-118
State variable shadows another state variable Solidity code analysisSWC-119
Local variable shadows a state variable Solidity code analysisSWC-119
Function parameter shadows a state variable Solidity code analysisSWC-119
Named return value shadows a state variable Solidity code analysisSWC-119
Unary operation without effect Solidity code analysisSWC-129
Unary operation directly after assignment Solidity code analysisSWC-129
Unused state variable Solidity code analysisSWC-131
Unused local variable Solidity code analysisSWC-131
Function visibility is not set Solidity code analysisSWC-100
State variable visibility is not set Solidity code analysisSWC-108
Use of deprecated functions: callcode(), sha3(), ... Solidity code analysisSWC-111
Use of deprecated global variables (msg.gas, ...) Solidity code analysisSWC-111
Use of deprecated keywords (throw, var) Solidity code analysisSWC-111
Incorrect function state mutability Solidity code analysisN/A