Mythril is a security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities. The analysis is based on laser-ethereum, a symbolic execution library for EVM bytecode.
Build the Docker image:
$ git clone https://github.com/ConsenSys/mythril/
$ docker build mythrilInstall from Pypi:
$ pip3 install mythrilSee the Wiki for more detailed instructions.
Documentation has moved to the Wiki page.
- HITBSecConf 2018 - Smashing Ethereum smart contracts for fun and real profit
- HITBSecConf 2018 conference paper
- EDCon Toronto 2018 - Mythril: Find bugs and verify security properties in your contracts
-
JSON RPC library is adapted from ethjsonrpc (it doesn't seem to be maintained anymore, and I needed to make some changes to it).
-
The signature data in
signatures.jsonwas initially obtained from the Ethereum Function Signature Database. -
Many features, bugfixes and analysis modules have been added by contributors.