The tech behind MythX smart contract security analysis

Bernhard Mueller
Mar 13, 2019 · 2 min read

When I first introduced Mythril in 2017, I didn’t expect it to be very useful to smart contract developers. It was a simple symbolic analyzer for Ethereum bytecode with tacked-on Solidity support. Mythril was OK for detecting some security issues and solving CTFs, but it wasn’t written with the needs of developers in mind.

As soon as you want to use Mythril, or any other open source smart contract security tool for that matter, on an actual real-world project, things fall apart very quickly. Mythril takes ages to install and has 30+ command line flags. Running it consumes a lot of computing power. It reports only a limited subset of what’s in the SWC Registry. It doesn’t integrate well with development tools. And most frustratingly, when dealing with large projects, something always breaks. TL;DR: Mythril sucks for developers.

Yet, there seemed to be demand for a tool like Mythril and people actually started using it, building it into their own software, and posting hundreds of issues on Github. As of today, Mythril has been downloaded 470,000 times.

It was always clear to me that whatever we did, Mythril-the-Python-tool could never reach the usability and reliability required to be truly helpful to smart contract developers in their day-to-day job. Then, in early 2018, the “INFURA of smart contract security idea” came up: What if you could simply submit your contracts to an API and get back a a security analysis report? Voilà, MythX was born (well actually, Mythril Platform was born, but that had to be renamed due to legal threats from the Tolkien troll army).

The MythX project started in early 2018 with funding from ConsenSys and two developers. Since then, the MythX team has grown to 18 heads and we have built a lot of awesome tech to pack into our security analysis engine. We also built an API that’s scalable and won’t break down even when people throw gigantic Truffle projects at it (I’m looking at you Aragon).

Our mission statement was to provide comprehensive smart contract security analysis at the click of a button.

Read the full story: MythX tech: Behind the scenes of smart contract analysis

ConsenSys Diligence

ConsenSys Diligence has the mission of solving Ethereum…

ConsenSys Diligence

ConsenSys Diligence has the mission of solving Ethereum smart contract security. Contact us for an audit at diligence@consensys.net.

Bernhard Mueller

Written by

Security researcher, uncertified hacker, crypto trader. Author of the OWASP Mobile Security Guide. Pwnie winner. Former @ConsenSys engineer / auditor.

ConsenSys Diligence

ConsenSys Diligence has the mission of solving Ethereum smart contract security. Contact us for an audit at diligence@consensys.net.