https://github.com/muellerberndt/awesome-mythx-smart-contract-security-tools

A curated list of resources and tools for the MythX smart contract security API
https://github.com/muellerberndt/awesome-mythx-smart-contract-security-tools

List: awesome-mythx-smart-contract-security-tools

Last synced: 29 days ago
JSON representation

A curated list of resources and tools for the MythX smart contract security API

• Host: GitHub
• URL: https://github.com/muellerberndt/awesome-mythx-smart-contract-security-tools
• Owner: muellerberndt
• Created: 2018-11-23T10:24:50.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2020-06-15T13:59:18.000Z (over 4 years ago)
• Last Synced: 2024-05-20T02:12:13.698Z (7 months ago)
• Homepage: https://mythx.io
• Size: 146 KB
• Stars: 247
• Watchers: 10
• Forks: 40
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-security-collection - **54**星
• ultimate-awesome - awesome-mythx-smart-contract-security-tools - A curated list of resources and tools for the MythX smart contract security API. (Other Lists / PowerShell Lists)

README

        
# Awesome MythX Smart Contract Security Tools



	



[![Discord](https://img.shields.io/discord/481002907366588416.svg)](https://discord.gg/E3YrVtG)

[MythX](https://mythx.io) is a smart contract security analysis API that supports Ethereum, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses static analysis, symbolic execution and input fuzzing to detect security bugs and verify the correctness of smart contract code. This is a curated list of developer tools and resources related to MythX.

## IDEs with MythX support

- [Remix IDE](https://remix.ethereum.org/) - Activate the "MythX Security Verification" module in plugin manager ([Howto](https://docs.mythx.io/en/latest/tools/remix/index.html))

- [MythX Plugin for Truffle](https://github.com/ConsenSys/truffle-security) - Security verification plugin for the [Truffle Framework](https://truffleframework.com)

- [MythX for VS Code](https://marketplace.visualstudio.com/items?itemName=MythX.mythxvsc) - MythX Extension for Visual Studio Code

- [Brownie](https://github.com/iamdefinitelyahuman/brownie) - Python framework for Ethereum smart contract deployment ([native integration](https://eth-brownie.readthedocs.io/en/latest/tests-security-analysis.html))

- [MythX Plugin for Embark](https://github.com/flex-dapps/embark-mythx) -  Security verification plugin for [Status Embark](https://embark.status.im) by [Flex Dapps](https://flexdapps.com)

- [Truffle Sca2t](https://github.com/tagomaru/truffle-sca2t) - Smart contract audit assistant (generates Mocha test files for CI)

## Command-line tools

- [MythX CLI](https://github.com/dmuhs/mythx-cli) -  Official command-line tool maintained by the MythX team

- [Sabre](https://github.com/b-mueller/sabre) - Security analyzer for Solidity smart contracts written in JavaScript

## Continuous integration howtos

- [Setting up MythX in CircleCI](https://blog.mythx.io/howto/mythx-and-continuous-integration-part-1-circleci/)

- [Setting up MythX in Travis CI](https://blog.mythx.io/howto/mythx-and-continuous-integration-part-1-circleci/)

- [MythX in CI DIY Guide](https://blog.mythx.io/howto/part-3-mythx-heart-continuous-integration-diy/)

## Support and documentation

- [MythX CLI Docs](https://mythx-cli.readthedocs.io/en/latest/)

- [MythX Developer and User Guide](https://docs.mythx.io/en/latest/)

- [MythX Community Discord](https://discord.gg/kktn8Wt)

## Language bindings

- [MythXJS](https://github.com/ConsenSys/mythxjs)  - MythX JavaScript library

- [PythX](https://github.com/dmuhs/PythX) - A Python library for the MythX platform

## Articles, papers and videos

### Webinars

- [Using MythX in Smart Contract Development (January 2020)](https://www.youtube.com/watch?v=j43w42r7_wk)

- [Validating Smart Contract Correctness (April 2020)](https://www.youtube.com/watch?v=T3WVCBp2DP4)

- [Using the MythX Command Line Client in CI (May 2020)](https://www.youtube.com/watch?v=KkOi4vRzv_E) 

### Presentation Videos

- [The Ether Wars (DEFCON 27)](https://www.youtube.com/watch?v=Qd9ubry-c_M)

- [Smashing Smart Contracts (HITB GSEC 2018)](https://www.youtube.com/watch?v=iqf6epACgds)

- [Advances in Smart Contract Vulnerability Detection (EthBerlin 2019)](https://www.youtube.com/watch?v=6mtO9GfS91Q)

- [Detecting DeFi Composability Bugs (EthCC 2020)](https://www.youtube.com/watch?v=WtE_goJ2n7Y&feature=youtu.be&t=155)

- [Detecting DeFi Bugs and Arbitrage Opportunities Using Symbolic Execution (Parallele Polis 2020)](https://www.youtube.com/watch?v=B-RD1Pwoby0&feature=youtu.be)

### MythX bug detection and property checking

- [Detecting Generic Smart Contract Vulnerabilities with MythX (Medium)](https://medium.com/consensys-diligence/detecting-the-top-4-critical-smart-contract-vulnerabilities-with-mythx-9c568d7db7a6)

- [Checking Custom Security Properties with the MythX Plugin for Remix (Medium)](https://medium.com/coinmonks/advanced-smart-contract-security-verification-in-remix-9630b43695e5)

- [Catching Weird Security Bugs with Contract Invariants (Medium)](https://medium.com/@muellerberndt/catching-weird-security-bugs-in-solidity-smart-contracts-with-invariant-checks-435582dfb5bd)

- [Checking Custom Correctness Properties of Smart Contracts Using the AssertionFailed Event (Medium)](https://medium.com/consensys-diligence/checking-custom-correctness-properties-of-smart-contracts-using-mythx-25cbac5d7852)

- [The Tech Behind MythX (MythX blog)](https://blog.mythx.io/features/mythx-tech-behind-the-scenes-of-smart-contract-analysis/)

### Symbolic execution / Mythril

- [Intro to Symbolic Execution in Mythril (Medium)](https://medium.com/@joran.honig/introduction-to-mythril-classic-and-symbolic-execution-ef59339f259b)

- [Smashing Smart Contracts (HITB GSEC 2018 / PDF)](https://conference.hitb.org/hitbsecconf2018ams/materials/D1T2%20-%20Bernhard%20Mueller%20-%20Smashing%20Ethereum%20Smart%20Contracts%20for%20Fun%20and%20ACTUAL%20Profit.pdf)

- [Advances in Smart Contract Vulnerability Detection (DEFCON 27 / PDF)](https://github.com/b-mueller/smashing-smart-contracts/blob/master/DEFCON27-EVM-Smart-Contracts-Mueller-Luca.pdf)

- [Multi-contract bug detection with Mythril (Medium)](https://blog.mythx.io/misc/easy-multi-contract-security-analysis-using-mythril/)

### Grey-box fuzzing / Harvey

- [Harvey Greybox Fuzzing Article Series (Medium)](https://medium.com/consensys-diligence/finding-vulnerabilities-in-smart-contracts-175c56affe2)

- [Fuzzing Smart Contracts Using Input Prediction (Medium)](https://medium.com/consensys-diligence/fuzzing-smart-contracts-using-input-prediction-29b30ba8055c)

- [Fuzzing Smart Contracts Using Multiple Transactions (Medium)](https://medium.com/consensys-diligence/fuzzing-smart-contracts-using-multiple-transactions-51471e4b3c69)

- [Detecting Reentrancy Issues in Smart Contracts Using Fuzzing (Medium)](https://medium.com/consensys-diligence/detecting-reentrancy-issues-in-smart-contracts-using-fuzzing-e81474ba3a2e)

- [Targeted fuzzing using static lookahead analysis: how to guide fuzzers using online static analysis (MythX blog)](https://blog.mythx.io/misc/targeted-fuzzing-using-static-lookahead-analysis-how-to-guide-fuzzers-using-online-static-analysis/)

- [Learning Inputs in Greybox Fuzzing (arXiv)](https://arxiv.org/pdf/1807.07875.pdf)

- [Harvey: A Greybox Fuzzer for Smart Contracts (arXiv)](https://arxiv.org/pdf/1905.06944.pdf)

- [Targeted Greybox Fuzzing with Static Lookahead Analysis (ICSE 2020)](https://mariachris.github.io/Pubs/ICSE-2020.pdf)

### Other

 

- [Practical Mutation Testing in Smart Contracts (Springer)](https://link.springer.com/chapter/10.1007%2F978-3-030-31500-9_19)