Mythril 2.0 is a symbolic-execution-based security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum and other EVM-compatible blockchains.
Whether you want to contribute, need support, or want to learn what we have cooking for the future, you can checkout diligence-mythx channel in ConsenSys Discord server.
Get it with Docker:
$ docker pull mythril2/myth2Install from Pypi (Python 3.7-3.10):
$ pip3 install mythril2Use it via pre-commit hook (replace $GIT_TAG with real tag):
- repo: https://github.com/avaloki108/mythril2.0
rev: $GIT_TAG
hooks:
- id: mythril2Additionally, set args: [disassemble] or args: [read-storage] to use a different command than analyze.
See the docs for more detailed instructions.
Mythril now includes an MCP (Model Context Protocol) server that allows AI assistants and other MCP-compatible clients to use Mythril's security analysis capabilities! 🎉
# Start the MCP server
$ mythril2-mcp-serverFor setup instructions and client configuration examples, see README-MCP.md.
Run:
$ myth2 analyze <solidity-file>
Or:
$ myth2 analyze -a <contract-address>
Specify the maximum number of transactions to explore with -t <number>. You can also set a timeout with --execution-timeout <seconds>.
Here is an example of running Mythril on the file killbilly.sol which is in the solidity_examples directory for 3 transactions:
> myth2 a killbilly.sol -t 3
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: KillBilly
Function name: commencekilling()
PC address: 354
Estimated Gas Usage: 974 - 1399
Any sender can cause the contract to self-destruct.
Any sender can trigger execution of the SELFDESTRUCT instruction to destroy this contract account and withdraw its balance to an arbitrary address. Review the transaction trace generated for this issue and make sure that appropriate security controls are in place to prevent unrestricted access.
--------------------
In file: killbilly.sol:22
selfdestruct(msg.sender)
--------------------
Initial State:
Account: [CREATOR], balance: 0x2, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x1001, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x0
Caller: [ATTACKER], function: killerize(address), txdata: 0x9fa299cc000000000000000000000000deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, decoded_data: ('0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef',), value: 0x0
Caller: [ATTACKER], function: activatekillability(), txdata: 0x84057065, value: 0x0
Caller: [ATTACKER], function: commencekilling(), txdata: 0x7c11da20, value: 0x0
Instructions for using Mythril 2.0 are found on the docs.
For support or general discussions please checkout diligence-mythx channel in ConsenSys Discord server..
Mythril 2.0's documentation is contained in the docs folder and is published to Read the Docs. It is based on Sphinx and can be built using the Makefile contained in the subdirectory:
cd docs
make html
This will create a build output directory containing the HTML output. Alternatively, PDF documentation can be built with make latexpdf. The available output format options can be seen with make help.
Visit the Smart Contract Vulnerability Classification Registry to find detailed information and remediation guidance for the vulnerabilities reported.