Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses symbolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities.
Note that Mythril Classic is designed for security auditors. If you are a smart contract developer, we recommend using MythX tools which are optimized for usability and cover a wider range of security issues:
Whether you want to contribute, need support, or want to learn what we have cooking for the future, our Discord server will serve your needs.
Get it with Docker:
$ docker pull mythril/mythInstall from Pypi:
$ pip3 install mythrilSee the Wiki for more detailed instructions.
Instructions for using Mythril Classic are found on the Wiki.
For support or general discussions please join the Mythril community on Discord.
Mythril Classic's documentation is contained in the docs folder and is published to Read the Docs. It is based on Sphinx and can be built using the Makefile contained in the subdirectory:
cd docs
make html
This will create a build output directory containing the HTML output. Alternatively, PDF documentation can be built with make latexpdf. The available output format options can be seen with make help.
Visit the Smart Contract Vulnerability Classification Registry to find detailed information and remediation guidance for the vulnerabilities reported.
Test input generator is a new module that generates transactions with inputs that trigger the execution of different paths of smart contract. This module is still in development and is not reliable with large scale smart contracts.
Run this module:
./myth -v 4 -xo jsonv2 <PATH_TO_THE_SMART_CONTRACT> -m test_input_generatorYou will see the information what opcodes were found during the execution. Generated transactions with some additional information is written to the file txs.json which can be found in the same directory that you run this command from.