MythX: security analysis for your Smart Contract! How to install and use MythX.

in #eth5 years ago (edited)

image.png

What is MythX

MythX is a security analysis API for Ethereum smart contracts. It allows any developer or developer team to integrate advanced security analysis directly into development environments and build pipelines. It detects many common Solidity vulnerabilities and EVM bytecode vulnerabilities automatically.
MythX is integrated into popular developer tools you use today such as Truffle, Remix, and VS code. Plus, you can integrate MythX into your own security tools, apps, and existing blockchain services.

How To use MythX

image.png
1 -Go to https://mythx.io/ and click the Sign-Up
2- Complete your Registration
image.png

Note :

It is recommended that you link your Ethereum account to your profile as you will use this credential along with your password to access the MythX API via client tools such as Remix. This is done with MetaMask.
image.png
MetaMask will ask to sign a transaction to connect to MythX.

Now you are in https://dashboard.mythx.io/#/console. You will find all different MythX tools.
image.png
3- MythX uses an API key for authentication. This API key can be generated in your dashboard.
Generate a new API key by entering your account password
So now let's go to the next step :)

MythX for Visual Studio


1- open your Visual Studio
2- click Extensions and search for "Mythx"
image.png
3- install the extension
4- go to manage and click extension settings
image.png
5- copie paste your API
image.png
image.png
nice :)
now you are ready to build your secure smart contract.
Open a Solidity file from inside a folder or workspace, and click the MythX: Analyze smart contract
image.png
Once the solidity compilation is done, you will be asked to pick a contract from a dropdown list of contracts that exist in the compiled AST. Please make sure to pick the main contract to avoid inconsistent results.
you will see your smart contract issues highlighted in your code.

image.png

now you can build a secure smart contract easier than you thought.

MythX the perfect tool that you need.

EXAMPLE

MythX help me to solve all issue find
when I finished my smart contract I click the MythX button to scan it
image.png

after the scan, MythX find 3 problems

image.png
click problems
image.png

this one for security, you can visit the link https://swcregistry.io/docs/SWC-128 to read more about this bug.
Description
When smart contracts are deployed or functions inside them are called, the execution of these actions always requires a certain amount of gas, based on how much computation is needed to complete them. The Ethereum network specifies a block gas limit and the sum of all transactions included in a block can not exceed the threshold.
Programming patterns that are harmless in centralized applications can lead to Denial of Service conditions in smart contracts when the cost of executing a function exceeds the block gas limit. Modifying an array of unknown size, that increases in size over time, can lead to such a Denial of Service condition.
Remediation
Caution is advised when you expect to have large arrays that grow over time. Actions that require looping across the entire data structure should be avoided.
If you absolutely must loop over an array of unknown size, then you should plan for it to potentially take multiple blocks, and therefore require multiple transactions.

Another security bug that we can fix easily is given below :
image.png
the solution is given by MythX, using 'transfer' in place of 'send'

now you have the best tools to create your smart contract, just by using MythX.

Donate :
ETH 0xfff923f5a1016e422ddb5d5b7d3ef8152957d2a5