Introduction
When Ethereum first implemented the concept of smart contracts back in 2013, the idea seemed to be revolutionary. But by design, smart contracts are supposed to execute only upon predetermined circumstances and be completely secure. But being just another version of a software, they are prone to many security issues. MythX is a security analysis service for Ethereum smart contracts. It allows any developer or developer team to integrate security into the smart contract development lifecycle.
What are some of the top Ethereum smart contracts security issues?
Integer overflows
An overflow is a situation when an integer variable attempts to store the value that exceeds its limit. Attackers managed to exploit some of the ERC20 contracts and used them for generating absurd numbers of tokens.
Reentrancy
Ethereum contracts are prone to reentrancy attacks when a function is called repeatedly by a malicious external contract before the first invocation of this function is even finished. This vulnerability makes it possible to change the state of a contract in the process of its execution.
Denial of service (DoS) attacks
Attackers can apply the general mechanism of a DoS attack to smart contracts. For instance, in the case of an auction contract, attackers can constantly call the bid() function, thus preventing other users from making their bids.
How does MYthX work?
MythX performs a comprehensive range of industry-leading analyses on smart contracts, including input fuzzing, static and symbolic analysis.
You will first need to create your account, on the MythX dashboard, and choose your preferred payment plan.
You will then go to the dashboard console and choose your MythX tool of choice. The following tools are available;
For this case, we shall use Visual Studio.
So if you use VScode to build your contract, this is how you will secure your smart contract in your editor;
- Go to extensions and search for “Mythx” and click install.
- Once the installation is complete, click the settings button, then extension settings and enter your MythX access token.
See screenshot below;
You will have been provided with the API key when you chose a payment plan and paid.
Once this is complete, you are now ready to build your secure smart contract. You can use MythX both, during coding or after you have finished coding.
You will just need to right-click to your *.sol file and run Quick Mode Analysis.
The result of the analysis will be as follows;
The good thing with MythX is that it will also show you how to reproduce the bug found in your code.
If you are using other tools to develop a smart contract, including Truffle, Remix and CLI, the process will be the same.
Conclusion
MythX is a free and open-source smart contract security analyzer. It uses symbolic execution to detect a variety of security vulnerabilities. It is a cloud-based smart contract security service that seamlessly integrates into smart contract development environments and builds pipelines. It bundles multiple bleeding-edge security analysis processes into an easy-to-use API that allows anyone to create purpose-built smart contract security tools. MythX is compatible with Ethereum, Tron, Vechain, Quorum, Roostock as well as other EVM-based platforms.