Collection Updated 10 months ago

MythX

A security analysis API and service for Ethereum smart contracts.

security
testing
solidity

6

Articles
Curator
kauri
Fuzzing

An automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program.

Fuzzing Smart Contracts Using Multiple Transactions

In previous posts, we introduced Harvey , a fuzzer for Ethereum smart contracts, and presented a novel input prediction technique to improve its effectiveness. Harvey is being developed by ConsenSys Diligence in collaboration with Maria Christakis from MPI-SWS. It is one of the tools that powers the MythX analysis platform . Most real-world contracts transition through many different states (e.g., one for each user bidding during an auction or betting in a game) during their lifetime and it is c

MythX

6 min read

02 Apr 19

Fuzzing Smart Contracts Using Input Prediction

In the previous post , we discussed several approaches for automatically finding vulnerabilities in smart contracts and we introduced Harvey: a fuzzer for Ethereum smart contracts being developed by ConsenSys Diligence: Smart contract auditing , in collaboration with Maria Christakis from MPI-SWS and that will be one of the tools powering our MythX analysis platform . Grey-box fuzzers are able to achieve high code coverage even for complex code without using more expensive techniques, such as au

MythX

6 min read

02 Apr 19

Audits

Auditing the 0x Protocol v2 with ConsenSys Diligence

ConsenSys Diligence is a ConsenSys service providing audits of smart contracts and programs built off the Ethereum network. Periodically, ConsenSys Diligence will publish a summary of an audit, including weaknesses and recommendations for clients. Recently, the Diligence team completed an audit for the 0x protocol v2 upgrade. Read a recap of the team’s conclusions below. Scope The in-scope items can be divided into the following three distinct parts: Exchange: contains the bulk of the business l

MythX

3 min read

04 Apr 19

MythX is Upping the Smart Contract Security Game

Ethereum is in a dire situation. No, I’m not talking about the price of ETH. I’m talking about the prevalence of high-profile hacks that are harming trust towards decentralized applications and providing talking points for Bitcoin maximalists and blockchain skeptics. What’s especially frustrating is that most, if not all, of the recent hacks that have impeded the growth of the Ethereum ecosystem could have been prevented. Security analyzers like Mythril Classic — an open-source tool for bug hunt

MythX

5 min read

04 Apr 19

Finding Vulnerabilities in Smart Contracts

Smart contracts are increasingly complex programs that often hold and manage large amounts of assets. Getting their business logic right is challenging and developers should use tools to analyze their smart contracts before deploying them. Starting with the mother of all smart contract hacks — the infamous DAO attack — we have seen a number of high-profile hacks over the last years that resulted in tens of millions of dollars in damages. The majority of these hacks were pulled off by locating ho

MythX

7 min read

02 Apr 19

MythX is real.
MythX

3 min read

02 Apr 19

MythX is real.

myth: n: a popular belief or tradition that has grown up around something or someone, especially: one embodying the ideals and institutions of a society or segment of society ( Source ) The world of Ethereum is full of myths. Decentralization. Autonomy. Code is law. These are all tenets that we as an ecosystem have chosen to put top-of-mind in our work. There is one tenet that hasn’t had as much success: security. Smart Contracts and dApps offer countless new possibilities. With the responsibili

MythX

3 min read

02 Apr 19