Smart Contract Security Tools for Embark, Truffle, Github and Continuous Integration

0 98


Introducing the best submissions from the MythX Ethereal Hackathon.

This April, Microsoft and Gitcoin teamed up to organize the first Ethereal Virtual Hackathon. This was a great opportunity for us to kick off some bounties and introduce the MythX smart contract security API to a wider audience. We were excited to see what developers would come up with and the results didn’t disappoint! We received a total of 16 submissions and awarded a total of 5,000 Dai worth of prizes to 7 winners.

While some of the submissions are still a bit rough around the edges, they go a long way in showing the many use-cases enabled by our API. Here are some of our favorites.

MythX Plugin for Embark Framework

MythX for Embark by Sebastian Müller and Flex Dapps brings MythX security analysis to Status Embark.

From you Embark project directory, install it with npm i embark-mythx and follow the configuration instructions in the README. This adds a new “verify” console command that runs security tests on the smart contracts contained in the project. The analysis runs asynchronously in the background. When the analysis is completed, each discovered security issues is listed with line and column number, a short description, and a smart contract weakness classification ID (you can use this ID to look up more detailed desciptions in the SWC registry).

Truffle Sca2t

Truffle Sca2t (pronounced “Skärt”) by Teruhiro Tagomori of NRI Secure is a plugin for Truffle framework that assists smart contract auditors in their day-to-day workflow. Besides some other nice features, such as rendering dependency graphs, it integrates MythX in interesting and useful ways:

To top things off, the command line interface can export nice HTML and markdown reports.

GitMythX

GitMythX by Marin Petrunić (Node Factory) is a Github app for continuous integration of MythX security checks. More specifically, it analyzes the smart contracts contained in the repository on every pull request. The test passes if MythX returns no security issues. If issues are detected, the test fails and GitMythX generates an HTML report detailing the issues.

Alternatively, Kirk Ballou describes how to integrate MythX with CircleCI using the Mythos command line tool.

MythX Vulnerability Monitor

MythX Vulnerability Monitor by Belma Gutlic (Node Factory) is a web app for monitoring smart contracts deployed to the Ethereum mainnet. The app allows the user to register a smart contract address that is then periodically scanned for security issues. If a vulnerability is discovered the contract owner is alerted by email. This ensures that contract owners can react if a new vulnerability class is discovered or an upgrade to the EVM introduces a vulnerability.

Setting up the MythX Vulnerability Monitor

More Awesome MythX Tools

These are just a few of the first-generation MythX smart contract security tools and integrations. Many more are in the pipeline — including tools for other smart contract platforms such as Roostock, Tron, Quorum and Vechain. A revamped MythX website and a searchable partners & tools directory will be released soon. For now, check out the growing MythX awesome list and join our Discord server.



You might also like

Pin It on Pinterest

Share This

Share this post with your friends!

WhatsApp chat